OWASP Bristol

Welcome to OWASP Bristol Chapter

The Bristol Chapter located in England and we are a bunch of friendly people interested in application security. We meet up four or five times a year to discuss a whole range of security topics, always in-person but with some of our meetings being hybrid.

The OWASP Bristol Chapter is run by Craig Francis and Jon Gadsden. We are pleased to have the support of WiTCH (Women in Tech & Cyber Hub) in promoting a more diverse software security community in the South West of England.

Social media

Chapter Meetings

Typically our meetings are held in the evening and last for a couple of hours. View the schedule on the events tab for our next meeting and also for past meetings.

To register for an event please visit our Meetup page.

Speaking at OWASP Bristol Chapter Events

If you would like to present a talk on application security at a future OWASP Bristol Chapter event then that would be most welcome. All types of talks and presentations are encouraged :

  • Short / lightning talks, approximately 10 minutes on a specific subject
  • Longer talks between 30 and 45 minutes
  • Wider ranging presentation or tutorials up to an hour long

Please refer to the OWASP Speaker Agreement and then contact one of the leaders with your ideas.

Participation

The Open Worldwide Application Security Project (OWASP) is a non-profit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups and Community Slack Channel. We especially encourage diversity in all our initiatives.

OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Chapters are led by local leaders in accordance with the Chapter Leader Handbook.

Scheduled events

To register for this event, please visit our Meetup page.

Past events

A list of our previous events and presentations, and occasionally videos.

2025

  • 2025-9-30:
    • Introduction slides
    • Talk: Distributed Security Champions, Jon Gadsden - slides
  • 2025-7-15:
    • Talk: Implementing a bug bounty program, Ashley Dunn
    • Talk: Don’t tell Mum I joined up (she thinks I’m a bicycle repair man), David Greeney
  • 2025-3-25:
    • Introduction slides
    • Talk: Ship Happens: The Stormy Seas of Supply Chain Security, David Archer
    • Discussion: The human element of the supply chain, led by Illyana Mullins of WiTCH (Women in Tech & Cyber Hub)

2024

  • 2024-5-21:
    • Workshop: Interactive cyber crisis simulation, hosted by James Riley and Chris Wood at the Immersive Labs Bristol office
  • 2024-3-5:
    • Talk: OWASP Threat Dragon, Jon Gadsden - slides
    • Discussion: The Effects of our Decisions, led by Craig Francis

2023

  • 2023-11-28:
    • Talk: Integrating Threat Modeling into the SDLC, Rob Fewster - video slides
  • 2023-10-17:
    • Talk 1: Secure by Design and by Default, Chris Goff - video
    • Talk 2: Exploring Security, Dan Billing - video
    • Update: ZAP and the Software Security Project, Jon Gadsden - video slides
  • 2023-06-15:
    • Talk 1: LLM and Application Security, Chris Wood
    • Talk 2: An Introduction to scripting for Application Testers, Alex Archondakis - slides

2021 virtual meetings only

  • 2021-12-02
    • Talk: Infrastructure as Code (IaC) Misconfigurations, Ori Bendet - video
  • 2021-06-24
    • Talk: Enforcing Code Security Standards with Semgrep, Clint Gibler - video
  • 2021-06-22
    • Talk: IoT Security - Importance, threats, best practice, Ilya Kudryavtsev - video
  • 2021-03-18
    • Introduction - video
    • Discussion: is_literal(), Craig Francis - video

2020

2019

  • 2019-11-14:
    • Talk 1: Least-privilege principle of container security, Ben Meier - video
    • Talk 2: OWASP Threat Dragon: Cupcake to the rescue, Jon Gadsden - video slides
  • 2019-09-12:
    • Talk 1: Hacking into Developers’ Security Consciousness, Andra Lezza
    • Talk 2: Stranger Danger: Finding Security Vulnerabilities Before They Find You!, Siobhan Meier
  • 2019-07-07:
    • Talk 1: autom8on’s infamous stalking talk, Steve Wilson
    • Talk 2: Exploits with Scratch, Kevin Sheldrake
  • 2019-06-06:
    • Talk: Cracking HiTag2 Crypto - Weaponising Academic Attacks for Breaking and Entering, Kev Sheldrake
  • 2019-01-09: “Capture The Flag (CTF) Evening”

2018

2017

  • 2017-11-30:
    • Talk 1: Can DevSecOps Prevent the Impending Software Apocalypse?, Jeff Williams
    • Talk 2: Cookie Security - Myths and Misconceptions, David Johansson
  • 2017-11-23:
    • Talk 1: A Corporate Phishing Trip, Iain Baughen
    • Talk 2: Modern Access Management, Jonathan Scudder
  • 2017-09-28:
    • Talk 1: Website hacking, Craig Francis
    • Talk 2: Threat Modeling, Jon Gadsden - slides
  • 2017-06-22:
    • Talk 1: IoT, Ramesh Krishnasagar
    • Talk 2: Securing financial APIs, Dave Tonge
  • 2017-04-20:
    • Talk: The path of secure software, Katy Anton
  • 2017-03-09:
    • Talk: OWASP Top 10 Proactive Controls

2016

  • 2016-11-17:
    • Talk: Embedded Systems or - the Unwitting Accomplice, Jamie Riden
  • 2016-09-15:
    • Talk: How to test your software for security, Matteo Meucci
  • 2016-07-21:
    • Talk 1: OT is not IT, Vitor Jesus
    • Talk 2: Car hacking, Ken Munro
  • 2016-05-20:
    • Workshop: Threat Modelling
  • 2016-03-17:
    • Talk 1: New Era of Software with modern Application Security, Dinis Cruz
    • Talk 2: Android app security on a shoestring budget, Scott Alexander-­Bown
  • 2016-01-21:
    • Talk 1: Don’t Panic - Maintain Security in Continuous Deployments, Chris Dare
    • Talk 2: New Adventures in Security Testing, Dan Billing

2015

  • 2015-11-19:
    • Talk 1: Devops & Continuous Delivery Security, Jason Alexander
    • Talk 2: Dip Your Toes in the Sea of Security, James Titcumb
  • 2015-07-02
Watch Star