OWASP New Zealand

OWASP New Zealand

Welcome to the OWASP New Zealand Chapter home page.

The OWASP New Zealand Chapter has been active since 2007. In addition to supporting and participating in the annual AppSec New Zealand Conference, we organise local Meetups and training events throughout the year.

The primary Meetup leaders are Austin Chamberlain (Auckland), Pete Nicholls (Christchurch), John DiLeo (Hamilton), and Matt Cotterell (Wellington).

State of AppSec in New Zealand - 2022

In early 2022, a group of volunteers created the inaugural State of AppSec in New Zealand Survey, to gain first-hand information from New Zealand organisations that develop and/or use software (i.e., all of them), regarding how they manage, fund, and prioritise the security of the applications they build and use.

2022 State of AppSec in New Zealand Survey Report

The Survey Report is Copyright © OWASP Foundation, Inc., 2023, and is published under the Creative Commons Attribution-Share Alike 4.0 International (CC BY-SA 4.0) license.

Upcoming Events

Upcoming Events in Auckland:

1-5 September 2025: OWASP Global AppSec-Auckland

  • Sir Owen G. Glenn Building, University of Auckland
  • Two-day conference, with multiple tracks, on Thursday and Friday, 4-5 September
  • Pre-Conference Training, Monday - Wednesday, 1-3 September

Tuesday, 19 November: Auckland Meetup

Host: Austin Chamberlain
Top Ten 2021 Topic: A05:2021 - Security Misconfiguration
Technical Presentation: TBC
Location: The Corner Store, 25 Mount Eden Road Google Maps
Time: Doors open at 6:00 p.m.; Presentations start at 6:30 p.m.


Upcoming Events in Hamilton:

Tuesday, 19 November: Hamilton Meetup

Host: John DiLeo
Top Ten 2021 Topic: A03:2021 - Injection
Technical Presentation: The Endlessly Singing Canaries - Will and Taylor
Location: LIC (Livestock Improvement Corporation), 605 Ruakura Road, Newstead, Hamilton Google Maps
Time: Doors open at 6:00 p.m.; Presentations start at 6:30 p.m.


Upcoming Meetup Events in Christchurch:

Wellington Events


Keeping in Touch

Some Global OWASP Resources:

Call For Speakers

Our Call For Speakers is always open. If you would like to present a talk relevant to Application Security at a future OWASP New Zealand Chapter Meetup, review the speaker agreement and send your proposed talk title, abstract, and a brief speaker bio to the Chapter Leader(s) in the city(ies) where you’d like to present.

Call for Organisers

OWASP New Zealand currently has active Meetups in three cities - Auckland, Hamilton, and Christchurch. If you’re interested in helping organise one of our Meetups, please contact the Chapter Leader in that city.

If you are located in another New Zealand city (especially Wellington), and would be willing and able to host a Meetup there (at least four times per year), then we’d love to hear from you.

The OWASP New Zealand Board

We are always looking for additional board members to evangelise OWASP and its mission, and to help with meetings, projects, and initiatives. As we all know, it takes lots of time and effort to run a chapter. Please contact us if you are interested in joining the OWASP New Zealand board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to the OWASP New Zealand Chapter.

OWASP Statement on Participation

The Open Web Application Security Project (OWASP) - managed by the non-profit OWASP Foundation - works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorised online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Workspace. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.


Past Events

2024

Tuesday, 17 September: Auckland Meetup

Host: Austin Chamberlain
Top Ten 2021 Topic: A04:2021 - Insecure Design
Technical Presentation: How Many Mistakes Can You Make with One Web App? - Austin Chamberlain
Location: The Corner Store, 25 Mount Eden Road


Tuesday, 17 September: Hamilton Meetup

Host: John DiLeo
Top Ten 2021 Topic: A02:2021 - Cryptographic Failures
Technical Presentation: Baking Security In: An AppSec ‘critical path’ for developers - John DiLeo
Location: Gallagher World Headquarters, 181 Kahikatea Drive
Time: 6:15 p.m.
————-

3-6 September 2024: Fourteenth OWASP New Zealand Day

OWASP New Zealand Day 2024 - Auckland University of Technology (AUT) City Campus

  • Two-day conference, with two tracks, on Thursday and Friday, 5-6 September
  • Pre-Conference Training, Tuesday and Wednesday, 3-4 September

Tuesday, 16 July: Auckland Meetup

Host: Austin Chamberlain
Top Ten 2021 Topic: A03:2021 - Injection
Technical Presentation: TBC
Location: The Corner Store, 25 Mount Eden Road
Time: 6:30 p.m.


Tuesday, 16 July: Inaugural Hamilton Meetup

Host: John DiLeo
Discussion: Introduction to OWASP and our plan for the new Hamilton Meetup
Location: Gallagher World Headquarters, 181 Kahikatea Drive
Time: 6:30 p.m.


Saturday, 15 June: OWASP Training Day-Auckland

Classes Offered:

  • Assess and Improve Your AppSec Program using OWASP SAMM - John DiLeo
  • Like ISO/IEC 27001, but Backwards - Stephen Coates

Location: 2Degrees Head Office (Level 2/136 Fanshawe Street, Auckland)
Time: 8:45 a.m. - 5:30 p.m.


Tuesday, 21 May: Auckland Meetup

Top Ten Topic: A02:2021 - Cryptographic Failures - John DiLeo (@gr4ybeard)
Technical Presentation: Listeners’ Choice
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.


Tuesday, 12 March: Auckland Meetup

Top Ten Topic: A01:2021 - Broken Access Control - John DiLeo (@gr4ybeard)
Technical Presentation: OWASP SAMM - Overview and Update
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.


Saturday, 27 January: OWASP Training Day-Hamilton

Classes Offered:

  • Threat Modelling: From none to done - John DiLeo
  • Like ISO/IEC 27001, but Backwards - Stephen Coates

Location: Gallagher World Headquarters (181 Kahikatea Drive, Hamilton)
Time: 8:45 a.m. - 5:30 p.m.


2023

21 November: Auckland Meetup

Top Ten Topic: A10:2021 - Server-Side Request Forgery (SSRF) - John DiLeo (@gr4ybeard)
Technical Presentation: Creating Test Cases for Security Features - John DiLeo, IriusRisk
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.


Saturday, 11 November: OWASP Training Day-Dunedin

Class Offered: Threat Modelling: From none to done - John DiLeo
Location: MTF Finance National Office (Level 1/98 Great King Street)
Time: 8:45 a.m. - 5:30 p.m.


13 September: Auckland Meetup

Top Ten Topic: A09:2021 - Security Logging and Monitoring Failures - John DiLeo
Technical Presentation: Listeners’ Choice - John DiLeo
Location: B:HIVE (72 Taharoto Road, Takapuna)
Time: 6:30 p.m.


11 July: Auckland Meetup

Top Ten Topic: A08:2021 - Software and Data Integrity Failures - John DiLeo
Discussion: Retrospective on OWASP New Zealand Day 2023
Location: Jubilee Building (545 Parnell Road)
Time: 6:30 p.m.


Tuesday-Friday, 4-7 July: Thirteenth OWASP New Zealand Day

OWASP NZ Day - Web Banner

OWASP New Zealand Day 2023 - Auckland University of Technology (AUT) City Campus

  • Two-day conference, with two tracks, on Thursday and Friday, 6-7 July
  • Pre-Conference Training, Tuesday and Wednesday, 4-5 July - Six (6) classes presented

9 May: Auckland Meetup

Top Ten Topic: A07:2021 - Identification and Authentication Failures - John DiLeo (@gr4ybeard)
Technical Presentation: Let’s Talk about Threat Modelling - John DiLeo, IriusRisk
Location: B:HIVE (72 Taharoto Road, Takapuna)
Time: 6:30 p.m.

Let’s Talk about Threat Modelling
Abstract: John provided an update on his general thoughts about threat modelling as a source of Security Requirements for applications, how development teams can integrate threat modelling into their BAU practices, and the tool landscape.


Tuesday, 14 March: Auckland Meetup

Top Ten Topic: A06:2021 - Vulnerable and Outdated Components - John DiLeo
Technical Presentation: Networking Security for Application Developers - Ruskin Dantra and Ryan Tan, AWS
Location: AWS, Level 13, Commercial Bay (7 Queen Street)
Time: 6:30 p.m.

Networking Security for Application Developers
Abstract:
Microservices are an integral part of modern application development. As we increasingly adopt distributed services, securing communication between them is crucial.
In this talk, you will discover how to strengthen your application network security at multiple layers and achieve continuous compliance visibility. By implementing these practices, you can mitigate potential security risks and ensure the safety and privacy of your users’ data.


2022

Tuesday, 8 November: Auckland Meetup

Top Ten Topic: A05:2021 - Security Misconfiguration - John DiLeo (@gr4ybeard, LinkedIn)
Location: Les Mills (43 Sale Street, Auckland CBD)
Time: 6:30 p.m. (doors open at 6:00)


Saturday, 24 September: security.ac.nz 2022

<a href="https://security.ac.nz>Logo - Security.ac.nz</a>

security.ac.nz 2022 - Owen G. Glenn Building, University of Auckland

  • One-day, FREE, student-focused conference - Saturday, 24 September

Wednesday, 21 September: Auckland Meetup

Top Ten Topic: A04:2021 - Insecure Design - John DiLeo (@gr4ybeard, LinkedIn)
Technical Presentation: Unicode Security: How Emojis Can Be Bad for AppSec - Dr. Pedram Hayati, Founder, SecTalks.org and SecDim.com (LinkedIn)
Location: Westpac New Zealand (16 Takutai Square, Auckland CBD)
Time: 6:30 p.m.


Wednesday, 24 August: Christchurch Meetup

Technical Presentation: The New Top 10 Web App Security Risks - Kevin Alcock, Datacom (@kevinnz, LinkedIn)
Location: Inde Technology (175 Roydvale Avenue, Burnside, Christchurch)
Time: 7:00 p.m.

The New Top 10 Web AppSecurity Risks
Abstract:

All web app developers should know the OWASP Top 10 – a list of the biggest cybersecurity concerns that commonly appear in web applications.

Every few years, the list is updated based on feedback from the community, observations in the wild, and changes to the threat landscape.

The list was recently updated, and in this talk, Kevin will run us through those changes and help us to build (or break) modern web applications.


Tuesday-Friday, 5-8 July: Twelfth OWASP New Zealand Day

OWASP NZ Day - Web Banner

OWASP New Zealand Day 2022 - Auckland University of Technology (AUT) City Campus

  • Two-day conference, with two tracks, on Thursday and Friday, 7-8 July
  • Pre-Conference Training, Tuesday and Wednesday, 5-6 July - Five (5) classes presented

Monday, 20 June: Wellington Meetup

Presentation: OWASP Top 10 Overview - Kirk Jackson
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.


2021

Tuesday, 9 November: Auckland Meetup

Presentation: Leveraging OWASP Resources in Your AppSec Programme - John DiLeo
Location: Zoom Meeting
Time: 6:30 p.m.


Tuesday, 14 September: Auckland Meetup

Presentation: OWASP Top 10 Update (2021 Edition) - John DiLeo
Location: Zoom Meeting
Time: 6:30 p.m.


Monday, 9 August: Wellington Meetup

Presentation: DDos: How can something so cheap be so expensive? - Jerome Van Rooijen, RedShield
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.


Tuesday, 13 July: Auckland Meetup

Top Ten Topic: A4:2017 - XML External Entity (XXE) - John DiLeo (@gr4ybeard)
Technical Presentation: Hacking JSON Web Tokens - Ben Dechrai, Auth0
Location: Flux Federation Head Office (Level 3/104 Fanshawe Street, Auckland CBD)
Time: 6:30 p.m.

Hacking JSON Web Tokens
Abstract:
In the world of authentication and authorisation, you might have heard of JWTs, or JSON Web Tokens, which are used to encapsulate a user’s identity, or convey information to another system that defines permissions of what can be performed.

They’re secure; they’re signed; they’re the best thing since sliced bread!

So you’ve adopted them into your applications and now feel much safer. The chances things will go wrong are slim. Right?

This talk will introduce some ways JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.


Monday, 12 July: Wellington Meetup

Presentation: XXE: Why It’s Still in the Top 10 - Sam Shute
Location: Quantum Security (10 Brandon Street, Wellington Central)
Time: 5:30 p.m.


Wednesday, 30 June: Christchurch Meetup

Presentation: Incident Response and Application Intrusion Detection - Kim Carter and Chris C.
Location: Trineo Limited (181 High Street, Christchurch Central)


Thursday, 13 May: Wellington Meetup

Panel Discussion - Getting AppSec Right, from the Beginning
Location: RedShield (Level 12/79 Boulcott treet, Wellington Central)
Time: 5:45 - 8:30 p.m.


Tuesday, 11 May: Auckland Meetup

Panel Discussion - Getting AppSec Right, from the Beginning
Location: Datacom Auckland (58 Gaunt Street, Auckland CBD)
Time: 5:45 - 8:30 p.m.


Wednesday, 31 March: Christchurch Meetup

Open Discussions:

  • COVID - What’s Changed, and Needs to Change, in InfoSec
  • Planning the Meetup’s calendar for the year

Location: Trineo Limited (181 High Street, Christchurch Central)


Monday, 15 March: Auckland Meetup

AppSec/InfoSec Games Night - Backdoors and Breaches; Elevation of Privilege (EoP), OWASP Cornucopia
Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 6:30 p.m.


Monday, 15 March: Wellington Meetup

Presentation: Federated Logins with OAuth 2, OpenID Connect, and JWTs - Matt Cotterell
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.


Wednesday-Saturday, 10-13 February: 2021 AppSec New Zealand Conference

OWASP NZ Day - Web Banner

2021 AppSec New Zealand Conference - Sir Owen G. Glenn Building, University of Auckland

  • Two-day conference, with two tracks, on Friday and Saturday, 12-13 February
  • Pre-Conference Training, Wednesday and Thursday, 10-11 February - Seven (7) classes presented

2020

Saturday, 24 October: OWASP Training Day-Wellington

Class Offered: Threat Modelling: From None to Done - John DiLeo, OWASP New Zealand
Location: RedShield (79 Boulcott Street, Wellington Central)
Time: 8:45 a.m. - 5:30 p.m.


Saturday, 10 October: OWASP Training Day-Auckland

Classes Offered:

  • A Cat, a Dog, and a Roast Turkey: What’s in Your Threat Model? - Wade Winright, Salesforce
  • Secure Your SDLC using OWASP SAMM - ASAP! - John DiLeo, OWASP New Zealand

Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 8:45 a.m. - 5:30 p.m.


Tuesday, 8 September: Auckland Meetup

Top Ten Topic: A1:2017 - Injection - John DiLeo (@gr4ybeard)
Technical Presentation: Failing Fast - Laura Bell, SafeStack (@lady_nerd)
Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD) and YouTube Live Stream
Time: 6:30 p.m.

Failing Fast: The impact of bias when speeding up application security
Abstract: There is a lot of talk these days about going faster with security, DevSecOps, and making security part of your lifecycle. In this talk, we will explore three common mistakes teams make when embracing application security at speed and how you can avoid making them.


Tuesday, 14 July: Auckland Meetup

Top Ten Topic: A10:2017 - Insufficient Logging and Monitoring - John DiLeo (@gr4ybeard)
Technical Discussion: Weaving OWASP Tools into Your AppSec Programme - John DiLeo
Location: Grid/AKL John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 6:30 p.m.


Monday, 6 April: Wellington Meetup

Presentation: Introduction to OWASP JuiceShop - Nick Malcolm (@nickmalcolm, LinkedIn)
Location: Online Event
Time: 6:00 p.m.

Introduction to OWASP JuiceShop
Abstract:

OWASP Juice Shop 101 (YouTube)

From the Juice Shop website: “OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!”

JuiceShop Project Page (OWASP.org)

We hope that you are keeping safe, and that this topic might inspire you to try out the Juice Shop and search for vulnerabilities.


Tuesday, 10 March: Auckland Meetup

Top Ten Topic: A7:2017 - Cross-Site Scripting (XSS) - John DiLeo Technical Discussion: “Ask Me Anything” about OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


Wednesday-Friday, 19-21 February: Eleventh OWASP New Zealand Day

OWASP NZ Day - Web Banner

OWASP New Zealand Day 2020 - University of Auckland Business School

  • One-day conference, with three tracks, on Friday, 21 February
  • Pre-Conference Training, Wednesday and Thursday, 19-20 February - Nine classes presented

Monday, 10 February: Wellington Meetup

Presentation: Introduction to the OWASP Top Ten - Kirk Jackson
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Video: YouTube Recording
Slides: PDF, 1.2mb

2019

Tuesday, 10 December: Auckland Meetup

Secure Coding Tournament: Hosted by Jeanette Gill, Secure Code Warrior
Location: Orion Health (181 Grafton Road, Grafton)


Tuesday, 8 October: Auckland Meetup

Top Ten Topic: A6:2017 - Security Misconfiguration - Led by James Ting-Edwards
Presentation: What’s In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
Event Sponsor and Host: Middleware NZ Venue Host: Simon White
Location: Middleware NZ (104 Quay Street, Auckland CBD)


Wednesday, 25 September: Christchurch Meetup

Secure Coding Tournament
Location: Catalyst IT Limited (Level 1, 284 Kilmore Street, Christchurch Central)


Saturday/Sunday, 24-25 August: security.ac.nz Conference

<a href="https://security.ac.nz>Logo - Security.ac.nz</a>

OWASP NZ is proud to invite you to our first security.ac.nz event. Details are available on the event website.
Registration: FREE
Location: Maclaurin Lecture Theatres, Victoria University of Wellington


Tuesday, 13 August: Auckland Meetup

Top Ten Topic: A9:2017 - Using Components with Known Vulnerabilities - John DiLeo Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)


Saturday, 10 August: OWASP Training Day-Auckland

Class Offered: Threat Modelling: From none to done - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)


Tuesday, 11 June: Auckland Meetup

Top Ten Topic: A5:2017 - Broken Access Control - John DiLeo
Presentation: My Recent Adventures at OWASP Conferences - John DiLeo (@gr4ybeard)
Event Sponsor and Host: Robert Walters Location: Robert Walters (Level 9/22 Fanshawe Street, Auckland CBD)


Tuesday, 9 April: Auckland Meetup

Top Ten Topic: A4:2017 - XML External Entities (XXE) - John DiLeo (@gr4ybeard)
Open Discussion: What do we want to do this year?
Location: Orion Health (181 Grafton Road, Grafton)


Monday, 25 March: Wellington Meetup

Technical Presentation: Safety First - Simon Erkelens (@Firesphere)
Location: Aura Information Security (Level 2/117 Lambton Quay, Wellington Central)

The internet is a dangerous place, but what can you as a developer or (project) manager do to make it that little bit safer? A high level overview of best practices and practical advise you can give to clients, colleagues and users to make the Internet a bit safer, as well as a few in-depth insights. HTTPS, Passwords, and Social engineering, and more will be discussed.


Thursday/Friday, 21-22 February: Tenth OWASP New Zealand Day

OWASP NZ Day 2019 - Web Banner

OWASP New Zealand Day 2019 - University of Auckland Business School

  • One-day conference, with two tracks, on Friday, 22 February
  • Pre-Conference Training, Thursday, 21 February - Three classes offered

2018

Tuesday, 11 December: Auckland Meetup

Top Ten Topic: A2:2017 - Broken Authentication - John DiLeo
Technical Topic: Some Thoughts on Threat Modelling - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)


Monday, 29 October: Wellington Meetup

Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
Video: https://www.youtube.com/watch?v=lAkw24tClvQ


Tuesday, 9 October: Auckland Meetup

Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
Event Sponsor and Host: Cornerstone On-Demand
Location: Cornerstone On-Demand (Level 1/29 Union Street, Auckland CBD)


Wednesday, 26 September: Christchurch Meetup

Presentation: A Senior in a Junior’s World - Toni James, Orion Health (@_tonijames)
Location: Catalyst IT Limited (Level 1/284 Kilmore Street, Christchurch Central)


Monday, 27 August: Wellington Meetup

Presentation: Developer’s guide to Deserialization Attack - Felix Shi
Video: https://www.youtube.com/watch?v=Gi-Pk255Jyw


Tuesday, 14 August: Auckland Meetup

Top Ten Topic: A3:2017 - Sensitive Data Exposure - John DiLeo (@gr4ybeard)
Presentation: Web Application Penetration Testing Demo - Shofe Miraz (@shmi012)
Location: Orion Health (181 Grafton Road, Grafton)


Tuesday, 12 June: Auckland Meetup

Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards (@nullary)
Event Sponsor and Host: InternetNZ
Location: InternetNZ (62 Victoria Street West, Auckland CBD)


Monday, 11 June: Wellington Meetup

Presentation: What are certificates? - Matt Cotterell (@mattcotterellnz


Tuesday, 10 April: Auckland Meetup

Top Ten Topic: A1:2017 - Injection - John DiLeo
Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)


Wednesday, 28 March: Christchurch Meetup

Presentation: CERT NZ
Event Sponsor: Catalyst


Monday, 26 February: Wellington Meetup

Presentation: CERT NZ - Who are we? How are websites getting hacked in real life? - Declan Ingram
Video: https://www.youtube.com/watch?v=WhYh-eUqxIA


Sunday/Monday, 4-5 February: Ninth OWASP New Zealand Day

OWASP NZ Day 2018 - Web Banner

OWASP New Zealand Day 2018 - University of Auckland Business School

  • One-day conference, with two tracks, on Monday, 5 February
  • Pre-Conference Training, Sunday, 4 February - One class offered

2017

2 October: Wellington Meetup

Presentation: Same-origin policy: The core of web security - Kirk Jackson
Video: https://www.youtube.com/watch?v=5wFCRANIbdc


27 September: Christchurch Meetup

Presentation: Securing your data (your business) using SQL Server 2016 - Anupama Natarajan
Event Sponsor: Catalyst


31 July: Wellington Meetup

Presentation: What is Cross-Site Request Forgery? - Vales Bakaitis
Video: https://www.youtube.com/watch?v=G1aLGaMqnm0


28 June: Christchurch Meetup

Web Developer Quiz Night
Prepared and Conducted By: Kim Carter
Details on binarymist.io
Event Sponsor: Catalyst


29 May: Wellington Meetup

Presentation: Developer’s Guide to Preventing XSS - Felix Shi
Video: https://www.youtube.com/watch?v=0J5Rpf3nNjU


19 - 20 April: Eighth OWASP New Zealand Day

OWASP NZ Day 2017 - Web Banner

OWASP New Zealand Day 2017 - University of Auckland Business School

  • One-day conference, with two tracks, on Thursday, 20 April - FREE Registration
  • Pre-Conference Training, Wednesday, 19 April - Half-day and full-day classes offered

29 March: Christchurch Meetup

Presentation: PHP Hurts Programmers (and other tales) - Keith Humm (@spronkey)
Slides: On Speaker Deck
Event Sponsor: Catalyst


27 February: Wellington Meetup

Presentation: Building the ultimate login and signup - Matt Cotterell
Video: https://www.youtube.com/watch?v=E25KxLKwY-M
Location: Wellington


2016

29 November: Wellington Meetup

Presentation: OWASP Top Ten - Developing Secure Web Apps (PHP-Flavoured) - Kirk Jackson
Video: https://www.youtube.com/watch?v=7u08zCz9viU
Event Co-Hosts: PHP UserGroup Wellington


10 October: Wellington Meetup

Presentation: Introduction to Ruby on Rails security - Tim Goddard
Video: https://www.youtube.com/watch?v=Hez1QYc9yo8
Event Sponsor: Insomnia Security Specialists


28 September: Christchurch Meetup

Presentation and Demo: Applying Cold War Learnings to our Daily OPSEC - Chris Campbell (@phage_nz) DeadDrop: https://deaddrop.jadeworld.com/
Github Repo: https://github.com/phage-nz/deaddrop
Event Sponsors: Catalyst and BinaryMist


29 August: Wellington Meetup

Presentation: Mobile App Security: Introduction to the OWASP Mobile Top 10 - Mike Haworth
Video: https://www.youtube.com/watch?v=SbXO6wNvOM4


29 June: Christchurch Meetup

Presentation and Demo: Security Regression Testing with ZapAPI and NodeGoat - Kim Carter (@binarymist)
Teaser Video: https://youtu.be/DrwXUOJWMoo
Github Repo: https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API
Source Material: Kim’s Book, Holistic InfoSec for Web Developers
Event Sponsors: [Catalyst](http://www.catalyst.net.nz/ and BinaryMist


27 June: Wellington Meetup

Presentation: Introduction to Using a Web Application Firewall (WAF) - Graeme Neilson Video: https://www.youtube.com/watch?v=iAPFf9Iqwos
Event Sponsor: RedShield


30 March: Christchurch Meetup

Presentation: Discussion of Qubes OS - Craig Rowland
Event Sponsors: Dimension Data and BinaryMist


3-4 February: Seventh OWASP New Zealand Day

OWASP NZ Day 2016 - Web Banner

OWASP New Zealand Day 2016 - University of Auckland School of Commerce

  • One-day conference, with two tracks in the afternoon, on Thursday, 4 February - FREE Registration
  • Pre-Conference Training, Wednesday, 3 February - One class offered

2015

25 November: Christchurch Meetup

Presentation: UAC, Governance, and Managing the External Infosec Audit - Drewe Hinkley
Event Sponsors: Dimension Data and BinaryMist


30 September: Christchurch Meetup

Presentations:


24 June: Christchurch Meetup

Presentation: Does Your Cloud Solution Look Like a Mushroom? - Kim Carter (@binarymist)
Event Sponsors: Dimension Data and BinaryMist


25 March: Christchurch Meetup

Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations - Rob Gilmour, Senior Software Engineer, Technical Support, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist


26-27 February: Sixth OWASP New Zealand Day

OWASP NZ Day 2015 - Web Banner

OWASP New Zealand Day 2015 - University of Auckland Engineering Department

  • One-day conference, with two tracks in the afternoon, on Friday, 27 February - FREE Registration
  • Pre-Conference Training, Thursday, 26 February - One class offered

2014

26 November: Christchurch Meetup

Workshop: SSL/TLS Review, SSL Stripping Demo, and Mitigation Techniques - Kevin Alcock (@kevinnz), Katipo Security
Event Sponsors: Dimension Data and BinaryMist


25 September: Christchurch Meetup

Workshop: Review, Exploit, and Learn from the Vulnerable Web App - Chris Campbell, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist


24 July: Wellington Meetup

Workshop: Web App Security Workshop - Adrian Hayes Event Sponsor: Dimension Data


2013

19 December: Chapter Meetup

Presentation: Extending Burp with Python (PowerPoint Slide Deck) - Mike Haworth, Aura Information Security
Locations: Dimension Data offices in Auckland, Christchurch, and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


11-12 September: Fifth OWASP New Zealand Day

OWASP NZ Day 2013 - Web Banner

OWASP New Zealand Day 2013 - University of Auckland Business School

  • One-day conference, with two tracks in the afternoon, on Thursday, 12 September - FREE Registration
  • Pre-Conference Training, Wednesday, 11 September - Two classes offered

22 May: Chapter Meetup

Presentations:

  • Secure by Design - Simon Burson
  • The New OWASP Top 10 - Adrian Hayes

Locations: Dimension Data offices in Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


2012

30-31 August: Fourth OWASP New Zealand Day

OWASP NZ Day 2012 - Web Banner

OWASP New Zealand Day 2012 - University of Auckland Business School

  • One-day conference, with two tracks in the afternoon, on Friday, 31 August - FREE Registration
  • Pre-Conference Training, Thursday, 30 August - Two classes offered

8 May: Chapter Meetup

Presentation: An Overview and introduction to modern day BeEF (Slides) - Mark Piper, Insomnia Security Specialists
Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


28 February: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 3 (Slides) - Adrian Hayes, Security-Assessment.com
  • Mistaken Identity: How Not To Build A Password Reset Process (Slides) - Nick Freeman, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


2011

6 December: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 2 (Slides) - Adrian Hayes, Security-Assessment.com
  • Hardened Hosting (Slides) - Quintin Russ, SiteHost

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


20 September: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 1 (Slides) - Nick Freeman, Security-Assessment.com
  • Clickjacking for Shells (Slides) - Andrew Horton, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


7 July: Third OWASP New Zealand Day

OWASP NZ Day 2011 - Web Banner

OWASP New Zealand Day 2011 - University of Auckland Business School

  • One-day, single-track conference on Thursday, 7 July - FREE Registration
  • Concurrent Training on Thursday - Two classes offered

2 March: Chapter Meetup

Presentations:

  • Crazy Insecure Web Apps Google Didn’t Tell You About - Adrian Hayes, Security-Assessment.com
  • I know what you did last summer: The latest from the world of web hacks (Slides) - Kirk Jackson, Aura Software Security

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


2010

15 July: Second OWASP New Zealand Day

OWASP NZ Day 2010 - Web Banner

OWASP New Zealand Day 2010 - University of Auckland Business School

  • One-day, single-track conference - FREE Registration

4 March: Chapter Meetup

Presentation: MS-SQL Injections - Scott Bell, Security-Assessment.com Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


2009

10 November: Chapter Meetup

Presentations:

  • Testing AMF/Flex - Nick Freeman, Security-Assessment.com
  • “Shared Ownership,” from a web security perspective - Quintin Russ, Site Host

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


13 July: OWASP New Zealand Day

OWASP NZ Day 2009 - Web Banner

OWASP New Zealand Day 2009 - University of Auckland

  • One-day, single-track conference - FREE Registration

19 March: Chapter Meetup

Presentations:

  • ActiveXploitation in 2009 (Slides) - Paul Craig, Security-Assessment.com
  • Reversing JavaScript (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com


2008

5 November: Chapter Meetup

Presentations:

  • Common Application Flaws (Slides) - Brett Moore, Insomnia Security
  • In your Browser, Jackin your Clicks - Beau Butler, Security-Assessment.com
  • Opera Stored Cross Site Scripting - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com


3 September: Chapter Meetup

Presentations:

  • Browser Security (Slides) - Roberto Suggi Liverani, Security-Assessment.com
  • Time-Based Blind SQL Injections (Slides) - Muhaimin Dzulfakar, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Microsoft and Security-Assessment.com


25 June: Chapter Meetup

Presentations:

  • Fuzz the Web - Dean Jerkovich, ASB
  • Hacking The World With Flash Part #2: The Results - Paul Crag, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


29 April: Chapter Meetup

Presentations:

  • Hacking The World With Flash (Slides) - Paul Craig, Security-Assessment.com
  • Web Spam Techniques (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


21 February: Auckland Meetup

Presentation: Xpath Injection - An Overview (Slides) - Roberto Suggi Liverani, Security-assessment.com
Event Sponsor: Veda Advantage


2007

5 December: Aucland Meetup

Presentations:

  • Ajax Security (Slides) - Roberto Suggi Liverani, Security-assessment.com
  • On-the-job Browser Exploitation - Mark Piper, Security-assessment.com

Event Sponsor: Veda Advantage


22 May: Auckland Meetup

Presentation: OWASP in New Zealand - Roberto Suggi Liverani and Antonio Spera
Event Sponsor: Veda Advantage

January and April

Events held in Auckland, sponsored by Veda Advantage (Acquired by Equifax in February 2016)


Activities

OWASP New Zealand members actively participate in various OWASP activities. Listed below are highlights of activities undertaken by OWASP NZ members.

2024

  • The Fourteenth OWASP New Zealand Day conference is held 3-6 September at the AUT City Campus. The main conference again includes two concurrent tracks (plus Sponsor Demo/Breakout ‘track’) over two days. Pre-Conference Training, on Tuesday and Wednesday, features five (5) classes in a variety of formats - half-day, one-day, and two-day. One training class is held online, while the remainder are in-person. The conference is organised by AppSec New Zealand Incorporated, under license from OWASP.
  • Matt Cotterell signs on as leader for the OWASP NZ Wellington Meetup, with support from Kirk Jackson.
  • John DiLeo relocates from Auckland to Hamilton, and launches the OWASP NZ Hamilton Meetup.
  • Austin Chamberlain steps in as leader for the OWASP NZ Auckland Meetup.
  • John DiLeo attends OWASP AppSec Days-Singapore in October, presenting a one-day Threat Modelling class, along with his talk on OWASP Projects and Tools.
  • John DiLeo attends the OWASP SAMM Core Team Summit in Nieuwpoort, Belgium, in March.

2023

  • The Thirteenth OWASP New Zealand Day conference is held 4-7 July at the AUT City Campus. The main conference again includes two concurrent tracks (plus Sponsor Demo/Breakout ‘track’) over two days. Pre-Conference Training, on Tuesday and Wednesday, features eight (8) in-person classes in a mix of one-day and two-day formats. The conference is organised by AppSec New Zealand Incorporated, under license from OWASP.
  • John DiLeo attends the OWASP Global AppSec-DC conference in October, presenting a one-day training class on Application Security Testing.
  • The second OWASP State of AppSec in New Zealand Survey is conducted. The number of responses received (7) is too small to publish results.

2022

  • The Twelfth OWASP New Zealand Day conference is held 5-8 July, for the first time at the AUT City Campus. The main conference includes two concurrent tracks over two days, with a Sponsor Demo/Breakout ‘track’ introduced on both days. Pre-Conference Training, on Tuesday and Wednesday, features five (5) classes in a variety of formats - half-day, one-day, and two-day. One training class is held online, while the remainder are in-person. The conference is organised by AppSec New Zealand Incorporated, under license from OWASP.
  • John DiLeo attends the Canterbury Hacker Camp in Hanmer Springs in November, presenting a one-day Threat Modelling class, along with a talk on the OWASP State of AppSec Survey Project.
  • John DiLeo attends the OWASP Global AppSec-San Francisco conference in November, presenting the two-day OWASP SAMM Master Class, along with a talk on OWASP Projects and Tools.
  • John DiLeo attends the OWASP SAMM Core Team Summit in Boston, in November.
  • The inaugural OWASP State of AppSec in New Zealand Survey is conducted, with results published in early 2023.

2020

  • For 2020, the OWASP New Zealand Day conference, 19-21 February, expands to include three concurrent tracks in the one-day main conference, and two days of pre-conference training featuring nine classes. A total of 13 sponsors sign on to support the event.

2019

  • John DiLeo attended the OWASP SAMM Project Summit, November 2019, in Dublin.
  • John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the NZISF in Auckland
  • John DiLeo attended the [https://open-security-summit.org/ Open Security Summit], June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
  • John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at [https://telaviv.appsecglobal.org/ Global AppSec-Tel Aviv] in May 2019
  • John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

  • John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the [https://2018.open-security-summit.org/ Open Security Summit] in the UK, in June 2018
  • John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
  • John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
  • John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
  • Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
  • Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018
  • Nick Malcolm relocated from Auckland to Wellington and began assisting with the Wellington Meetup

2017

  • Kim Carter ran a [http://www.meetup.com/owaspnycmetro/events/228716474/ workshop] at the NYC chapter

2016

  • Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.

2014

  • Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014

2013

  • Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
  • Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
  • Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader

2009

  • Roberto Suggi Liverani spoke at OWASP AppSec Asia 2009 conference, 17-18 November
  • Roberto Suggi Liverani and Nick Freeman spoke at Defcon 17, 31 July - 1 August
  • OWASP NZ Day 2009 - [http://wiki.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Presentations online]
  • Roberto Suggi Liverani and Nick Freeman spoke at EUSecWest 09, 27-28 May
  • Brett Moore spoke at [http://www.owasp.org/index.php/OWASP_AU_Conference_2009 OWASP AU Conference] (26-27 February), presenting “Vulnerabilities In Action.”
  • Roberto Suggi Liverani contributed to the [http://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide v3]

2008

  • Mark Piper took his “On the job browser exploitation” talk to the [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference OWASP_Australia_AppSec_2008_Conference].

Older

  • Rob Munro was appointed as OWASP Evangelist