screenshot taken from: https://owasp.org/
When
Thursday, 7th May 2026, 6:00pm to 9:00pm
Where
Wolt Enterprises Deutschland GmbH, Stralauer Allee 6, Berlin, Germany
Hosting Organization
OWASP Berlin Chapter
Participation Fee
Free Entrance
Agenda
Socializing, Host Intro, Talk 1, 30-Minute-Pizza-Break, Talk 2, Talk 3, Wrap-Up & Socializing
Topics Covered
Wolt’s Bug Bounty Program, Business Model & Hiring of Security Professionals (Host Intro), Crawling the Internet for AI-Generated Apps with Serious Business Logic Failures (Talk 1), Misleading Git Histories Through Commit-Date Spoofing to Conceal Malware (Talk 2), Mieschief with Domains Like Country Code Top-Level Domain, Generic Top-Level Domain, Sponsored Top-Level Domain & Effective Top-Level Domain (Talk 3)
I’ve learned something today
- The term Open Sourcerer is a play on words combining Open Source with sorcerer. It suggests someone who not only uses open-source software, but also has the skill and creativity to shape, maintain, and advance it. An Open Sourcerer actively contributes to open-source projects and collaborates with others in public. Some do this as passionate hobbyists, while others work on open source professionally. The idea behind the term is that these individuals go beyond simply consuming code. They openly build, improve, and share software for the benefit of the wider community.
- The report “The State of Security of Vibe Coded Apps” analyzes the growing security risks associated with AI-assisted “vibe coding” platforms and documents thousands of critical vulnerabilities and leaked secrets across more than 1,400 applications. It was published by ESCAPE and illustrates how rapidly generated AI-built software can expose sensitive data and severe security weaknesses when proper safeguards are missing.
- Software engineering with GenAI evolved from workflows outside the IDE, to AI deeply integrated inside the IDE. The next stage points toward “no more IDE,” where developers increasingly interact directly with autonomous AI systems instead of traditional coding environments.
- A sitemap is a structured overview of a website that lists its URLs and content. In XML format, it helps search engines like Google crawl and index new pages more efficiently, while HTML sitemaps improve navigation for human visitors. Especially for large websites, sitemaps are an important part of technical SEO because they make content easier to discover and organize.
- Adversarial testing tries to intentionally “break” an AI model by giving it harmful, tricky, or edge-case inputs to uncover unsafe behavior, hallucinations, or policy violations before deployment. In contrast, canary testing evaluates a new model or configuration in a live production environment by exposing it to a small percentage of real users and monitoring metrics like quality, safety, privacy, and reliability before a full rollout.
- CVE-2026-3854 was a critical remote code execution vulnerability in GitHub’s backend git processing system. It allowed an authenticated attacker to compromise GitHub Enterprise Server and potentially parts of GitHub.com infrastructure using a single malicious git push command. The vulnerability was discovered by the Wiz Research Team, who used AI-assisted reverse engineering with IDA MCP to rapidly analyze GitHub’s closed-source binaries and uncover hidden trust and validation flaws across multiple internal services.
- The Wolt office in Berlin provided an excellent venue for this evening’s event:
picture taken at venue
Published:
Modified: