OWASP Kyiv

Logo-Owasp-Kyiv.png

About

Our supporters

Chapter meeting sponsors

These companies have demonstrated their support for Ukrainian Application Security community by funding our quarterly chapter meetings.

Linkos.png Hackenproof.png Logo_en_646x231.png Webbylab1.png Pentest-com-ua.png

Chapter meeting hosts

These companies have demonstrated their support for Ukrainian Application Security community by hosting our quarterly chapter meetings.

Ciklum.png 40848393_480954535712867_4702854138168344576_o.png Innohub.png DUT.png Evo_logo_black_1.png

How to support the chapter

If your company wishes to support the chapter, please contact Vlad Styran or Ihor Bliumental.

Who are we

OWASP Kyiv chapter was founded in 2017 by Vlad Styran and Ihor Bliumental. The chapter is run by a team of dedicated cybersecurity enthusiasts: Kyrylo Hobrenyak, Dmytro Diordiychuk, and Serhii Korolenko.

The chapter aims at holding quarterly meetups in the format of 2 practical workshops and up to 5 talks. The meetups are normally streamed online and recorded, and are followed by unofficial parties in Kyiv pubs.

How to find us

Follow our news and announcements on social media: Facebook, Twitter & Telegram

Find us on the semi-official OWASP Slack channel (you have to register first)

Watch recordings of our previous events YouTube

Join the chapter Mailing List or browse the Archives

Future Events

Become a Speaker

Call For Speakers at OWASP Kyiv events is permanently open. If you want to present at future events, review and agree with the OWASP Speaker Agreement and check for upcoming events at https://cfp.owaspukraine.org, or simply send the title and abstract of your talk and speaker bio to Vlad Styran or Ihor Bliumental.

Become a Sponsor

To sponsor an OWASP Kyiv event, contact Vlad Styran or Ihor Bliumental.

We don’t have any special sponsorship package, however the sponsoring organization or individual will receive our warm thanks and a fair amount of gratitude spread over our social media presence, placed at the chapter official web-page, and announced at the event itself.

Become a Host

To host an OWASP Kyiv event, contact Vlad Styran or Ihor Bliumental.

Venue requirements include:

  • Capacity to welcome up to 100 attendees
  • Possibility to host a lunch (paid separately by the Chapter)
  • Separate high-quality internet connection for online streaming
  • No need for additional attendee registration or providing attendee lists
  • No marketing, advertising, or hiring at the event

Announcements

Chapter Meetup Fall 2019

Hosted by Grammarly. Sponsored by Trend Micro.
Grammarly.png Trend_Micro.png

Date Nov 23 Location Grammarly Kyiv, Sportyvna Square, 1a, Kyiv, Ukraine 01601

Program

Event schedule

Past Events

2019 | 2018 | 2017

2019

Chapter Meetup Summer 2019

Hosted by EVO. Sponsored by Pentest.com.ua.
Evo_logo_black_1.png Pentest-com-ua.png

Date Aug 3, 2019 Location EVO Company 02121, Україна, м Київ, Харківське шосе, 201/203, корпус 2-А, літера Ф

Program

Event schedule

  1. “Top Mobile Applications Vulnerabilities” by Svyatoslav Login | Video
  2. Web Application Security Quiz No video
  3. Mitre ATT\&CK in Practice. Detectors, Alerting, Coverage by Den Iuzvyk | Video
  4. “How to Find Security Vulnerabilities in Python Applications?” by Andrey Shalaenko | Video
  5. “Как manual QA может протестировать проект со стороны security + XSS” by Evgeny Tolchinsky | Video
  6. Ruby Security Tips - Roman Rott | Video

Chapter Meetup Spring 2019

Hosted by Ciklum. Sponsored by WebbyLab.
Ciklum.png Webbylab1.png

Date Apr 6, 2019 Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Event schedule

  1. All about Subdomain Takeover attack - Workshop (Kostiantyn Sanduliak) | Video
  2. Overview of iOS apps security assessment - Workshop (Dmytro Diordiichuk) | Video
  3. Shooting yourself in the feet with PHP (Taras Sharkadi) | Video
  4. Your web application is vulnerable! (Dmytro Naumenko) | Video
  5. OWASP Mobile Security Testing Guide (MSTG) in Real Life (Julia Potapenko) | Video
  6. Adversarial attacks on Deep Neural Networks (Andrey Shalaenko) | Video

Chapter Meetup Winter 2019

Hosted by InnoHub Sponsored by Berezha Security
Innohub.png Logo_en_646x231.png

Date Feb 2, 2019 Location InnoHub, 6-z, Vatslava Havela Blvd, Kyiv, Ukraine, 03124

Program

Event schedule

  1. 10:00 Web Application Firewall bypass techniques - Workshop (Bohdan Lukin) | Video
  2. 11:40 Subdomain discovering as an essential part of the reconnaissance phase - Workshop (Kostiantyn Sanduliak) | Video
  3. 13:20 Introduction lstio Service Mesh (Stanislav Kolenkin) | Video
  4. 14:50 OWASP Top-10 A2: Broken Authentication (Svyatoslav Login) | Video
  5. 15:40 Email as an initial attack vector (Arthur Hil) | Video
  6. 16:30 Building SQL firewall: insights from developers (Artem Storozhuk) | Video
  7. 17:20 Application Threat Modeling (Vlad Styran) | Video

2018

Chapter Meetup Fall 2018

Hosted by MacPaw Sponsored by HackenProof
40848393_480954535712867_4702854138168344576_o.png Hackenproof.png

Date Sep 29, 2018 Location MacPaw, 81 Antonovycha Street, Kyiv, Ukraine

Program

  1. 10:00 Serhii Korolenko - XSS from zer0 to Hero (workshop) | Video
  2. 11:30 Eduard Babych - Burp Suite: from First Run to Website Hack in 60 min (workshop) | Video
  3. 12:30 Oleksii Baranovskyi - BeEF it up (workshop) | Video
  4. 14:00 Stanislav Kolenkin - How to Secure Your Kubernetes Cluster | Video
  5. 15:00 Valentin Averin - AppSec Requirements in PCI DSS | Video
  6. 16:00 Artem Tykhonov - Setting up the Setapp Bug Bounty Program | Video

Chapter Meetup Summer 2018

Hosted by Ciklum. Sponsored by Linkos Group.
Ciklum.png Linkos.png

Date Jul 14, 2018 Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

  1. Stanislav Kolenkin - Kubernetes Security | Video
  2. Stanislav Kolenkin - Practical Kubernetes Security (Workshop) | Video
  3. Pavlo Radchuk - Smart Contracts Security: Understanding Token Security (Workshop) | Video
  4. Ali Huseyn Aliyev - The Browser Does Not Protect You | Video
  5. Olha Pasko - Security Baseline for Incident Response | Video
  6. Yan Kravchenko - Evolution of Application Security Programs and OWASP SAMM 2.0 | Video
  7. Andriy Shalaenko - Intro to JS and Vue.js Sandbox Escape | Video

Chapter Meetup Spring 2018

Date Mar 3, 2018, Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Morning Workshops

  1. Serhii Korolenko - Crack The Hash Workshop | Video
  2. Vlad Styran - Pentesting Android Apps | Video

Afternoon Talks

  1. Vlad Styran - OWASP Kyiv 2017 Results and 2018 Plans | Slides | Video
  2. Vlada Kulish - Why So Serial? Threats to Modern Serialization Capabilities | Slides | Video
  3. Roman Borodin - ISC2 & ISACA Certifications First-hand Experience | Slides | Video
  4. Ihor Bliumental - WebSocket Security | Slides | Video
  5. Oleksii Dorogan - A Struggle to Start a Bug Bounty for a .gov.ua. | Video
  6. Yevhen Teleshyk - Phishing Threats to Cloud Users | Slides | Video

2017

Chapter Meetup Winter 2017

Date Dec 2, 2017, Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Kyrylo Hobrenyak - Bash Scripting 101 | Video
  2. Vladyslav Makalish & Ivan Berdnik - Cloud Security at AWS | Video

Afternoon Talks

  1. Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly | Video | Slides
  2. Pavel Radchuk - SAMM: Understanding Agile in Security | Video | Slides
  3. Vlad Styran - Security Economics | Video | Slides
  4. Dima Kovalenko - Modern SSL Pinning | Video | Slides
  5. Ivan Vyshnevskyi - Not So Quiet git push | Video | Slides

Photo album by Serhiy Rekun

Event writeup by Ivan Vyshnevskyi

Chapter Meetup Fall 2017

Date Sep 9, 2017 Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Vlad Styran - “Hidden” Features of the Tools We All Love | Video | Slides
  2. Ihor Bliumental - Collision CORS | Video | Slides

Afternoon Talks

  1. Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017 | Video | Slides
  2. Lidiia ‘Alice’ Skalytska - Security Checklist for Web Developers | Video | Slides
  3. Volodymyr Ilibman - Close look at Nyetya investigation | Video | Slides
  4. Viktor Zhora - Cyber and Geopolitics: Ukrainian factor | Video | Slides
  5. Andriy Shalaenko - GO security tips | Video | Slides

Photo album by Serhiy Rekun

Chapter Kick-off Meeting

Date May 27, 2017 Location Smartworking “SAD”, 3, Oleksandra Dovzhenka str., Kyiv, Ukraine, 03057

Program

  1. Vlad Styran - Chapter Introduction and the 2017 Plan.
  2. Ihor Bliumental - Is there life outside OWASP Top-10? Real-life bugs that didn’t make the list (yet) | Video | Slides
  3. Roman Rott - Ruby for Pentesters | Video | Slides
  4. Taras Bobalo - Application Security automation with DevOps tools and Clouds | Video | Slides
  5. Tim Karpinsky - OpSec! Not the PoopSec

NOTOC

Category:OWASP Chapter Category:Ukraine

Our supporters

Chapter meeting sponsors

These companies have demonstrated their support for Ukrainian Application Security community by funding our quarterly chapter meetings.

Berezha Security Trend Micro Pentest.com.ua WebbyLab HackenProof Linkos Group Raiffeisen Bank Aval

Chapter meeting hosts

These companies have demonstrated their support for Ukrainian Application Security community by hosting our quarterly chapter meetings.

Державний Університет Телекомунікацій Grammarly EVO Ciklum InnoHub MacPaw

Chapter Online Meetup Spring 2021

Hosted by Zoom Partner: Raiffeisen Bank Aval
Zoom Pentest.com.ua

Date April 24th, 2021

Program

Event schedule

  1. “A9:Using Components with Known Vulnerabilities?” by Svyat Login | Video
  2. “Information security academic minors in modern Ukrainian higher education” by Trokhym Babych | Video
  3. “Responsible disclosure: it’s not all about the money” by Carlo Di Dato | Video

Chapter Online Meetup Winter 2021

Hosted by Zoom Partner: Pentest.com.ua
Zoom Pentest.com.ua

Date February 27th, 2021

Program

Event schedule

  1. “AppSec vs Pentest vs Audit vs Assessment: В чому різниця і чому це важливо?” by Vlad Styran | Video
  2. “Web-security technologies (SOP, CORS, CSP)” by Oleksii Kyseliov | Video
  3. “Android application dynamic analysis” by Michael Burlin | Video
  4. “Ansible 101: For fun and profit” (Workshop) by Kyrylo Hobreniak | Video

OWASP Ukraine Online Meetup 2020

Date Deember 5th, 2020

Program

Event schedule

  1. “React Native Security: Addressing Typical Mistakes” by Julia Potapenko | Video
  2. “Безпека додатку Дія - “Оскар” чи “Золота малина”” by Константин Корсун | Video
  3. “OAuth2.0: What? Where? When?” by Anatolii Bereziuk | Video
  4. “OWASP JuicyShop Workshop” (Workshop) by Serhii Korolenko & Eduard Kiiko & Oksana Safronova | Video
  5. “Leveraging the crowd power to regain faith in Internet’s zero trust architecture” by Philippe Humeau | Video
  6. “Serverless security: attack & defense” by Pawel Rzepa | Video
  7. “6 digit OTP for 2FA is brute-forceable in 3 days + OTP Lottery” by Maksym Khramov & Serhii Korolenko | Video

Chapter Webinars 2020

  1. “Threat Modeling with OWASP Threat Dragon by Vlad Styran“ Video
  2. “Security Misconfiguration на прикладі Unauthorized Database Access“ by Serhii Korolenko Video
  3. “Типові атаки на Active Directory та як їх уникнути в один клік“ by Кирило Гобреняк Video
  4. “Software Supply Chain Security та компоненти з відомими вразливостями“ by Ігор Блюменталь Video
  5. “Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite“ by Анатолій Березюк Video
  6. “Is there a penetration testing within PCI DSS certification?“ by Dmytro Diordiychuk Video
  7. “Debate on Pentest & AppSec – Blue Team vs. Red Team Perspective“ by Yevgen Balyutov, Andrii Garaschuk, Igor Beliaiev, Vlad Styran Video

Chapter Online Meetup Spring 2020

Hosted by Zoom Partner: Berezha Security
Zoom Berezha Security

Date April 25th, 2020

Program

Event schedule

  1. “AppSec vs Pentest vs Audit vs Assessment: В чому різниця і чому це важливо?” by Vlad Styran | Video
  2. “Web-security technologies (SOP, CORS, CSP)” by Oleksii Kyseliov | Video
  3. “Android application dynamic analysis” by Michael Burlin | Video
  4. “Ansible 101: For fun and profit” (Workshop) by Kyrylo Hobreniak | Video
  5. “OWASP Kyiv QUIZ” by Serhii Korolenko

Chapter Meetup Winter 2020

Hosted by Державний Університет Телекомунікацій Partner: Trend Micro
DUT Trend Micro

Date Feb 29, 2020

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Event schedule

  1. “Продвинутая разведка в сети” by Daniel Matviyiv | Video
  2. “Role of API testing in Android App Pentest” by Andrii Panasiuk | Video
  3. “ЯК пофіксити Х вразливостей, Y з яких критичні, за Z днів” by Viktoriia Tsyhak | Video
  4. “What is wrong with your apps” by Volodymyr Nevmerzhytskyi | Video
  5. “360 View of XSS” by Svyatoslav Login | Video
  6. “Simple lockpicking” by Alex Shmelev | Video
  7. “AppSec Quiz”

2019

Chapter Meetup Fall 2019

Hosted by Grammarly. Partner: Trend Micro.
Grammarly Trend Micro

Date Nov. 23, 2019

Location Grammarly 02121, Україна, м Київ, Харківське шосе, 201/203, корпус 2-А, літера Ф

Program

Event schedule

  1. “Cilium - Network Security for Microservices. Let’s See How It Works with Istio“ by Stanislav Kolenkin | Video
  2. “Quarantine Nights: exploiting macOS File Quarantine in popular apps“ by Vladimir Metnew | Video
  3. “Injections - 4 Ways of Penetration” by Evgeny Tolchinsky | Video
  4. “Pentest Expectations” by Ihor uZ | Video
  5. “Hacktoberfest та open-source” by Mykhailo Pazyniuk | Video
  6. “Basic Ideas of OSINT and Why It Is Useful” by Nadia Klymenko | Video
  7. “AppSec Quiz“ by Serhii Korolenko

Chapter Meetup Summer 2019

Hosted by EVO. Partner: Pentest.com.ua.
Evo pentest.com.ua

Date Aug 3, 2019

Location EVO Company 02121, Україна, м Київ, Харківське шосе, 201/203, корпус 2-А, літера Ф

Program

Event schedule

  1. “Top Mobile Applications Vulnerabilities” by Svyatoslav Login | Video
  2. Web Application Security Quiz | No video
  3. Mitre ATT\&CK in Practice. Detectors, Alerting, Coverage by Den Iuzvyk | Video
  4. “How to Find Security Vulnerabilities in Python Applications?” by Andrey Shalaenko | Video
  5. “Как manual QA может протестировать проект со стороны security + XSS” by Evgeny Tolchinsky | Video
  6. Ruby Security Tips - Roman Rott | Video

Chapter Meetup Spring 2019

Hosted by Ciklum. Partner: WebbyLab.
Ciklum Webbylab

Date Apr 6, 2019

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Event schedule

  1. All about Subdomain Takeover attack - Workshop (Kostiantyn Sanduliak) | Video
  2. Overview of iOS apps security assessment - Workshop (Dmytro Diordiichuk) | Video
  3. Shooting yourself in the feet with PHP (Taras Sharkadi) | Video
  4. Your web application is vulnerable! (Dmytro Naumenko) | Video
  5. OWASP Mobile Security Testing Guide (MSTG) in Real Life (Julia Potapenko) | Video
  6. Adversarial attacks on Deep Neural Networks (Andrey Shalaenko) | Video

Chapter Meetup Winter 2019

Hosted by InnoHub Partner: Berezha Security
Innohub Berezha Security

Date Feb 2, 2019

Location InnoHub, 6-z, Vatslava Havela Blvd, Kyiv, Ukraine, 03124

Program

Event schedule

  1. 10:00 Web Application Firewall bypass techniques - Workshop (Bohdan Lukin) | Video
  2. 11:40 Subdomain discovering as an essential part of the reconnaissance phase - Workshop (Kostiantyn Sanduliak) | Video
  3. 13:20 Introduction lstio Service Mesh (Stanislav Kolenkin) | Video
  4. 14:50 OWASP Top-10 A2: Broken Authentication (Svyatoslav Login) | Video
  5. 15:40 Email as an initial attack vector (Arthur Hil) | Video
  6. 16:30 Building SQL firewall: insights from developers (Artem Storozhuk) | Video
  7. 17:20 Application Threat Modeling (Vlad Styran) | Video

2018

Chapter Meetup Fall 2018

Hosted by MacPaw Partner: HackenProof
MacPaw HackenProof

Date Sep 29, 2018

Location MacPaw, 81 Antonovycha Street, Kyiv, Ukraine

Program

  1. 10:00 Serhii Korolenko - XSS from zer0 to Hero (workshop) | Video
  2. 11:30 Eduard Babych - Burp Suite: from First Run to Website Hack in 60 min (workshop) | Video
  3. 12:30 Oleksii Baranovskyi - BeEF it up (workshop) | Video
  4. 14:00 Stanislav Kolenkin - How to Secure Your Kubernetes Cluster | Video
  5. 15:00 Valentin Averin - AppSec Requirements in PCI DSS | Video
  6. 16:00 Artem Tykhonov - Setting up the Setapp Bug Bounty Program | Video

Chapter Meetup Summer 2018

Hosted by Ciklum. Partner: Linkos Group.
Ciklum Linkos Group

Date Jul 14, 2018

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

  1. Stanislav Kolenkin - Kubernetes Security | Video
  2. Stanislav Kolenkin - Practical Kubernetes Security (Workshop) | Video
  3. Pavlo Radchuk - Smart Contracts Security: Understanding Token Security (Workshop) | Video
  4. Ali Huseyn Aliyev - The Browser Does Not Protect You | Video
  5. Olha Pasko - Security Baseline for Incident Response | Video
  6. Yan Kravchenko - Evolution of Application Security Programs and OWASP SAMM 2.0 | Video
  7. Andriy Shalaenko - Intro to JS and Vue.js Sandbox Escape | Video

Chapter Meetup Spring 2018

Date Mar 3, 2018,

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Morning Workshops

  1. Serhii Korolenko - Crack The Hash Workshop | Video
  2. Vlad Styran - Pentesting Android Apps | Video

Afternoon Talks

  1. Vlad Styran - OWASP Kyiv 2017 Results and 2018 Plans | Slides | Video
  2. Vlada Kulish - Why So Serial? Threats to Modern Serialization Capabilities | Slides | Video
  3. Roman Borodin - ISC2 & ISACA Certifications First-hand Experience | Slides | Video
  4. Ihor Bliumental - WebSocket Security | Slides | Video
  5. Oleksii Dorogan - A Struggle to Start a Bug Bounty for a .gov.ua. | Video
  6. Yevhen Teleshyk - Phishing Threats to Cloud Users | Slides | Video

2017

Chapter Meetup Winter 2017

Date Dec 2, 2017

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Kyrylo Hobrenyak - Bash Scripting 101 | Video
  2. Vladyslav Makalish & Ivan Berdnik - Cloud Security at AWS | Video

Afternoon Talks

  1. Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly | Video | Slides
  2. Pavel Radchuk - SAMM: Understanding Agile in Security | Video | Slides
  3. Vlad Styran - Security Economics | Video | Slides
  4. Dima Kovalenko - Modern SSL Pinning | Video | Slides
  5. Ivan Vyshnevskyi - Not So Quiet git push | Video | Slides

Photo album by Serhiy Rekun

Event writeup by Ivan Vyshnevskyi

Chapter Meetup Fall 2017

Date Sep 9, 2017

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Vlad Styran - “Hidden” Features of the Tools We All Love | Video | Slides
  2. Ihor Bliumental - Collision CORS | Video | Slides

Afternoon Talks

  1. Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017 | Video | Slides
  2. Lidiia ‘Alice’ Skalytska - Security Checklist for Web Developers | Video | Slides
  3. Volodymyr Ilibman - Close look at Nyetya investigation | Video | Slides
  4. Viktor Zhora - Cyber and Geopolitics: Ukrainian factor | Video | Slides
  5. Andriy Shalaenko - GO security tips | Video | Slides

Photo album by Serhiy Rekun

Chapter Kick-off Meeting

Date May 27

2017 Location Smartworking “SAD”, 3, Oleksandra Dovzhenka str., Kyiv, Ukraine, 03057

Program

  1. Vlad Styran - Chapter Introduction and the 2017 Plan.
  2. Ihor Bliumental - Is there life outside OWASP Top-10? Real-life bugs that didn’t make the list (yet) | Video | Slides
  3. Roman Rott - Ruby for Pentesters | Video | Slides
  4. Taras Bobalo - Application Security automation with DevOps tools and Clouds | Video | Slides
  5. Tim Karpinsky - OpSec! Not the PoopSec
Watch Star