OWASP Morocco

Welcome

Welcome to the OWASP Our mission is to enrich Morocco’s application security community and cyber security community. We hope you can join us in accomplishing that.

Modern Society

A modern society focused on the future

Through rooted in its traditions, Morocco offers all the conveniences of modern times

Morocco is a firmly future-focused country that has succeeded in preserving its traditions and promoting its cultural heritage by harnessing them to drive development. The city of Marrakesh is a perfect example: the Medina district and its souks have an unmatched old-fashioned charm, while Guéliz and Hivernage are decked out with the most modern infrastructure and facilities. Far from being in conflict, modernity and tradition together are what makes Morocco strong.

As a visitor, you will enjoy every modern convenience and pleasure. For your accommodations, Morocco is full of hotels in every price range from the major international chains. Plus it also has the biggest international ready-to-wear shops, which are taking advantage of the ideal opportunity for positioning in a fast developing country.

Morocco is striving to avoid the pitfalls of modern life, especially when it comes to the environment, by favoring tourism practices that are respectful of the Earth and local communities. As the author of a sustainable tourism charter and host of COP22, Morocco is on the front lines to preserve our planet.

Call For Speakers

With the Morocco chapter, we aim to organize at least 6 local chapter meetings per year. If you would like to present a talk on Application Security at future OWASP Morocco Chapter events, feel free to reach out to us and let us know - we’d love to have you join us!

Upcoming Meeting/Event(s)

https://www.meetup.com/fr-FR/morocco-owasp-meetup-group/

Code of Conduct

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously.


Upcoming Event Novembre 11th, 2024: Mixed Threat Modeling using STRIDE & PAST

OWASP Morocco chapter organise une journée Threat Modeling via Teams.

Agenda:

Matinée : 9h30-13h00

9h30-9h40 : Introduction au Threat Modeling et Secure SDLC

9h40-10h30 : Threat Modeling avec la méthodologie STRIDE

10h30-11h10 : Threat Modeling avec la méthodologie PASTA

11h10-13h00 : Threat Modeling avec la méthodologie en mixant les deux méthodes

Subscription (Free)

L’accès est libre mais l’inscription est obligatoire via Eventbrite. Une personne inscrite qui ne se présente pas ne pourr pas assister à nos prochaines ateliers sauf cas de force majeure. En effet les places sont limités et toute inscription avec non présence c’est une place perdue pour d’autres.

Upcoming Event December 25th, 2024: Advanced Web Application Penetration Testing - Focus on threa OWASP TOP 10 2021 risks: SSRF, Insecure Design

OWASP Morocco chapter organise une journée Threat Modeling via Teams.

Agenda:

Matinée : 9h30-13h00

9h30-9h40 : OWASP TOP 10 2021

9h40-10h30 : OWASP TOP 10 SSRF

10h30-11h10 : OWASP TOP InSecure Design. We will speak about Post Quantum Cryptography

11h10-13h00 : OWASP TOP 10 Security Logging & Monitoring how Attack Surface Management techniques will mitigate this risk

Subscription (Free)

L’accès est libre mais l’inscription est obligatoire via Eventbrite. Une personne inscrite qui ne se présente pas ne pourr pas assister à nos prochaines ateliers sauf cas de force majeure. En effet les places sont limités et toute inscription avec non présence c’est une place perdue pour d’autres.


Past Event


Les règles d’utilisation d’Internet Les dangers d’Internet Le cyberharcèlement L’utilisation d’une messagerie Utilisation sécurisé les blogs Utilisation sécurisé des réseaux sociaux — title: upcomingevents displaytext: Upcoming Events layout: null tab: true order: 1 tags: morocco-tag



title: upcomingevents displaytext: Upcoming Events layout: null tab: true order: 1 tags: morocco-tag


title: upcomingevents displaytext: Upcoming Events layout: null tab: true order: 1 tags: morocco-tag


Upcoming Event June 21th, 2024: DevSecOps Day 2 at FST Settat

OWASP Morocco chapter organise une journée DevSecOps à la Faculté des Sciences de Settat en collaboration avec l’ISTA de Settat.

Agenda:

Matinée : 9h30-13h00

9h30-9h40 : Mot de bienvenue et d’annonce du programme de la journée

9h40-10h30 : La culture DevOps : pratiques et processus

10h30-11h10 : Les défits sécuritaires de la livraison continue

11h10-13h00 : DevSecOps : Solutions et outils (Cas de projet : OWASP secureCodeBox Project)

Après-midi: 14h00-18h00

Workshop 1: SAST & DAST

Workshop 2: SCA & IAST

.

Subscription (Free)

Access is free at FST Settat.

Upcoming Event April 25th, 2024: DevSecOps Day 1 at FST Settat

OWASP Morocco chapter organise une journée DevSecOps à la Faculté des Sciences de Settat en collaboration avec l’ISTA de Settat.

Agenda:

Matinée : 9h30-13h00

9h30-9h40 : Mot de bienvenue et d’annonce du programme de la journée

9h40-10h30 : La culture DevOps : pratiques et processus

10h30-11h10 : Les défits sécuritaires de la livraison continue

11h10-13h00 : DevSecOps : Solutions et outils (Cas de projet : OWASP secureCodeBox Project)

Après-midi: 14h00-18h00

Workshop 1: Architecture Secure by Design

Workshop 2: Security and Governance for your CI/CD pipelines

.

Subscription (Free)

Access is free at FST Settat.

Upcoming Event October 05th, 2023: Stratégie de sécurité des systèmes d’informations: Risques et Opportunités

OWASP Morocco chapter et Experts Club organise un séminaire sur réservation organisé par Groupe Le Matin en partenariat avec une société. Décliné sur une journée, un groupe d’experts internationaux et natio- naux intervient pour éclairer un public de décideurs sur une thématique précise. Au menu : des présentations théoriques et pratiques afin de répondre aux attentes des participants.

La cybercriminalité n’épargne plus aucune structure, grande ou petite, publique ou privée. Elle fonctionne sur le ciblage quotidien et structuré de dizaines de milliers d’organisations partout dans le monde.

Loin d’être des personnes isolées ou des groupuscules, des organisations criminelles structurées et à la pointe des technologie sont à la manœuvre. En 2022, les pertes liées à la cybercriminalité ont été estimées à 1.000 milliards de dollars et elles pourraient atteindre 6.000 milliards de dollars en 2023. Le Maroc n’est pas épargné.

Agenda:

Amélioration de la sécurité des SI par l’automatization de l’orchestration à l’aide de la platforme NextGen SOAR (Security Orchestration Automation and Response) Recommandations stratégiques pour une détection et réponses efficaces aux incidents cybersécurité Transformer la menace cybersécurité en avantage compétitif : recommandations straétgiques pour les dirigeants Construire votre NextGen SOC pour alimenter le pilotage des systèmes d’information avec les métriques adéquates

Upcoming Event November 24th, 2023: DevSecOps Toolchain Transformation

Program: DevSecOps Toolchain Transformation Hands-on

The DevSecOps Mindset and Salient Features

Shared Objectives Prioritizing Security Auomation Operational Insights and Threat Intelligence Holistic Security Proactive Threat Monitoring Security-as-a-Code Infrastructure-as-a-Code Improved Collaboration Developers as Security Proponents Continuous Monitoring and Auditing Defined Incident Response Here are some actions you can take to upgrade your DevOps toolchain into a DevSecOps toolchain:

  1. Learn From Others in the DevOps and DevSecOps Communities Look to the DevOps community to help close your critical knowledge gaps.

  2. Start With Your Container Security The first step to building out the security of your DevOps toolchain starts with your container security.
  3. Institute Continuous Compliance DevSecOps is a platform for continuous compliance to protect your software supply chains against vulnerable packages and vulnerable configurations.
  4. Double Down on Automation While you may have already been experimenting with automation during your DevOps phase, it only becomes more integral once you throw the switch in by going DevSecOps. Go into your DevOps to DevSecOps transformation with an automation strategy that focuses on automating common developer and sysadmin tasks.
  5. Improve Your Monitoring and Analytics Building out a DevSecOps toolchain takes your monitoring and analytics options to a new level. Consider the fact that you should already collect and publish data from your toolchain and deliver reports to your project managers, developers, QA testers, and stakeholders outside your team. Commonly, DevOps reporting is still a work in progress for organizations. Use the introduction of new security tools into your toolchain as a chance to offer more granular and real-time security reporting into all parts of your DevSecOps toolchain.
  6. Implement Accessibility Assurance Depending on your organization’s definition of compliance, the option is there to add accessibility compliance or Section 508 to your DevSecOps toolchain.

This hands-on training is reserver for 70% professional and 30% students.

Mandatory:

General Conditions in order to validate your participation to this event:

  1. Student must send University/Student ID, otherwise registration will be rejected.

2.Professional must register company emails, otherwise registration will be rejected.

Subscription (Free)

Registration only via EventBrite. We don’t accept answer via meetup.

Please indicate your firstname, lastname, company name, a valid business email or school email (email like gmai, free, hotmail, outlook, etc are not accepted and registration will be cancelled).

Please register here: https://www.eventbrite.com/e/billets-devsecops-toolchain-transformation-374188276207

Event Mode: online event and physical

Register to receive the Link.

Paset Event May 18th, 2023: DevSecOps Toolchain Transformation

Program: DevSecOps Toolchain Transformation Hands-on

La chapitre OWASP Maroc dans les locaux du Golf Royal de Casablanca une session de sensibilisation :

Les règles d’utilisation d’Internet Les dangers d’Internet Le cyberharcèlement L’utilisation d’une messagerie Utilisation sécurisé les blogs Utilisation sécurisé des réseaux sociaux Pourquoi sécuriser au maximum le mot de passe de vos comptes: email, réseau sociaux, etc ? Choisir un mot de passe robuste à partir d’une phrase C’est quoi le PasswordLess ?

Paset Event September 23th, 2023: Design Enterprise Security Architecture with TOGAF and SABSA

Program: Design Enterprise Security Architecture with TOGAF and SABSA

TOGAF and SABSA work together. SABSA is the world’s leading security architecture framework. TOGAF is a modular enterprise architecture framework that is easily extensible to use domain best-practice. With the SABSA Institute and The Open Group Architecture Forum I created a methodlogy to use the both framework to design Secure Architecture and develop better enterprise architecture with best practice security architecture.

During this talk I will show you:

  • How think of TOGAF plus SABSA.
  • Think enterprise architecture with world-class risk and security.

Acronyms, Abbreviations, and Initialisms Short Form Full Form BOSS Business Operation Support Services CSA Cloud Security Alliance EA Enterprise Architecture SABSA Sherwood Applied Business Security Architecture

Paset Event April 12th 2022: OWASP ASVS, OWASP SKF with DGSSI

ASVS cookbook with Josh GROSSMAN and Glenn Ten Cate (OWASP)

Program

Dans le cadre du renforcement de la sécurité applicative, et dans le continuité des actions menées lors du séminaire, organisé pendant le mois de novembre 2021, se rapportant à l’évaluation de la maturité de la sécurité du cycle de vie du développement logiciel (SDLC), la Direction Générale de la Sécurité des Systèmes d’Information (DGSSI) organise, le 12 avril 2022, une action de sensibilisation qui se déroulera en ligne.

Cette action a pour objectif de présenter, par des experts de l’OWASP, le référentiel de vérification de la sécurité logicielle (document en pièce jointe) ainsi que le cadre de sécurité applicative, Framework Security Knowledge, (SKF).

Lors de cette journée, il sera aussi procédé à la présentation du modèle de test, en particulier de la sécurité, selon le référentiel ISTQB.

A cet effet, je vous invite à utiliser le lien ci-après pour compléter la procédure d’enregistrement.

https://attendee.gotowebinar.com/register/3345299733466486544

Veuillez trouver ci-après l’agenda détaillé de cette journée de sensibilisation.

Programme Intervention De 09:30 à 09:45 Mot d’ouverture DGSSI

De 09:45 à 10:00 Mot d’ouverture ADD

De 10:00 à 11:00 La qualité et le test des logiciels selon le CMTL Salima MISSOUR, Vice-présidente du CMTL Les principes fondamentaux du test des logiciels Le test logiciel, un véritable métier en pleine croissance. Q/R
De 11:00 à 12:00 Présentation du référentiel de vérification de la sécurité des applications Josh GROSSMAN Q/R & De 12:00 à 12:45 Framework SKF Glenn TEN CATE Q/R Experts OWASP

Pause (de 12:45 à 13:15)

De 13:15 à 14:00 Le test de la sécurité selon l’ISTQB : Alain RIBAULT Les objectifs du test de la sécurité ; Expert ISTQB & membre du CFTL Le processus général du test de la sécurité ;
Les facteurs humains. Q/R

De 14:00 à 14:10 Mot de clôture. DGSSI

CMTL : Comité marocain des Tests Logiciels. SKF : Security Knowledge Framework ISTQB : International Software Testing Qualifications Board. CFTL : Comité français des Tests Logiciels.

Subscription (Free)

A cet effet, je vous invite à utiliser le lien ci-après pour compléter la procédure d’enregistrement.

https://attendee.gotowebinar.com/register/3345299733466486544

Event Mode: online event

Register to receive the Link.

Past Event 04 Setptember 2021 - DevSecOps Detox - Session 2

Hand-on during 2 hours slides and demo.

Program

Nous allons discuter durant ce webinar les trois piliers fondamentaux de la méthodologie DevSecOps sont donc :

  1. L’automatisation : tout comme DevOps tourne autour de l’automatisation lors des phases de build, le concept DevSecOps se concentre sur l’automatisation de la sécurité dans ces phases. Il s’agit d’industrialiser les vérifications de sécurité en éliminant le besoin de le faire manuellement au niveau de chaque développeur.
  2. Le correspondant sécurité dans l’équipe de développeurs que l’on peut appeler aussi “champion de la sécurité”.
  3. L’outillage : les différentes approches du DevSecOps peuvent être outillées (tests, gestion de la confidentialité, modélisation des menaces, équipe de build).

Une démonstration d’une chaine DevSecOps sera faite durant ce webinar.

Subscription (Free)

Merci de s’inscire via ce lien Meetup

https://www.meetup.com/fr-FR/Morocco-OWASP-Meetup-Group/events/277376480/

Event Mode: online via Google Meet

https://meet.google.com/ukh-nkht-hoi


Past Event 15 Mai 2021 - DevSecOps Detox en collaboration avec OpenLAB Abidjan

Hand-on during 2 hours slides and demo.

Program

Nous allons discuter durant ce webinar les trois piliers fondamentaux de la méthodologie DevSecOps sont donc :

  1. L’automatisation : tout comme DevOps tourne autour de l’automatisation lors des phases de build, le concept DevSecOps se concentre sur l’automatisation de la sécurité dans ces phases. Il s’agit d’industrialiser les vérifications de sécurité en éliminant le besoin de le faire manuellement au niveau de chaque développeur.
  2. Le correspondant sécurité dans l’équipe de développeurs que l’on peut appeler aussi “champion de la sécurité”.
  3. L’outillage : les différentes approches du DevSecOps peuvent être outillées (tests, gestion de la confidentialité, modélisation des menaces, équipe de build).

Une démonstration d’une chaine DevSecOps sera faite durant ce webinar.

Subscription (Free)

Merci de s’inscire via ce lien Meetup

https://www.meetup.com/fr-FR/Morocco-OWASP-Meetup-Group/events/277376480/

Event Mode: online via Google Meet

https://meet.google.com/ukh-nkht-hoi

Upcoming Event 8th, May 2021 at 10am Morocco Time

PHP Secure Coding Section 2: Web Security Foundations

Date: Saturday 08, April 2021

Hand-on Session during 3 hours.

During 3 hours this session will teach how to secure code your web application using PHP language. We will discuss the security features in the PHP by using some framework like YII, and how this framework meet secure coding standard for PHP.

Program

Good security is vital to the health and success of any application. Unfortunately, many developers cut corners when it comes to security, either due to a lack of understanding or because implementation is too much of a hurdle. To make your Yii powered application as secure as possible, Yii has included several excellent and easy to use security features.

1. Authentication
2. Authorization
3. Working with Passwords
4. Cryptography
5. Views security
6. Auth Clients
7. Best Practices
8. Trusted proxies and headers

Subscription (Free)

https://www.meetup.com/fr-FR/Morocco-OWASP-Meetup-Group/events/277376480/

Download all materials here:

https://drive.google.com/drive/u/2/folders/1W4HOlKGZBDUOeN-6VEkTTfWOEgPP5SyU

Attention: access allowed only to the attendees during the session.

Event Mode: online

Link via Google Meet: https://meet.google.com/ukh-nkht-hoi

Upcoming Event 5th, April 2021 - Secure Coding for PHP

During 3 hours this session will teach how to secure code your web application using PHP language. We will discuss the security features in the PHP by using some framework like YII https://www.yiiframework.com/, and how this framework meet secure coding standard for PHP.

Hand-on Session during 3 hours.

Program

Good security is vital to the health and success of any application. Unfortunately, many developers cut corners when it comes to security, either due to a lack of understanding or because implementation is too much of a hurdle. To make your Yii powered application as secure as possible, Yii has included several excellent and easy to use security features.

1. Authentication
2. Authorization
3. Working with Passwords
4. Cryptography
5. Views security
6. Auth Clients
7. Best Practices
8. Trusted proxies and headers

Subscription (Free)

https://www.meetup.com/fr-FR/Morocco-OWASP-Meetup-Group/events/277246393/

Event Mode: online

Via Zoom. Link will be shared 1 hour before the event.

Past Event December 2020 - Security issues in Blockchain and crypto currency

The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just nancial transactions but virtually everything of value. Picture a spreadsheet that is duplicated thousands of times across a network of computers.

Then imagine that this network is designed to regularly update this spreadsheet and you have a basic understanding of the blockchain.

Information held on a blockchain exists as a shared and continually reconciled database. This way of using the network has many benets.

The blockchain database isn’t stored in any single location, meaning the records it keeps are truly public and easily veriable. No centralized version of this information exists for a hacker to corrupt. Hosted by millions of computers simultaneously, its data is accessible to anyone on the internet.

Architecture Talk during 2 hours.

Program

 1. Blockchain: How its work
 2. Security Features of Blockchain
 3. How cryptocurrency Works
 4. What are miners and what is their role?
 5. Properties of Crypto currency
 6. Popular Cryptocurrencies
 7. Security issues in Blockchain
 8. Security issues in Cryptocurrencies
 9. Tips for cryptocurrency holders and crypto-investors

Subscription (Free)

Please contact me at azzeddine.ramrami(at)owasp.org

Event Mode: online

Online link will be sent by email to subscribed person.

Past Event January 2021 - Android and iOS Security and Hacking

Hand-on during 1 full day.

Program

Program will published by the end of december 2020.

Subscription (Free)

Subscription will published by the end of december 2020.

Event Mode: online

Online link will be sent by email to subscribed person.

Hands-on on Zero Trus Architecture for Ivoiry Coast CISO November 2020

Our Speaker - Azzeddine RAMRAMI

Architecture Session

During this session Azzedine RAMRAMI presented the Zero Trust architecture to a panel of CISO at Ivoiry Coast country.

Hands-on on IoT Security & Hacking for EHTP School/Casablanca in October 2020

Our Speaker - Azzeddine RAMRAMI

Hands-on Description

During this session attendees lean how to hack IoT by using real PLC and Raspberry 4.

The following areas will presented:

 1. PLC programing and hacking
 2. IoT Architecture and Hacking y using Raspberry and different IoT scenarios

Hands-on on Secure Programming & Secure Coding Standards for OWASP Tunisia

Take your Ticket Here!!!

Our Speaker - Azzeddine RAMRAMI

- IBM Security - Senior Security & Network Architect
- OWASP Morocco Chapter
- OWASP AppSec Africa President
- Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM
- Professor/instructor and an expert information security development with over 22 years of 
   experience in the security, secure coding, network and telecommunication arena.
- Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH

Hands-on Description

Generally, it is much less expensive to build secure software than to correct security issues after the software package has been completed, not to mention the costs that may be associated with a security breach. We will discuss how to embed security in the SDLC and how to design a secure application architecture.

The following areas will presented:

 1. Software Security and Risk Principles Overview
 2. Secure Coding Standards for Java, C/C++
 3. Secure Coding Practices Checklist
     - Input Validation
     - Output Encoding
     - Authentication and Password Management
     - Session Management
     - Access Control
     - Cryptographic Practices
     - Error Handling and Logging
     - Data Protection
     - Communication Security
     - System Configuration
     - Database Security
     - File Management
     - Memory Management
   4. General Coding Practices & Code Quality ### Past  Event : DevSecOps Training for EGE/Paris July 5, 2020 via GotoMeeting

Past Event : Event at ENSIAS March 28/29, 2020

  • OWASP Morocco Chapter - DevSecOps training workshop
    March 28/29, 2020
  • When: Sunday 2pm, Saturday 9am
  • Where:ENSIAS Rabat/Morocco
  • Title:OWASP Morocco DevSecOps Workshop at MCSC 2020 ENSIAS
  • Have a look at our full program, bring your laptop and join us! Register here:

Past Event : Event at EHTP/Casablanca Feb 5, 2020

  • OWASP Morocco Chapter Meeting
    February 5, 2020
  • When: Wednesday, February 5th @ 08:00AM - 6:00PM
  • Where:EHTP Casablanca/Morocco
  • Title:OWASP Morocco Cyber Security dat at EHTP
  • Have a look at our full program and join us! Full Program

back to top

2020 2019 2018

2019


OWASP Morocco Chapter Meeting

When: OWASP Training Day UM6P, 27 June 2019

Where: OWASP Training Day at Mohammed VI Polytechnic University on June 27th, 2019 in Ben Guerir Marrakech/Morocco

A full training day at UP6P Bengruir Morocco.

Program: Workshop Outline: Two sessions

  • Introduction à l’OWASP: 09h00 - 09h30
  • L’état de l’art de la sécurité IoT 09h30 - 10h30
  • Secure Coding Java & .NET: 11h00 - 18h00

Program:

  • Abdessalam JAY
  • Othmane TAMAGARTI
  • Azzeddine RAMRAMI

Sponsors: Sponsor of this event: Adam Ridson https://www.adamridson.com/

Back to Top

OWASP Morocco Chapter Training Day at ONCF, February 15, 2019

When: Friday, February 15th, 9:00 al - 5:00 pm

Where: ONCF Club, Rabat/Morocco

Programs: OWASP Training Day at ONCF, 15th February 2019 in Rabat/Morocco Azzeddine RAMRAMI will run a one full day developper training on OWASP, on 15th February 2019.

OWASP Morocco Chapter members running this session:

Course Outline:

  • Introductions
  • Agenda
  • Secure Development Lifecycle (SDLC)
  • Lab: Threat Modeling
  • Principles of Secure Code
  • Authentication & Authorization
  • Lab: Access Control
  • Mini-Lab: Weak Session Identifiers
  • Session Management
  • Lab: SQL Injection
  • Lab: Cross-Site Scripting
  • Input Validation
  • Lab: SQL Injection Patching
  • Lab: Cross-Site Scripting Patching
  • Proper Encryption
  • Mini-Lab: Hash Breaking
  • Logic Flaws
  • Lab: Logic Flaw Exploitation

Speakers:

  • Azzeddine RAMRAMI
  • Abdessamad TEMMAR
  • Abdessalam EL JAY

Sponsors: Munisys

Sponsor of this event: MUNISYS (http://www.munisys.net.ma/)

Back to Top

2018


OWASP AppSec Morocco & Africa 2018

Where: November 15-16, 2018 When: Hotel Val d’Anfa, Casablanca/Morocco

Welcome to the second edition of OWASP AppSec Morocco and Africa in Casablanca, Hotel Val d’Anfa on November 15-16, 2018.

Program: See here https://2018.appsecmorocco.org/agenda/

At AppSec Morocco & Africa you can connect with over 250 security professionals in our sponsor hall. Our floor plan is designed to allow you to engage with speakers and attendees.

Thank you to the Sponsors of Appsec Morocco & Africa 2018 :

Speakers: see here

https://2018.appsecmorocco.org/speakers/

Sponsors: https://2018.appsecmorocco.org/sponsors/

Here the final list of our speakers from differents countries including Africa (Morocco and Algerie), Canada, Europe and Asia.

Back to Top


AppSec Morocco 2018 Mosquee_Hassan_II

OWASP Morocco Presentation

Scope of the board is to discuss and approve local activities, meetings and plans.

Contacts et Propositions de Présentations/Contributions

  • Azzeddine RAMRAMI et Tarik EL AOUADI sont à votre disposition si vous souhaitez des informations sur l’OWASP ainsi que sur la Sécurité des Applications Web.

Entreprises, Individuels, Monde Académique, Sponsors, Supports, tout le monde est bienvenu à l’OWASP.

Pour les Entreprises souhaitant adhérer à l’OWASP, le montant de l’adhésion annuelle de $5000 US (dont 40% est reversé au Chapitre de votre choix) est 100% déductible!

Les fonds collectés servent à organiser les meetings du Chapitre Marocain, mais aussi et surtout à construire et organiser avec vous une approche spécifique en fonction de vos souhaits (sessions de sensibilisation, meetings internes, interventions de Speakers, etc.). Tout cela peut être discuté avec le Chapitre Marocain et acté conjointement avec vous si vous souhaitez adhérer à l’OWASP.

N’hésitez pas à nous solliciter si vous souhaitez discuter d’un sujet particulier, ou si vous souhaitez effectuer une présentation lors d’un meeting du Chapitre Marocain.

Amis de la Presse écrite et du Multimédia, n’hésitez pas à faire appel à nous si vous souhaitez notre concours pour vos articles et reportages, vous êtes les bienvenus et nous en serions honorés. Nous avons nous aussi besoin de vous.

Moi et le board du Chapitre Marocain restons modestes dans notre approche, mais nous souhaitons vraiment que le Chapitre OWASP Maroc devienne un de vos contacts de référence.

Meetings 2019

February 2019 Q1/2019

OWASP Training Day at ONCF, 15th February 2019 in Rabat/Morocco

Azzeddine RAMRAMI will run a one full day developper training on OWASP, on 15th February 2019.

OWASP Morocco Chapter members running this session:

Azzeddine RAMRAMI

Abdessamad TEMMAR

Abdessalam EL JAY

Location: ONCF Club

City: Rabat

Country: Morocco

Course Outline:

  • 1)        Introductions
  • 2)        Agenda
  • 3)        Secure Development Lifecycle (SDLC)
  • 4)        Lab: Threat Modeling
  • 5)        Principles of Secure Code
  • 6)        Authentication & Authorization
  • 7)        Lab: Access Control
  • 8)        Mini-Lab: Weak Session Identifiers
  • 9)        Session Management
  • 10)      Lab: SQL Injection
  • 11)      Lab: Cross-Site Scripting
  • 12)      Input Validation
  • 13)      Lab: SQL Injection Patching
  • 14)      Lab: Cross-Site Scripting Patching
  • 15)      Proper Encryption
  • 16)      Mini-Lab: Hash Breaking
  • 17)      Logic Flaws
  • 18)      Lab: Logic Flaw Exploitation
  • Addition Labs:
  • 19)      Other Attacks
  • 20)      Mini-Lab: XML Attacks
  • 21)      Security Hygiene
  • 22)      Final Lab: Hacking Contest

Sponsor of this event: MUNISYS (http://www.munisys.net.ma/)

June 2019 Q2/2019

OWASP Training Day at Mohammed VI Polytechnic University on June 27th, 2019 in Ben Guerir Marrakech/Morocco

Azzeddine RAMRAMI with OWASP Morocco Team will run one full day developper training on workshop OWASP, on 27th June 2019.

This session will run by Azzeddine RAMRAMI, Abdessalam ELJAI and Othmane TAGAMART.

Location: Universite Mohamed VI Bengruir

City: Ben Guerir / UM6P

AdresseMohammed VI Polytechnic University 

Lot 660, Hay Moulay Rachid Ben Guerir, 43150, Morocco

Country: Morocco

Workshop Outline: Two sessions

  • Introduction à l’OWASP: Abdessalam JAY                                                                                                                09h00 - 09h30 
  • L’état de l’art de la sécurité IoT: Othmane TAMAGARTI                                                                                            09h30 - 10h30  
  • Pause café                                                                                                                                                                 10h30 - 11h00 
  • Secure Coding Java & .NET with OWASP TOP 10 2017 Part 1: Azzeddine RAMRAMI & Othmane TAMAGART   11h00 - 13h00 
  • Pause déjeuner                                                                                                                                                          13h00 - 14h00 
  • Secure Coding Java & .NET with OWASP TOP 10 2017 Part 2: Azzeddine RAMRAMI & Othmane TAMAGART   14h00 - 16h00   
  • Pause café                                                                                                                                                                 16h00 - 16h30 
  • Secure Coding Java & .NET with OWASP TOP 10 2017 Part 3: Azzeddine RAMRAMI & Othmane TAMAGART   16h30 - 18h00  

**Contact to subscription: Azzeddine RAMRAMI **https://www.owasp.org/index.php/Morocco#tab=Meetings_2019

Sponsor of this event: Adam Ridson

Past Meeting Meetings 2018

Welcome to the second edition of OWASP AppSec Morocco and Africa in Casablanca, Hotel Val d’Anfa on November 15-16, 2018.

https://2018.appsecmorocco.org/agenda/

At AppSec Morocco & Africa you can connect with over 250 security professionals in our sponsor hall. Our floor plan is designed to allow you to engage with speakers and attendees.

Thank you to the Sponsors of Appsec Morocco & Africa 2018 :

https://2018.appsecmorocco.org/sponsors/

Here the final list of our speakers from differents countries including Africa (Morocco and Algerie), Canada, Europe and Asia.

https://2018.appsecmorocco.org/speakers/

Meetings 2017

OWASP AppSec Africa 2017

OWASP participe à l’évènement MCSC 2017 à l’ENSIAS Rabat

Meetings 2016

OWASP participe à l’évènement MCSC 2016 à l’ENSIAS Rabat/Maroc le 14 et 15 mai 2016

J’ai le plaisir que l’OWASP Morocco Chapter participe en tant que partenaire sécurité à l’évènement MCSC 2016 à l’ENSIAS Rabat le week-end du 14 au 15 mai 2015:

moroccancybersecuritychallenge.com/mcsc-2016

Je vous informe que l’OWASP intervient avec les thèmes suivants:

1. Une conference sur IOT SECURITY avec Mlle.Sanae, PhD Studnet ENSA Tétouan/OWASP Morocco Team 2. Un hands-on de 3h sur comment sécuriser une application web les outils opensource, Azzeddine RAMRAMI, OWASP Leader/IBM Security Senior Architect

Les inscriptions sont disponibles via le lien suivant:

https://goo.gl/mZuX1E

N’hésitez pas donc à s’inscrire et à inviter toute personne intéressée.

Notre sponsor pour cet events est ADAM RIDSON

http://www.adamridson.com/wp-content/uploads/2015/11/logo.001-1024x400.png

Events Sponsors

We need your help, Call for additional sponsors We need sponsors for meeting room, flight cost, hotel accomodations. Please contact the Chapter Leader on how to apply.

Chapter Meeting

Volonteer are encouraged to join OWASP Morocco Chapter. Please contact the Chapter Leader Azzeddine RAMRAMI

OWASP Moroco Local News

2015-03-14 : VINCI school at Rabat provide as with a large room for our seminars. Thanks to the President of VINCI Mr Amine RACHDI

2014-06-22 : MoroccoJUG (Morocco Java User Group) and OWASP Morocco organised a new Java Secure Coding session at Centre Eclipse Casablanca. See http://www.meetup.com/MoroccoJUG/

2012-05-02 : VINCI school at Rabat provide as with a large room for our seminars. Thanks to the President of VINCI Mr Amine RACHDI

2010-12-26 : INSEC (Information Security Club)is planing on 16th of April 2011 the first edition of “Moroccan Cyber Security Challenge”. A challenge that will gather teams from 14 engineering schools in Morocco interested to information security and assurance. OWASP will be present in this events.

2010-12-24 : First meeting preparation in Morocco in Rabat or Casablanca

2010-12-24 : Modification of Morocco Local Chapter Wiki

2010-12-24 : Azzeddine RAMRAMI is co-leader for Morocco local chapter. Welcome!

OWASP Morocco past meetings

OWASP Training Day : Web Application Security Course - Secure Coding Techniques - March 28th, 2013 - at Rabat/Morocco

  • MAIN PRESENTERS: Azzeddine RAMRAMI: OWASP Leader
  • ABSTRACT: During this training class Azzeddine RAMRAMI and two other OWASP Volunteers will present a Web Application Security and Secure Coding based on Java and PHP Security, .NET Security and Web 2.0 Botnets.
  • ’'’WHEN: ‘'’March 28th, 2013
  • WHERE: VINCI Ecole Supérieure Rabat/Morocco see VINCI Ecole Supérieure Rabat

*’ 10,Rue Al Yamama (Aproximité de la gare Rabat-Ville), Rabat - Tél: 05 37 70 69 05 - E-mail: [email protected] *’

  • REGISTRATION:

At AXEL TELECOM (Axel Telecom) or at VINCI (VINCI Ecole Supérieure)

  • FEES: Course is free of charge. Nb of seat limited to 25 per class
  • SPONSORS: Sponsor are welcome to support this event, please contact the Chapter Leader Azzeddine RAMRAMI
  • AGENDA: OWASP Seminars
  • ———————————————–
  • Opening Session : OWASP Presentation and Introduction - 9:30am to 10am - Seat : No Limit
  • Session 1: Secure Coding Technique - Technical Course - 10am to 5pm - Seat : 25
  • Session 2: Resilient C\&C Botnets Using Web 2.0 Technologies - Presentation, PoC and Demo - 10am to 5pm - Seat : 25
  • Session 3: Secure Coding Cryptograhy Crash Course - Theory 10am à 12am - Seat : 25
  • Session 3: Secure Coding Cryptograhy Crash Course - Hands-On 2pm à 5pm - Seat : 25
  • ———————————————–
  • Optional: Please BYOD if you want to participate to PoC, Hands-on and Demo

OWASP Training Day : Web Application Security Course - Secure Coding Techniques - March 28th, 2013 - at Rabat/Morocco

  • MAIN PRESENTERS: Azzeddine RAMRAMI: OWASP Leader
  • ABSTRACT: During this training class Azzeddine RAMRAMI and two other OWASP Volunteers will present a Web Application Security and Secure Coding based on Java and PHP Security, .NET Security and Web 2.0 Botnets.
  • ’'’WHEN: ‘'’March 28th, 2013
  • WHERE: VINCI Ecole Supérieure Rabat/Morocco see VINCI Ecole Supérieure Rabat

*’ 10,Rue Al Yamama (Aproximité de la gare Rabat-Ville), Rabat - Tél: 05 37 70 69 05 - E-mail: [email protected] *’

  • REGISTRATION:

At AXEL TELECOM (Axel Telecom) or at VINCI (VINCI Ecole Supérieure)

  • FEES: Course is free of charge. Nb of seat limited to 25 per class
  • SPONSORS: Sponsor are welcome to support this event, please contact the Chapter Leader Azzeddine RAMRAMI
  • AGENDA: OWASP Seminars
  • ———————————————–
  • Opening Session : OWASP Presentation and Introduction - 9:30am to 10am - Seat : No Limit
  • Session 1: Secure Coding Technique - Technical Course - 10am to 5pm - Seat : 25
  • Session 2: Resilient C\&C Botnets Using Web 2.0 Technologies - Presentation, PoC and Demo - 10am to 5pm - Seat : 25
  • Session 3: Secure Coding Cryptograhy Crash Course - Theory 10am à 12am - Seat : 25
  • Session 3: Secure Coding Cryptograhy Crash Course - Hands-On 2pm à 5pm - Seat : 25
  • ———————————————–
  • Optional: Please BYOD if you want to participate to PoC, Hands-on and Demo

Web Application Security Seminar - May 18th, 2012 - at VINCI School Rabat/Morocco

  • MAIN PRESENTERS: Azzeddine RAMRAMI: OWASP Leader, Hamza WARAKI: Pôle Sécurité PenTest OWASP Morocco, Tarif EL AOUADI from Lexi and Intissar from VINCI
  • ABSTRACT: During this seminars Azzeddine RAMRAMI will present a complete Architecture Security Framework to implement Web Application Security the IT landscape. Hamza WARAKI will present how to conduct an OWASP Web Application PenTesting. OWASP activity and spirit will be presented in this event.
  • ’'’WHEN: ‘'’May 18th, 2012
  • WHERE: VINCI Ecole Supérieure Rabat/Morocco see VINCI Ecole Supérieure Rabat

*’ 10,Rue Al Yamama (Aproximité de la gare Rabat-Ville), Rabat - Tél: 05 37 70 69 05 - E-mail: [email protected] *’

  • REGISTRATION:

At AXEL TELECOM (Axel Telecom) or at VINCI (VINCI Ecole Supérieure)

  • PROGRAM:

09:00-09:30 Welcome 09:30-09:45 OWASP Presentation ( Azzeddine RAMRAMI ) 09:45-10:00 Security Awarnasse ( Tarik EL AOUADI ) 10:00-10:30 OSSTMM v3.0 a PenTest Methodlogy - Overview ( Intissar EL MEZROUI ) 10:30-10:45 PAUSE 10:45-11:30 How to conduct a Web Application Pen Testing ( Hamza WARRAKI) 11:30-12:00 OWASP WebGoat & Attack Example (A virtual Hacking Environnement) (Nawfal Makdad ) 12:00-14:30 PRIERE DE VENDREDI 14:30-15:30 OWASP WebGoat & Attack Example (A virtual Hacking Environnement) (Nawfal Makdad ) 15:30-16:15 Smartphone Security (Tarik EL OUADI) 16:15-16:30 PAUSE 16:30-17:00 Smartphone Security (Tarik EL AOUADI) 17:00-17:45 Writing Secure Code : Java Principles ( Azzeddine RAMRAMI ) 17:45-18:00 Questions & Answers

  • Event Flyer : ![](OWASP_Seminar_Flyer-May_2012.pdf "File:OWASP_Seminar_Flyer-May_2012.pdf") This is the flyer of Morocco Chapter seminar. A short description of the seminar with the agenda and titles.

Resources

Morocco Cyber Security Event Virtual Machin image

To be posted after the first meeting

Downloads

Papers and Articles

NOTOC

Category:Morocco


Sponsorship Opportunities with our Chapter

The Morocco OWASP Chapter can offer your company several sponsorship opportunities. If you are interested in taking advantage of any of these opportunities, please contact Azzeddine RAMRAMI (azzeddine[dot]ramrami[at]owasp.org), the OWASP Morocco Chapter Leader.

Morocco Cyber Security Day

The Morocco OWASP Chapter organizes a quarterly Morocco Cyber Security Day event along with selected school and companies. This event has historically drawn around 100 of Morocco’s security professionals and expert for networking and more. Your sponsorship of this event includes appetizers and drinks for the attendees. Feel free to pass out business cards and network just like you would anywhere else. You’ll find no better opportunity to get your name in front of 100+ security professionals for a free access.

AppSec Morocco & Africa Security Conference (AppSec Africa) Sponsorship

The AppSec Morocco & Africa is an OWASP conference held annually in Morocco. It is a gathering of 250+ web app developers, security engineers, mobile developers and information security professionals. ApPSec is held in Morocco Casablanca or Rabar, where more Fortune 100 companies call home than any other state and it is held in Morocco which is a hub for startups in Morocco. At AppSec Morocco & Africa, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.

Being a non-profit organization, we rely mostly on sponsorships to help us provide the funding to make AppSec Morocco & Africa successful.

Become a AppSec Morocco & Africa Sponsor


OWASP Meeting Presenter Sponsorship

Although OWASP is a non-profit organization, we strive to provide our members with the best presenters we possibly can. While the Austin area has tons of security talent, sometimes it’s worthwhile to reach beyond our borders to pull in more awesome presenters. In exchange for covering travel expenses for these presenters, our chapter will provide you with 5 minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. You’ll also receive mention of being the presenter sponsor in all e-mail communications about the meeting.


Chapter Team & Organization

The chapter leadership board is as follows:

Chapter Leadership Board Member Role Responsibilities Person(s)
Chapter Leader The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair. Azzeddine RAMRAMI
Sponsor Coordinator Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, AppSec Africa, and other events. Azzeddine RAMRAMI
Tarik EL OUADI
Speaker Coordinator Seeks and schedules speakers for monthly Chapter meetings, AppSec Africa, and other events. Tarik EL OUADI
Education Coordinator Coordinates all of the Chapter-sponsored educational offerings, to include the weekly Study Group and OWASP training. Azzeddine RAMRAMI
Tarik EL OUADI
PR/Marketing Coordinator Provides marketing of AppSec Africa and other Chapter events. To be added
Membership and Project Coordinator Coordinates activities to grow individual and corporate memberships. Acts as project manager for events, such as AppSec Africa, tracking assigned tasks and reporting progress. Azzeddine RAMRAMI & Tarik EL OUADI
Events Committee All of the Chapter Leadership Coordinators are responsible for coordinating aspects of events, including the annual Morocco Application Security Conference (AppSec Africa). The Chapter Leader acts as the committee chair. Chapter Leadership Coordinators
Finance The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals. The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader. Azzeddine RAMRAMI - Primary
Tarik EL OUADI - Secondary
Advisory Board Members Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success. Azzeddine RAMRAMI
Tarik EL OUADI

back to top