OWASP Dublin - Feb'26 Meetup

​Join us for our 2026's first OWASP Dublin meet-up, bringing together security professionals, developers, and anyone passionate about building secure software. We'll be having two sessions in this meet-up:

​
Talk 01: Preemptive Web App & API Security Using Contextual Machine Learning Technology with open-appsec WAF

​
Speaker: Christopher Lutat
Christopher Lutat is an IT security expert with over 20 years of experience and holds a Master of Science degree in Information Systems. Since joining Check Point in 2008, he has advised major enterprise customers on all aspects of their security posture as a Senior Security Consultant. He later spent two years as a Cloud Security Expert, focusing on securing transitions to cloud and cloud-native architectures.

​Since 2022, he has served as the Product Manager for the open-source web application firewall (WAF) project open-appsec. As a speaker, Christopher has presented at several leading IT security conferences, including CERT-EU and OWASP Global AppSec.

​Talk Description
Traditional Web Application Firewalls (WAFs) rely on signature-based detection, leaving a vulnerability window between vulnerability introduction and signature deployment. In this session, we introduce a new machine learning-based approach to web application and API security that delivers true preemptive zero-day protection – without the need for signature updates. Using a recent major vulnerability as a case study, we'll demonstrate how this model, integrated with a reverse proxy via the open-source open-appsec project, can proactively prevent emerging threats as well as known attacks. Attendees will also learn how machine learning can significantly reduce false positives and operational overhead compared to conventional WAF technology.

​

Talk 02:  At Scale and in Plain Sight: Uncovering a 35,000-Domain Android Malware Campaign

​
Speaker: Stephen Doyle
Talk Description:
This talk reveals a large-scale Android malware campaign targeting Chinese citizens, driven by over 35,000 malicious domains and operating continuously for more than five months. Despite its scale, the campaign remained active by rotating infrastructure and blending into normal web traffic.
Instead of focusing on the malware itself, the session dives into the delivery infrastructure, how attackers used mass domain generation, disposable hosting, and automation to sustain a resilient, long-running operation. We’ll show how the campaign was discovered, tracked, and mapped.
Using real-world data, the talk demonstrates practical techniques such as domain clustering, web resource fingerprinting, and large-scale scanning, along with the challenges of monitoring tens of thousands of malicious endpoints in near real time.

​About OWASP Dublin: OWASP (Open Worldwide Application Security Project) is a nonprofit foundation working to improve the security of software. Our Dublin chapter runs regular meetups featuring talks, workshops, and networking. All skill levels are welcome - whether you're deep in appsec or just getting started.

​All OWASP events are free and open and follow the OWASP Code of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

Stay Connected
Chapter page: https://owasp.org/www-chapter-dublin/
Linkedin Group: https://www.linkedin.com/groups/3228848/

Interested in speaking at a future meetup? Reach out to us at vaibhav.gupta [at] owasp.org or antonio.stano [at] owasp.org