OWASP Minneapolis/St. Paul


Welcome to the OWASP chapter local to the Minneapolis / St. Paul area of Minnesota.

  • Meeting locations vary. Please reference our Meetup page for announcements.
  • Everyone is welcome to join us at our chapter meetings; security professionals, software developers, project managers, everyone!


The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a speaker at any OWASP Chapter in the world, review the speaker agreement and then contact the local chapter leader (see the right panel of this page) with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to become a member or consider a donation to support our ongoing work.

Upcoming events:


The OWASP-MSP chapter meets at least quarterly. Please see our Meetup page for the latest information. Chapter meetings are open to all!

Call for talks

If you have a talk you’d like to give, a discussion to lead, or some ideas for future talks, email the chapter leaders listed at right! You don’t have to be an OWASP member to share your experience. We’re always looking for new ideas or fresh takes on the standards.

Next scheduled meeting

Q2 2024 meeting: TBD

Meeting archive

  • 20240417: Girish Nair: GitHub Actions Security Landscape - Video - Slides - BleepingComputer Article
  • 20240306: Matt Rose: The Monsters in your Software Supply Chain - Video
  • 20231213: Zoa Buske and Nathan Larson: Software Composition Analysis - Video - Slides
  • 20231024: Andrew Carlson: Gamifying Tabletop Exercises - [No recording available due to tech issues] - PDF worksheet - Editable worksheet
  • 20230317: [Redacted]: Application Security Considerations in Offensive Operations - [No video available]
  • 20221011: Guy Levinger: Cherrybomb – API security tests in the CI pipeline - Video
  • 20220919: Sudheer Karanam: Privilege Identity & Access Management - Slides - Video
  • 20220718: Brian Reed: Pen-testing mobile apps with the OWASP MASVS - Slides - Video
  • 20220525: David Melamed: The OWASP Serverless Security Top 10 as Code - Video
  • 20220420: Himanshu Dwivedi: How to Hack an API in 15 minutes!
  • 20220323: Alex Bauert and Nathan Larson: Pen-testing, encryption, open forum
  • 20211216: Alex Bauert and Nathan Larson: The OWASP Top 10, 2021 edition - Slides
  • 20210727: Alex Bauert and Nathan Larson: SAST for a Secure Future – Today - Slides
  • 20210211: Alex Bauert, Zoa Buske, and Nathan Larson: The state of IoT security - Slides
  • 20201029: Alex Bauert, Zoa Buske, and Nathan Larson: Securing Infrastructure as Code - Slides
  • 20200227: Alex Bauert and Nathan Larson: Open forum for OWASP-MSP chapter
  • 20191203: Yan Kravchenko: Assessing Application Security Programs with SAMM 2.0
  • 20190924: John Benninghoff: Chaos engineering
  • 20190626: Alex Bauert: Open forum for OWASP-MSP chapter
  • 20190320: Chris Rasinen and Cody Bertram: The State of Application Security
  • 20190109: Tony Ramirez: Hacking Your Enterprise by Reverse Engineering Your Mobile Apps
  • 20181128: Alex Bauert: Threat Modeling
  • 20180912: Yan Kravchenko: Evolution of Application Security Programs through OWASP SAMM 2.0
  • 20180719: Eric Johnson: Secure DevOps: A Puma’s Tail
  • 20180514: Bjoern Kimminich: The OWASP Juice Shop Project
  • 20180125: Ryan Manship: Red Teaming
  • 20171026: Greg Anderson: The OWASP DefectDojo Tool Project
  • 20170928: Vishal Asthana: How Billion Dollar Enterprises Manage Application Security at Scale
  • 20170816: Yan Kravchenko: Evolution of Application Security
  • 20170420: Brian Johnson: Containers and Application Security
  • 20170316: Girish Nair: Instrumenting Software and Software Security
  • 20170215: Bob Sullivan: Full static analysis on 2 hours a month
  • 20170111: Jack Mannino: MircoServices and Security
  • 20161026: Jeremy Long: Depending on Vulnerable Libraries (OWASP Dependency-Check) - Video - Tool
  • 20160921: Dan Cornell: The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZAP: Attack Surface, Backdoors, and Configuration - Video
  • 20160824: John Benninghoff: Practical Identity Access Management: Lessons from the Field - Video
  • 20160726: Caroline Wong: Software Security and Metrics
  • 20160624: Anurag Agarwal: Practical Threat Modeling classroom
  • 20160511: George Chatzisofroniou: Evil Twin Attack with Wifiphisher - Tool
  • 20160308: Matt Tesauro: Doing App Sec at Scale
  • 20160217: David Lindner: Testing Tools for iOS Applications - Slides
  • 20160113: David Lindner: OWASP Mobile Top Ten Security Risks - Slides
  • 20150928: Jay Schulman: Why Security Needs DevOps
  • 20150718: Darren Meyer: Put Down the Megaphone: Effective Security Advocacy Without All The Shouting.
  • 20150507: Igor Matlin: Warning Ahead: Security Storms are brewing in your Javascript
  • 20150409: Gunnar Peterson and Gerry Gebel: Getting the OWASP Top Ten Right with Dynamic Authorization
  • 20150316: Kevin Nassery: Measuring Software Security Programs
  • 20111107: Gene Kim - InfoSec in the New World Order: Rugged DevOps and More - Video
  • 20090629: Cassio Goldschmidt: Tracking the Progress of an SDL Program: Lessons from the Gym - Slides