OWASP New Zealand

OWASP New Zealand

Welcome to the OWASP New Zealand Chapter home page.

The OWASP New Zealand Chapter has been active since 2007. In addition to our annual OWASP New Zealand Day conference, we organise local Meetups and training events throughout the year.

The chapter leaders are Kim Carter (Christchurch), Kirk Jackson (Wellington), and John DiLeo (Auckland).

Upcoming Events

28 - 30 April: Virtual AppSec Days

  • Mini conference on 28 April (Starting at 12:00 noon, Monday 27 April, US EDT)
  • Four-hour training classes on 29 and 30 April (Starting at 12:00 noon and 5:00 p.m., Tuesday and Wednesday, US EDT)
  • Agenda and registration TBC

12 May: Auckland Meetup

Top Ten Discussion: A8 - Insecure Deserialization - Led by John DiLeo (@gr4ybeard)
Technical Discussion: TBC
Location: TBC
Time: 6:30 p.m.


Keeping in Touch

Some Global OWASP Resources:

Call For Speakers

Our Call For Speakers is always open. If you would like to present a talk relevant to Application Security at a future OWASP New Zealand Chapter Meetup, review the speaker agreement and send your proposed talk title, abstract, and a brief speaker bio to the Chapter Leader(s) in the city(ies) where you’d like to present.

Call for Organisers

OWASP New Zealand currently has active Meetups in three cities - Auckland, Christchurch, and Wellington. If you’re interested in helping organise one of our Meetups, please contact the Chapter Leader in that city.

If you are located in another New Zealand city, and would be willing and able to host a Meetup there (at least four times per year), then we’d love to hear from you.

The OWASP New Zealand Board

We are always looking for additional board members to evangelise OWASP and its mission, and to help with meetings, projects, and initiatives. As we all know, it takes lots of time and effort to run a chapter. Please contact us if you are interested in joining the OWASP New Zealand board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to the OWASP New Zealand Chapter.

OWASP Statement on Participation

The Open Web Application Security Project (OWASP) - managed by the non-profit OWASP Foundation - works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Leader Handbook. Financial contributions should only be made online using the authorised online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Workspace. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.


Past Events

2020

10 March: Auckland Meetup

Top Ten Discussion: A7 - Cross-Site Scripting (XSS) - Led by John DiLeo Technical Discussion: “Ask Me Anything” about OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


19 - 21 February: Eleventh OWASP New Zealand Day

OWASP NZ Day - Web Banner

OWASP New Zealand Day 2020 - University of Auckland Business School

  • One-day conference, with three tracks, on Friday, 21 February - Conference Registration is FREE
  • Pre-Conference Training, Wednesday and Thursday, 19-20 February - Nine classes on offer
    Training Registration closes 12 February - Registration fees: $325.00 for half-day classes; $625.00 for one-day classes; $1250.00 for two-day classes (plus EventBrite fees)

10 February: Wellington Meetup

Presentation: Introduction to the OWASP Top Ten - Kirk Jackson
Location: RedShield House, 79 Boulcott St., Wellington
Video: YouTube Recording
Slides: PDF, 1.2mb

2019

10 December: Auckland Meetup

Secure Coding Tournament: Hosted by Jeanette Gill, Secure Code Warrior
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


8 October: Auckland Meetup

Top Ten Discussion: A6 - Security Misconfiguration - Led by James Ting-Edwards
Presentation: What’s In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
Event Sponsor and Host: Middleware NZ Venue Host: Simon White
Location: Middleware NZ, 104 Quay Street, CBD, Auckland


24 - 25 August: Security.ac.nz Conference

<a href="https://security.ac.nz>Logo - Security.ac.nz</a>

OWASP NZ is proud to invite you to our first security.ac.nz event. Details are available on the event website.
Registration: FREE
Location: Maclaurin Lecture Theatres, Victoria University of Wellington


13 August: Auckland Meetup

Top Ten Discussion: A9 - Using Components with Known Vulnerabilities - Led by John DiLeo Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


10 August: Auckland Training Day

Threat Modelling: Getting from None to Done - John DiLeo (@gr4ybeard)
Registration: $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


11 June: Auckland Meetup

Top Ten Discussion: A5 - Broken Access Control - Led by John DiLeo
Presentation: My Recent Adventures at OWASP Conferences - John DiLeo (@gr4ybeard)
Event Sponsor and Host: Robert Walters Location: Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland


9 April: Auckland Meetup

Top Ten Discussion: A4 - XML External Entities (XXE) - Led by John DiLeo (@gr4ybeard)
Open Discussion: What do we want to do this year?
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


21 - 22 February: Tenth OWASP New Zealand Day

OWASP NZ Day 2019 - Web Banner

OWASP New Zealand Day 2019 - University of Auckland Business School

  • One-day conference, with two tracks, on Friday, 22 February - Conference Registration: FREE
  • Pre-Conference Training, Thursday, 21 February - Three classes offered
    Registration fees: $250.00 for half-day classes; $500.00 for full-day classes

2018

11 December: Auckland Meetup

Top Ten Discussion: A2 - Broken Authentication - Led by John DiLeo
Technical Topic: Some Thoughts on Threat Modelling - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


29 October: Wellington Meetup

Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
Video: https://www.youtube.com/watch?v=lAkw24tClvQ


9 October: Auckland Meetup

Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
Event Sponsor and Host: Cornerstone On-Demand
Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland


27 August: Wellington Meetup

Presentation: Developer’s guide to Deserialization Attack - Felix Shi
Video: https://www.youtube.com/watch?v=Gi-Pk255Jyw


14 August: Auckland Meetup

Top Ten Discussion: A3 - Sensitive Data Exposure - Led by John DiLeo (@gr4ybeard)
Presentation: Web Application Penetration Testing Demo - Shofe Miraz (@shmi012)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


12 June: Auckland Meetup

Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards (@nullary)
Event Sponsor and Host: InternetNZ
Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland


11 June: Wellington Meetup

Presentation: What are certificates? - Matt Cotterell (@mattcotterellnz


10 April: Auckland Meetup

Top Ten Discussion: A1 - Injection - Led by John DiLeo
Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland


28 March: Christchurch Meetup

Presentation: CERT NZ
Event Sponsor: Catalyst


26 February: Wellington Meetup

Presentation: CERT NZ - Who are we? How are websites getting hacked in real life? - Declan Ingram
Video: https://www.youtube.com/watch?v=WhYh-eUqxIA


4 - 5 February: Ninth OWASP New Zealand Day

OWASP NZ Day 2018 - Web Banner

OWASP New Zealand Day 2018 - University of Auckland Business School

  • One-day conference, with two tracks, on Monday, 5 February - FREE Registration
  • Pre-Conference Training, Sunday, 3 February - One class offered
    Registration fee: $500.00

2017

2 October: Wellington Meetup

Presentation: Same-origin policy: The core of web security - Kirk Jackson
Video: https://www.youtube.com/watch?v=5wFCRANIbdc


27 September: Christchurch Meetup

Presentation: Securing your data (your business) using SQL Server 2016 - Anupama Natarajan
Event Sponsor: Catalyst


31 July: Wellington Meetup

Presentation: What is Cross-Site Request Forgery? - Vales Bakaitis
Video: https://www.youtube.com/watch?v=G1aLGaMqnm0


28 June: Christchurch Meetup

Web Developer Quiz Night
Prepared and Conducted By: Kim Carter
Details on binarymist.io
Event Sponsor: Catalyst


29 May: Wellington Meetup

Presentation: Developer’s Guide to Preventing XSS - Felix Shi
Video: https://www.youtube.com/watch?v=0J5Rpf3nNjU


19 - 20 April: Eighth OWASP New Zealand Day

OWASP NZ Day 2017 - Web Banner

OWASP New Zealand Day 2017 - University of Auckland Business School

  • One-day conference, with two tracks, on Thursday, 20 April - FREE Registration
  • Pre-Conference Training, Wednesday, 19 April - Half-day and full-day classes offered

29 March: Christchurch Meetup

Presentation: PHP Hurts Programmers (and other tales) - Keith Humm (@spronkey)
Slides: On Speaker Deck
Event Sponsor: Catalyst


27 February: Wellington Meetup

Presentation: Building the ultimate login and signup - Matt Cotterell
Video: https://www.youtube.com/watch?v=E25KxLKwY-M
Location: Wellington


2016

29 November: Wellington Meetup

Presentation: OWASP Top Ten - Developing Secure Web Apps (PHP-Flavoured) - Kirk Jackson
Video: https://www.youtube.com/watch?v=7u08zCz9viU
Event Co-Hosts: PHP UserGroup Wellington


10 October: Wellington Meetup

Presentation: Introduction to Ruby on Rails security - Tim Goddard
Video: https://www.youtube.com/watch?v=Hez1QYc9yo8
Event Sponsor: Insomnia Security Specialists


28 September: Christchurch Meetup

Presentation and Demo: Applying Cold War Learnings to our Daily OPSEC - Chris Campbell (@phage_nz) DeadDrop: https://deaddrop.jadeworld.com/
Github Repo: https://github.com/phage-nz/deaddrop
Event Sponsors: Catalyst and BinaryMist


29 August: Wellington Meetup

Presentation: Mobile App Security: Introduction to the OWASP Mobile Top 10 - Mike Haworth
Video: https://www.youtube.com/watch?v=SbXO6wNvOM4


29 June: Christchurch Meetup

Presentation and Demo: Security Regression Testing with ZapAPI and NodeGoat - Kim Carter (@binarymist)
Teaser Video: https://youtu.be/DrwXUOJWMoo
Github Repo: https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API
Source Material: Kim’s Book, Holistic InfoSec for Web Developers
Event Sponsors: [Catalyst](http://www.catalyst.net.nz/ and BinaryMist


27 June: Wellington Meetup

Presentation: Introduction to Using a Web Application Firewall (WAF) - Graeme Neilson Video: https://www.youtube.com/watch?v=iAPFf9Iqwos
Event Sponsor: RedShield


30 March: Christchurch Meetup

Presentation: Discussion of Qubes OS - Craig Rowland
Event Sponsors: Dimension Data and BinaryMist


3-4 February: Seventh OWASP New Zealand Day

OWASP NZ Day 2016 - Web Banner

OWASP New Zealand Day 2016 - University of Auckland School of Commerce

  • One-day conference, with two tracks in the afternoon, on Thursday, 4 February - FREE Registration
  • Pre-Conference Training, Wednesday, 3 February - One class offered

2015

25 November: Christchurch Meetup

Presentation: UAC, Governance, and Managing the External Infosec Audit - Drewe Hinkley
Event Sponsors: Dimension Data and BinaryMist


30 September: Christchurch Meetup

Presentations:


24 June: Christchurch Meetup

Presentation: Does Your Cloud Solution Look Like a Mushroom? - Kim Carter (@binarymist)
Event Sponsors: Dimension Data and BinaryMist


25 March: Christchurch Meetup

Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations - Rob Gilmour, Senior Software Engineer, Technical Support, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist


26-27 February: Sixth OWASP New Zealand Day

OWASP NZ Day 2015 - Web Banner

OWASP New Zealand Day 2015 - University of Auckland Engineering Department

  • One-day conference, with two tracks in the afternoon, on Friday, 27 February - FREE Registration
  • Pre-Conference Training, Thursday, 26 February - One class offered

2014

26 November: Christchurch Meetup

Workshop: SSL/TLS Review, SSL Stripping Demo, and Mitigation Techniques - Kevin Alcock (@kevinnz), Katipo Security
Event Sponsors: Dimension Data and BinaryMist


25 September: Christchurch Meetup

Workshop: Review, Exploit, and Learn from the Vulnerable Web App - Chris Campbell, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist


24 July: Wellington Meetup

Workshop: Web App Security Workshop - Adrian Hayes Event Sponsor: Dimension Data


2013

19 December: Chapter Meetup

Presentation: Extending Burp with Python (PowerPoint Slide Deck) - Mike Haworth, Aura Information Security
Locations: Dimension Data offices in Auckland, Christchurch, and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


11-12 September: Fifth OWASP New Zealand Day

OWASP NZ Day 2013 - Web Banner

OWASP New Zealand Day 2013 - University of Auckland Business School

  • One-day conference, with two tracks in the afternoon, on Thursday, 12 September - FREE Registration
  • Pre-Conference Training, Wednesday, 11 September - Two classes offered

22 May: Chapter Meetup

Presentations:

  • Secure by Design - Simon Burson
  • The New OWASP Top 10 - Adrian Hayes

Locations: Dimension Data offices in Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


2012

30-31 August: Fourth OWASP New Zealand Day

OWASP NZ Day 2012 - Web Banner

OWASP New Zealand Day 2012 - University of Auckland Business School

  • One-day conference, with two tracks in the afternoon, on Friday, 31 August - FREE Registration
  • Pre-Conference Training, Thursday, 30 August - Two classes offered

8 May: Chapter Meetup

Presentation: An Overview and introduction to modern day BeEF (Slides) - Mark Piper, Insomnia Security Specialists
Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


28 February: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 3 (Slides) - Adrian Hayes, Security-Assessment.com
  • Mistaken Identity: How Not To Build A Password Reset Process (Slides) - Nick Freeman, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


2011

6 December: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 2 (Slides) - Adrian Hayes, Security-Assessment.com
  • Hardened Hosting (Slides) - Quintin Russ, SiteHost

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint


20 September: Chapter Meetup

Presentations:

  • Introduction to the OWASP Top Ten - Part 1 (Slides) - Nick Freeman, Security-Assessment.com
  • Clickjacking for Shells (Slides) - Andrew Horton, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


7 July: Third OWASP New Zealand Day

OWASP NZ Day 2011 - Web Banner

OWASP New Zealand Day 2011 - University of Auckland Business School

  • One-day, single-track conference on Thursday, 7 July - FREE Registration
  • Concurrent Training on Thursday - Two classes offered

2 March: Chapter Meetup

Presentations:

  • Crazy Insecure Web Apps Google Didn’t Tell You About - Adrian Hayes, Security-Assessment.com
  • I know what you did last summer: The latest from the world of web hacks (Slides) - Kirk Jackson, Aura Software Security

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


2010

15 July: Second OWASP New Zealand Day

OWASP NZ Day 2010 - Web Banner

OWASP New Zealand Day 2010 - University of Auckland Business School

  • One-day, single-track conference - FREE Registration

4 March: Chapter Meetup

Presentation: MS-SQL Injections - Scott Bell, Security-Assessment.com Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


2009

10 November: Chapter Meetup

Presentations:

  • Testing AMF/Flex - Nick Freeman, Security-Assessment.com
  • “Shared Ownership,” from a web security perspective - Quintin Russ, Site Host

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


13 July: OWASP New Zealand Day

OWASP NZ Day 2009 - Web Banner

OWASP New Zealand Day 2009 - University of Auckland

  • One-day, single-track conference - FREE Registration

19 March: Chapter Meetup

Presentations:

  • ActiveXploitation in 2009 (Slides) - Paul Craig, Security-Assessment.com
  • Reversing JavaScript (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com


2008

5 November: Chapter Meetup

Presentations:

  • Common Application Flaws (Slides) - Brett Moore, Insomnia Security
  • In your Browser, Jackin your Clicks - Beau Butler, Security-Assessment.com
  • Opera Stored Cross Site Scripting - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com


3 September: Chapter Meetup

Presentations:

  • Browser Security (Slides) - Roberto Suggi Liverani, Security-Assessment.com
  • Time-Based Blind SQL Injections (Slides) - Muhaimin Dzulfakar, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Microsoft and Security-Assessment.com


25 June: Chapter Meetup

Presentations:

  • Fuzz the Web - Dean Jerkovich, ASB
  • Hacking The World With Flash Part #2: The Results - Paul Crag, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


29 April: Chapter Meetup

Presentations:

  • Hacking The World With Flash (Slides) - Paul Craig, Security-Assessment.com
  • Web Spam Techniques (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com


21 February: Auckland Meetup

Presentation: Xpath Injection - An Overview (Slides) - Roberto Suggi Liverani, Security-assessment.com
Event Sponsor: Veda Advantage


2007

5 December: Aucland Meetup

Presentations:

  • Ajax Security (Slides) - Roberto Suggi Liverani, Security-assessment.com
  • On-the-job Browser Exploitation - Mark Piper, Security-assessment.com

Event Sponsor: Veda Advantage


22 May: Auckland Meetup

Presentation: OWASP in New Zealand - Roberto Suggi Liverani and Antonio Spera
Event Sponsor: Veda Advantage

January and April

Events held in Auckland, sponsored by Veda Advantage (Acquired by Equifax in February 2016)


Activities

OWASP New Zealand members actively participate in various OWASP activities. Listed below are highlights of activities undertaken by OWASP NZ members.

2020

  • For 2020, the OWASP New Zealand Day conference, 19-21 February, expands to include three concurrent tracks in the one-day main conference, and two days of pre-conference training featuring nine classes. A total of 13 sponsors sign on to support the event.

2019

  • John DiLeo attended the OWASP SAMM Project Summit, November 2019, in Dublin
  • John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the [https://security.org.nz/about-nzsa/nzisf/ NZISF] in Auckland
  • John DiLeo attended the [https://open-security-summit.org/ Open Security Summit], June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
  • John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at [https://telaviv.appsecglobal.org/ Global AppSec-Tel Aviv] in May 2019
  • John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

  • John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the [https://2018.open-security-summit.org/ Open Security Summit] in the UK, in June 2018
  • John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
  • John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
  • John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
  • Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
  • Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018

2017

  • Kim Carter ran a [http://www.meetup.com/owaspnycmetro/events/228716474/ workshop] at the NYC chapter

2016

  • Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.

2014

  • Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014

2013

  • Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
  • Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
  • Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader

2009

  • Roberto Suggi Liverani spoke at OWASP AppSec Asia 2009 conference, 17-18 November
  • Roberto Suggi Liverani and Nick Freeman spoke at Defcon 17, 31 July - 1 August
  • OWASP NZ Day 2009 - [http://wiki.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Presentations online]
  • Roberto Suggi Liverani and Nick Freeman spoke at EUSecWest 09, 27-28 May
  • Brett Moore spoke at [http://www.owasp.org/index.php/OWASP_AU_Conference_2009 OWASP AU Conference] (26-27 February), presenting “Vulnerabilities In Action.”
  • Roberto Suggi Liverani contributed to the [http://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide v3]

2008

  • Mark Piper took his “On the job browser exploitation” talk to the [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference OWASP_Australia_AppSec_2008_Conference].

Older

  • Rob Munro was appointed as OWASP Evangelist