OWASP New Zealand

Past Events

2024

Saturday, 15 June: OWASP Training Day-Auckland

Classes Offered:

• Assess and Improve Your AppSec Program using OWASP SAMM - John DiLeo
• Like ISO/IEC 27001, but Backwards - Stephen Coates

Location: 2Degrees Head Office (Level 2/136 Fanshawe Street, Auckland)
Time: 8:45 a.m. - 5:30 p.m.

Tuesday, 21 May: Auckland Meetup

Top Ten Topic: A02:2021 - Cryptographic Failures - John DiLeo (@gr4ybeard)
Technical Presentation: Listeners’ Choice
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.

Tuesday, 12 March: Auckland Meetup

Top Ten Topic: A01:2021 - Broken Access Control - John DiLeo (@gr4ybeard)
Technical Presentation: OWASP SAMM - Overview and Update
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.

Saturday, 27 January: OWASP Training Day-Hamilton

Classes Offered:

• Threat Modelling: From none to done - John DiLeo
• Like ISO/IEC 27001, but Backwards - Stephen Coates

Location: Gallagher World Headquarters (181 Kahikatea Drive, Hamilton)
Time: 8:45 a.m. - 5:30 p.m.

2023

21 November: Auckland Meetup

Top Ten Topic: A10:2021 - Server-Side Request Forgery (SSRF) - John DiLeo (@gr4ybeard)
Technical Presentation: Creating Test Cases for Security Features - John DiLeo, IriusRisk
Location: The Corner Store (25 Mount Eden Road)
Time: 6:30 p.m.

Saturday, 11 November: OWASP Training Day-Dunedin

Class Offered: Threat Modelling: From none to done - John DiLeo
Location: MTF Finance National Office (Level 1/98 Great King Street)
Time: 8:45 a.m. - 5:30 p.m.

13 September: Auckland Meetup

Top Ten Topic: A09:2021 - Security Logging and Monitoring Failures - John DiLeo
Technical Presentation: Listeners’ Choice - John DiLeo
Location: B:HIVE (72 Taharoto Road, Takapuna)
Time: 6:30 p.m.

11 July: Auckland Meetup

Top Ten Topic: A08:2021 - Software and Data Integrity Failures - John DiLeo
Discussion: Retrospective on OWASP New Zealand Day 2023
Location: Jubilee Building (545 Parnell Road)
Time: 6:30 p.m.

Tuesday-Friday, 4-7 July: Thirteenth OWASP New Zealand Day

OWASP New Zealand Day 2023 - Auckland University of Technology (AUT) City Campus

• Two-day conference, with two tracks, on Thursday and Friday, 6-7 July
• Pre-Conference Training, Tuesday and Wednesday, 4-5 July - Six (6) classes presented

9 May: Auckland Meetup

Top Ten Topic: A07:2021 - Identification and Authentication Failures - John DiLeo (@gr4ybeard)
Technical Presentation: Let’s Talk about Threat Modelling - John DiLeo, IriusRisk
Location: B:HIVE (72 Taharoto Road, Takapuna)
Time: 6:30 p.m.

Let’s Talk about Threat Modelling
Abstract: John provided an update on his general thoughts about threat modelling as a source of Security Requirements for applications, how development teams can integrate threat modelling into their BAU practices, and the tool landscape.

Tuesday, 14 March: Auckland Meetup

Top Ten Topic: A06:2021 - Vulnerable and Outdated Components - John DiLeo
Technical Presentation: Networking Security for Application Developers - Ruskin Dantra and Ryan Tan, AWS
Location: AWS, Level 13, Commercial Bay (7 Queen Street)
Time: 6:30 p.m.

Networking Security for Application Developers
Abstract:
Microservices are an integral part of modern application development. As we increasingly adopt distributed services, securing communication between them is crucial.
In this talk, you will discover how to strengthen your application network security at multiple layers and achieve continuous compliance visibility. By implementing these practices, you can mitigate potential security risks and ensure the safety and privacy of your users’ data.

2022

Tuesday, 8 November: Auckland Meetup

Top Ten Topic: A05:2021 - Security Misconfiguration - John DiLeo (@gr4ybeard, LinkedIn)
Location: Les Mills (43 Sale Street, Auckland CBD)
Time: 6:30 p.m. (doors open at 6:00)

Saturday, 24 September: security.ac.nz 2022

<a href="https://security.ac.nz></a>

security.ac.nz 2022 - Owen G. Glenn Building, University of Auckland

• One-day, FREE, student-focused conference - Saturday, 24 September

Wednesday, 21 September: Auckland Meetup

Top Ten Topic: A04:2021 - Insecure Design - John DiLeo (@gr4ybeard, LinkedIn)
Technical Presentation: Unicode Security: How Emojis Can Be Bad for AppSec - Dr. Pedram Hayati, Founder, SecTalks.org and SecDim.com (LinkedIn)
Location: Westpac New Zealand (16 Takutai Square, Auckland CBD)
Time: 6:30 p.m.

Wednesday, 24 August: Christchurch Meetup

Technical Presentation: The New Top 10 Web App Security Risks - Kevin Alcock, Datacom (@kevinnz, LinkedIn)
Location: Inde Technology (175 Roydvale Avenue, Burnside, Christchurch)
Time: 7:00 p.m.

The New Top 10 Web AppSecurity Risks
Abstract:

All web app developers should know the OWASP Top 10 – a list of the biggest cybersecurity concerns that commonly appear in web applications.

Every few years, the list is updated based on feedback from the community, observations in the wild, and changes to the threat landscape.

The list was recently updated, and in this talk, Kevin will run us through those changes and help us to build (or break) modern web applications.

Tuesday-Friday, 5-8 July: Twelfth OWASP New Zealand Day

OWASP New Zealand Day 2022 - Auckland University of Technology (AUT) City Campus

• Two-day conference, with two tracks, on Thursday and Friday, 7-8 July
• Pre-Conference Training, Tuesday and Wednesday, 5-6 July - Five (5) classes presented

Monday, 20 June: Wellington Meetup

Presentation: OWASP Top 10 Overview - Kirk Jackson
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.

2021

Tuesday, 9 November: Auckland Meetup

Presentation: Leveraging OWASP Resources in Your AppSec Programme - John DiLeo
Location: Zoom Meeting
Time: 6:30 p.m.

Tuesday, 14 September: Auckland Meetup

Presentation: OWASP Top 10 Update (2021 Edition) - John DiLeo
Location: Zoom Meeting
Time: 6:30 p.m.

Monday, 9 August: Wellington Meetup

Presentation: DDos: How can something so cheap be so expensive? - Jerome Van Rooijen, RedShield
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.

Tuesday, 13 July: Auckland Meetup

Top Ten Topic: A4:2017 - XML External Entity (XXE) - John DiLeo (@gr4ybeard)
Technical Presentation: Hacking JSON Web Tokens - Ben Dechrai, Auth0
Location: Flux Federation Head Office (Level 3/104 Fanshawe Street, Auckland CBD)
Time: 6:30 p.m.

Hacking JSON Web Tokens
Abstract:
In the world of authentication and authorisation, you might have heard of JWTs, or JSON Web Tokens, which are used to encapsulate a user’s identity, or convey information to another system that defines permissions of what can be performed.

They’re secure; they’re signed; they’re the best thing since sliced bread!

So you’ve adopted them into your applications and now feel much safer. The chances things will go wrong are slim. Right?

This talk will introduce some ways JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.

Monday, 12 July: Wellington Meetup

Presentation: XXE: Why It’s Still in the Top 10 - Sam Shute
Location: Quantum Security (10 Brandon Street, Wellington Central)
Time: 5:30 p.m.

Wednesday, 30 June: Christchurch Meetup

Presentation: Incident Response and Application Intrusion Detection - Kim Carter and Chris C.
Location: Trineo Limited (181 High Street, Christchurch Central)

Thursday, 13 May: Wellington Meetup

Panel Discussion - Getting AppSec Right, from the Beginning
Location: RedShield (Level 12/79 Boulcott treet, Wellington Central)
Time: 5:45 - 8:30 p.m.

Tuesday, 11 May: Auckland Meetup

Panel Discussion - Getting AppSec Right, from the Beginning
Location: Datacom Auckland (58 Gaunt Street, Auckland CBD)
Time: 5:45 - 8:30 p.m.

Wednesday, 31 March: Christchurch Meetup

Open Discussions:

• COVID - What’s Changed, and Needs to Change, in InfoSec
• Planning the Meetup’s calendar for the year

Location: Trineo Limited (181 High Street, Christchurch Central)

Monday, 15 March: Auckland Meetup

AppSec/InfoSec Games Night - Backdoors and Breaches; Elevation of Privilege (EoP), OWASP Cornucopia
Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 6:30 p.m.

Monday, 15 March: Wellington Meetup

Presentation: Federated Logins with OAuth 2, OpenID Connect, and JWTs - Matt Cotterell
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Time: 5:30 p.m.

Wednesday-Saturday, 10-13 February: 2021 AppSec New Zealand Conference

2021 AppSec New Zealand Conference - Sir Owen G. Glenn Building, University of Auckland

• Two-day conference, with two tracks, on Friday and Saturday, 12-13 February
• Pre-Conference Training, Wednesday and Thursday, 10-11 February - Seven (7) classes presented

2020

Saturday, 24 October: OWASP Training Day-Wellington

Class Offered: Threat Modelling: From None to Done - John DiLeo, OWASP New Zealand
Location: RedShield (79 Boulcott Street, Wellington Central)
Time: 8:45 a.m. - 5:30 p.m.

Saturday, 10 October: OWASP Training Day-Auckland

Classes Offered:

• A Cat, a Dog, and a Roast Turkey: What’s in Your Threat Model? - Wade Winright, Salesforce
• Secure Your SDLC using OWASP SAMM - ASAP! - John DiLeo, OWASP New Zealand

Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 8:45 a.m. - 5:30 p.m.

Tuesday, 8 September: Auckland Meetup

Top Ten Topic: A1:2017 - Injection - John DiLeo (@gr4ybeard)
Technical Presentation: Failing Fast - Laura Bell, SafeStack (@lady_nerd)
Location: Grid/AKL, John Lysaght Building (101 Pakenham Street West, Auckland CBD) and YouTube Live Stream
Time: 6:30 p.m.

Failing Fast: The impact of bias when speeding up application security
Abstract: There is a lot of talk these days about going faster with security, DevSecOps, and making security part of your lifecycle. In this talk, we will explore three common mistakes teams make when embracing application security at speed and how you can avoid making them.

Tuesday, 14 July: Auckland Meetup

Top Ten Topic: A10:2017 - Insufficient Logging and Monitoring - John DiLeo (@gr4ybeard)
Technical Discussion: Weaving OWASP Tools into Your AppSec Programme - John DiLeo
Location: Grid/AKL John Lysaght Building (101 Pakenham Street West, Auckland CBD)
Time: 6:30 p.m.

Monday, 6 April: Wellington Meetup

Presentation: Introduction to OWASP JuiceShop - Nick Malcolm (@nickmalcolm, LinkedIn)
Location: Online Event
Time: 6:00 p.m.

Introduction to OWASP JuiceShop
Abstract:

OWASP Juice Shop 101 (YouTube)

From the Juice Shop website: “OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!”

JuiceShop Project Page (OWASP.org)

We hope that you are keeping safe, and that this topic might inspire you to try out the Juice Shop and search for vulnerabilities.

Tuesday, 10 March: Auckland Meetup

Top Ten Topic: A7:2017 - Cross-Site Scripting (XSS) - John DiLeo Technical Discussion: “Ask Me Anything” about OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

Wednesday-Friday, 19-21 February: Eleventh OWASP New Zealand Day

OWASP New Zealand Day 2020 - University of Auckland Business School

• One-day conference, with three tracks, on Friday, 21 February
• Pre-Conference Training, Wednesday and Thursday, 19-20 February - Nine classes presented

Monday, 10 February: Wellington Meetup

Presentation: Introduction to the OWASP Top Ten - Kirk Jackson
Location: RedShield (Level 12/79 Boulcott Street, Wellington Central)
Video: YouTube Recording
Slides: PDF, 1.2mb

2019

Tuesday, 10 December: Auckland Meetup

Secure Coding Tournament: Hosted by Jeanette Gill, Secure Code Warrior
Location: Orion Health (181 Grafton Road, Grafton)

Tuesday, 8 October: Auckland Meetup

Top Ten Topic: A6:2017 - Security Misconfiguration - Led by James Ting-Edwards
Presentation: What’s In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
Event Sponsor and Host: Middleware NZ Venue Host: Simon White
Location: Middleware NZ (104 Quay Street, Auckland CBD)

Wednesday, 25 September: Christchurch Meetup

Secure Coding Tournament
Location: Catalyst IT Limited (Level 1, 284 Kilmore Street, Christchurch Central)

Saturday/Sunday, 24-25 August: security.ac.nz Conference

<a href="https://security.ac.nz></a>

OWASP NZ is proud to invite you to our first security.ac.nz event. Details are available on the event website.
Registration: FREE
Location: Maclaurin Lecture Theatres, Victoria University of Wellington

Tuesday, 13 August: Auckland Meetup

Top Ten Topic: A9:2017 - Using Components with Known Vulnerabilities - John DiLeo Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)

Saturday, 10 August: OWASP Training Day-Auckland

Class Offered: Threat Modelling: From none to done - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)

Tuesday, 11 June: Auckland Meetup

Top Ten Topic: A5:2017 - Broken Access Control - John DiLeo
Presentation: My Recent Adventures at OWASP Conferences - John DiLeo (@gr4ybeard)
Event Sponsor and Host: Robert Walters Location: Robert Walters (Level 9/22 Fanshawe Street, Auckland CBD)

Tuesday, 9 April: Auckland Meetup

Top Ten Topic: A4:2017 - XML External Entities (XXE) - John DiLeo (@gr4ybeard)
Open Discussion: What do we want to do this year?
Location: Orion Health (181 Grafton Road, Grafton)

Monday, 25 March: Wellington Meetup

Technical Presentation: Safety First - Simon Erkelens (@Firesphere)
Location: Aura Information Security (Level 2/117 Lambton Quay, Wellington Central)

The internet is a dangerous place, but what can you as a developer or (project) manager do to make it that little bit safer? A high level overview of best practices and practical advise you can give to clients, colleagues and users to make the Internet a bit safer, as well as a few in-depth insights. HTTPS, Passwords, and Social engineering, and more will be discussed.

Thursday/Friday, 21-22 February: Tenth OWASP New Zealand Day

OWASP New Zealand Day 2019 - University of Auckland Business School

• One-day conference, with two tracks, on Friday, 22 February
• Pre-Conference Training, Thursday, 21 February - Three classes offered

2018

Tuesday, 11 December: Auckland Meetup

Top Ten Topic: A2:2017 - Broken Authentication - John DiLeo
Technical Topic: Some Thoughts on Threat Modelling - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)

Monday, 29 October: Wellington Meetup

Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
Video: https://www.youtube.com/watch?v=lAkw24tClvQ

Tuesday, 9 October: Auckland Meetup

Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
Event Sponsor and Host: Cornerstone On-Demand
Location: Cornerstone On-Demand (Level 1/29 Union Street, Auckland CBD)

Wednesday, 26 September: Christchurch Meetup

Presentation: A Senior in a Junior’s World - Toni James, Orion Health (@_tonijames)
Location: Catalyst IT Limited (Level 1/284 Kilmore Street, Christchurch Central)

Monday, 27 August: Wellington Meetup

Presentation: Developer’s guide to Deserialization Attack - Felix Shi
Video: https://www.youtube.com/watch?v=Gi-Pk255Jyw

Tuesday, 14 August: Auckland Meetup

Top Ten Topic: A3:2017 - Sensitive Data Exposure - John DiLeo (@gr4ybeard)
Presentation: Web Application Penetration Testing Demo - Shofe Miraz (@shmi012)
Location: Orion Health (181 Grafton Road, Grafton)

Tuesday, 12 June: Auckland Meetup

Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards (@nullary)
Event Sponsor and Host: InternetNZ
Location: InternetNZ (62 Victoria Street West, Auckland CBD)

Monday, 11 June: Wellington Meetup

Presentation: What are certificates? - Matt Cotterell (@mattcotterellnz

Tuesday, 10 April: Auckland Meetup

Top Ten Topic: A1:2017 - Injection - John DiLeo
Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo (@gr4ybeard)
Location: Orion Health (181 Grafton Road, Grafton)

Wednesday, 28 March: Christchurch Meetup

Presentation: CERT NZ
Event Sponsor: Catalyst

Monday, 26 February: Wellington Meetup

Presentation: CERT NZ - Who are we? How are websites getting hacked in real life? - Declan Ingram
Video: https://www.youtube.com/watch?v=WhYh-eUqxIA

Sunday/Monday, 4-5 February: Ninth OWASP New Zealand Day

OWASP New Zealand Day 2018 - University of Auckland Business School

• One-day conference, with two tracks, on Monday, 5 February
• Pre-Conference Training, Sunday, 4 February - One class offered

2017

2 October: Wellington Meetup

Presentation: Same-origin policy: The core of web security - Kirk Jackson
Video: https://www.youtube.com/watch?v=5wFCRANIbdc

27 September: Christchurch Meetup

Presentation: Securing your data (your business) using SQL Server 2016 - Anupama Natarajan
Event Sponsor: Catalyst

31 July: Wellington Meetup

Presentation: What is Cross-Site Request Forgery? - Vales Bakaitis
Video: https://www.youtube.com/watch?v=G1aLGaMqnm0

28 June: Christchurch Meetup

Web Developer Quiz Night
Prepared and Conducted By: Kim Carter
Details on binarymist.io
Event Sponsor: Catalyst

29 May: Wellington Meetup

Presentation: Developer’s Guide to Preventing XSS - Felix Shi
Video: https://www.youtube.com/watch?v=0J5Rpf3nNjU

19 - 20 April: Eighth OWASP New Zealand Day

OWASP New Zealand Day 2017 - University of Auckland Business School

• One-day conference, with two tracks, on Thursday, 20 April - FREE Registration
• Pre-Conference Training, Wednesday, 19 April - Half-day and full-day classes offered

29 March: Christchurch Meetup

Presentation: PHP Hurts Programmers (and other tales) - Keith Humm (@spronkey)
Slides: On Speaker Deck
Event Sponsor: Catalyst

27 February: Wellington Meetup

Presentation: Building the ultimate login and signup - Matt Cotterell
Video: https://www.youtube.com/watch?v=E25KxLKwY-M
Location: Wellington

2016

29 November: Wellington Meetup

Presentation: OWASP Top Ten - Developing Secure Web Apps (PHP-Flavoured) - Kirk Jackson
Video: https://www.youtube.com/watch?v=7u08zCz9viU
Event Co-Hosts: PHP UserGroup Wellington

10 October: Wellington Meetup

Presentation: Introduction to Ruby on Rails security - Tim Goddard
Video: https://www.youtube.com/watch?v=Hez1QYc9yo8
Event Sponsor: Insomnia Security Specialists

28 September: Christchurch Meetup

Presentation and Demo: Applying Cold War Learnings to our Daily OPSEC - Chris Campbell (@phage_nz) DeadDrop: https://deaddrop.jadeworld.com/
Github Repo: https://github.com/phage-nz/deaddrop
Event Sponsors: Catalyst and BinaryMist

29 August: Wellington Meetup

Presentation: Mobile App Security: Introduction to the OWASP Mobile Top 10 - Mike Haworth
Video: https://www.youtube.com/watch?v=SbXO6wNvOM4

29 June: Christchurch Meetup

Presentation and Demo: Security Regression Testing with ZapAPI and NodeGoat - Kim Carter (@binarymist)
Teaser Video: https://youtu.be/DrwXUOJWMoo
Github Repo: https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API
Source Material: Kim’s Book, Holistic InfoSec for Web Developers
Event Sponsors: [Catalyst](http://www.catalyst.net.nz/ and BinaryMist

27 June: Wellington Meetup

Presentation: Introduction to Using a Web Application Firewall (WAF) - Graeme Neilson Video: https://www.youtube.com/watch?v=iAPFf9Iqwos
Event Sponsor: RedShield

30 March: Christchurch Meetup

Presentation: Discussion of Qubes OS - Craig Rowland
Event Sponsors: Dimension Data and BinaryMist

3-4 February: Seventh OWASP New Zealand Day

OWASP New Zealand Day 2016 - University of Auckland School of Commerce

• One-day conference, with two tracks in the afternoon, on Thursday, 4 February - FREE Registration
• Pre-Conference Training, Wednesday, 3 February - One class offered

2015

25 November: Christchurch Meetup

Presentation: UAC, Governance, and Managing the External Infosec Audit - Drewe Hinkley
Event Sponsors: Dimension Data and BinaryMist

30 September: Christchurch Meetup

Presentations:

• The Exploited and the Exploiters: Case Study of a Real Cyber Hack - Salinda Lekamge
• Live Demo’s from Holistic InfoSec for Web Developers - Kim Carter (@binarymist)

24 June: Christchurch Meetup

Presentation: Does Your Cloud Solution Look Like a Mushroom? - Kim Carter (@binarymist)
Event Sponsors: Dimension Data and BinaryMist

25 March: Christchurch Meetup

Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations - Rob Gilmour, Senior Software Engineer, Technical Support, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist

26-27 February: Sixth OWASP New Zealand Day

OWASP New Zealand Day 2015 - University of Auckland Engineering Department

• One-day conference, with two tracks in the afternoon, on Friday, 27 February - FREE Registration
• Pre-Conference Training, Thursday, 26 February - One class offered

2014

26 November: Christchurch Meetup

Workshop: SSL/TLS Review, SSL Stripping Demo, and Mitigation Techniques - Kevin Alcock (@kevinnz), Katipo Security
Event Sponsors: Dimension Data and BinaryMist

25 September: Christchurch Meetup

Workshop: Review, Exploit, and Learn from the Vulnerable Web App - Chris Campbell, Jade Software Corporation Ltd.
Event Sponsors: Dimension Data and BinaryMist

24 July: Wellington Meetup

Workshop: Web App Security Workshop - Adrian Hayes Event Sponsor: Dimension Data

2013

19 December: Chapter Meetup

Presentation: Extending Burp with Python (PowerPoint Slide Deck) - Mike Haworth, Aura Information Security
Locations: Dimension Data offices in Auckland, Christchurch, and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint

11-12 September: Fifth OWASP New Zealand Day

OWASP New Zealand Day 2013 - University of Auckland Business School

• One-day conference, with two tracks in the afternoon, on Thursday, 12 September - FREE Registration
• Pre-Conference Training, Wednesday, 11 September - Two classes offered

22 May: Chapter Meetup

Presentations:

• Secure by Design - Simon Burson
• The New OWASP Top 10 - Adrian Hayes

Locations: Dimension Data offices in Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint

2012

30-31 August: Fourth OWASP New Zealand Day

OWASP New Zealand Day 2012 - University of Auckland Business School

• One-day conference, with two tracks in the afternoon, on Friday, 31 August - FREE Registration
• Pre-Conference Training, Thursday, 30 August - Two classes offered

8 May: Chapter Meetup

Presentation: An Overview and introduction to modern day BeEF (Slides) - Mark Piper, Insomnia Security Specialists
Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint

28 February: Chapter Meetup

Presentations:

• Introduction to the OWASP Top Ten - Part 3 (Slides) - Adrian Hayes, Security-Assessment.com
• Mistaken Identity: How Not To Build A Password Reset Process (Slides) - Nick Freeman, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint

2011

6 December: Chapter Meetup

Presentations:

• Introduction to the OWASP Top Ten - Part 2 (Slides) - Adrian Hayes, Security-Assessment.com
• Hardened Hosting (Slides) - Quintin Russ, SiteHost

Locations: Auckland and Wellington
Event Sponsors: Security-Assessment.com and Touchpoint

20 September: Chapter Meetup

Presentations:

• Introduction to the OWASP Top Ten - Part 1 (Slides) - Nick Freeman, Security-Assessment.com
• Clickjacking for Shells (Slides) - Andrew Horton, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

7 July: Third OWASP New Zealand Day

OWASP New Zealand Day 2011 - University of Auckland Business School

• One-day, single-track conference on Thursday, 7 July - FREE Registration
• Concurrent Training on Thursday - Two classes offered

2 March: Chapter Meetup

Presentations:

• Crazy Insecure Web Apps Google Didn’t Tell You About - Adrian Hayes, Security-Assessment.com
• I know what you did last summer: The latest from the world of web hacks (Slides) - Kirk Jackson, Aura Software Security

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

2010

15 July: Second OWASP New Zealand Day

OWASP New Zealand Day 2010 - University of Auckland Business School

• One-day, single-track conference - FREE Registration

4 March: Chapter Meetup

Presentation: MS-SQL Injections - Scott Bell, Security-Assessment.com Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

2009

10 November: Chapter Meetup

Presentations:

• Testing AMF/Flex - Nick Freeman, Security-Assessment.com
• “Shared Ownership,” from a web security perspective - Quintin Russ, Site Host

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

13 July: OWASP New Zealand Day

OWASP New Zealand Day 2009 - University of Auckland

• One-day, single-track conference - FREE Registration

19 March: Chapter Meetup

Presentations:

• ActiveXploitation in 2009 (Slides) - Paul Craig, Security-Assessment.com
• Reversing JavaScript (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com

2008

5 November: Chapter Meetup

Presentations:

• Common Application Flaws (Slides) - Brett Moore, Insomnia Security
• In your Browser, Jackin your Clicks - Beau Butler, Security-Assessment.com
• Opera Stored Cross Site Scripting - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Vodafone New Zealand and Security-Assessment.com

3 September: Chapter Meetup

Presentations:

• Browser Security (Slides) - Roberto Suggi Liverani, Security-Assessment.com
• Time-Based Blind SQL Injections (Slides) - Muhaimin Dzulfakar, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsors: Microsoft and Security-Assessment.com

25 June: Chapter Meetup

Presentations:

• Fuzz the Web - Dean Jerkovich, ASB
• Hacking The World With Flash Part #2: The Results - Paul Crag, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

29 April: Chapter Meetup

Presentations:

• Hacking The World With Flash (Slides) - Paul Craig, Security-Assessment.com
• Web Spam Techniques (Slides) - Roberto Suggi Liverani, Security-Assessment.com

Locations: Auckland and Wellington
Event Sponsor: Security-Assessment.com

21 February: Auckland Meetup

Presentation: Xpath Injection - An Overview (Slides) - Roberto Suggi Liverani, Security-assessment.com
Event Sponsor: Veda Advantage

2007

5 December: Aucland Meetup

Presentations:

• Ajax Security (Slides) - Roberto Suggi Liverani, Security-assessment.com
• On-the-job Browser Exploitation - Mark Piper, Security-assessment.com

Event Sponsor: Veda Advantage

22 May: Auckland Meetup

Presentation: OWASP in New Zealand - Roberto Suggi Liverani and Antonio Spera
Event Sponsor: Veda Advantage

January and April

Events held in Auckland, sponsored by Veda Advantage (Acquired by Equifax in February 2016)

Activities

OWASP New Zealand members actively participate in various OWASP activities. Listed below are highlights of activities undertaken by OWASP NZ members.

2020

• For 2020, the OWASP New Zealand Day conference, 19-21 February, expands to include three concurrent tracks in the one-day main conference, and two days of pre-conference training featuring nine classes. A total of 13 sponsors sign on to support the event.

2019

• John DiLeo attended the OWASP SAMM Project Summit, November 2019, in Dublin
• John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the [https://security.org.nz/about-nzsa/nzisf/ NZISF] in Auckland
• John DiLeo attended the [https://open-security-summit.org/ Open Security Summit], June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
• John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at [https://telaviv.appsecglobal.org/ Global AppSec-Tel Aviv] in May 2019
• John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

• John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the [https://2018.open-security-summit.org/ Open Security Summit] in the UK, in June 2018
• John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
• John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
• John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
• Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
• Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018

2017

• Kim Carter ran a [http://www.meetup.com/owaspnycmetro/events/228716474/ workshop] at the NYC chapter

2016

• Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.

2014

• Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014

2013

• Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
• Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
• Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader

2009

• Roberto Suggi Liverani spoke at OWASP AppSec Asia 2009 conference, 17-18 November
• Roberto Suggi Liverani and Nick Freeman spoke at Defcon 17, 31 July - 1 August
• OWASP NZ Day 2009 - [http://wiki.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Presentations online]
• Roberto Suggi Liverani and Nick Freeman spoke at EUSecWest 09, 27-28 May
• Brett Moore spoke at [http://www.owasp.org/index.php/OWASP_AU_Conference_2009 OWASP AU Conference] (26-27 February), presenting “Vulnerabilities In Action.”
• Roberto Suggi Liverani contributed to the [http://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide v3]

2008

• Mark Piper took his “On the job browser exploitation” talk to the [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference OWASP_Australia_AppSec_2008_Conference].

Older

• Rob Munro was appointed as OWASP Evangelist