OWASP Sacramento


Welcome to the Sacramento OWASP. We are a group of Security, Networking, Technology, Computer, you name it advocates here to share, teach, and learn.


The best way to find our events is to look on Meetup.com. Be sure to join so that you can be notified of new events.

Upcoming Meeting:


The best way to get in touch is Slack.

  1. Go to this link.
  2. Register with your e-mail address.
  3. When in the Slack, find our channel in the channel list, or simply type: /join #chapter-sacramento


The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the [speaker agreement]and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and on Slack @#chapter-sacramento. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Past Events

June 2023

june23meetup In person meeting at Grantie City Coworking in Folsom. This month’s meeting was an interactive threat modeling session. Slides Source

May 2023

may23meetup In person meeting at Granite City Coworking in Folsom. This month’s meeting was a community dicussion, and a continuations into this month’s presentation “Modern Phishing with EvilGinx2 (and 3)”.
Slides Source

April 2023

In person meeting at Granite City Coworking in Folsom. This month’s meeting was a community dicussion, and a teaser into next month’s presentation “Modern Phishing with EvilGinx2”.
Slides Source Slides PDF

March 2022

No presentation/topic this month, it’s just happy hour at Out of Bounds in Folsom!

February 2022

Welcome to the first meetup of 2022!
This month’s presentation is a mock Red Team engagement within an insecurely configure TeamCity continuous integration environment.
Slides Source
Slides PDF

October 2021

The holidays are fast approaching. This month we’re hosting a virtual happy hour to get together and hangout before we’re all busy with family and frineds. Come chat with us about the chapter, security in general, and let’s get to know one another a bit better.

August 2021

Slides Source
Slides PDF
This month Ryan Kozak presents a high leve overview of the Empire post-exploitation framework.

July 2021

Slides Source
Demo Repo
This month Joubin Jabbari covers AWS Security.

March 20201

Slide Desck
This month our presentation is on API security with Adam Fisher.

January 2021

January Meetup Slides Source
Slides PDF
This month Joubin Jabbari covers threat modeling with ThreatSpec, as well as OWASP’s WebGoat project.

March 2020

March Meetup
Slide Deck
This month we covered a simple intro into Threat Modeling. And we conducted this meetup remotely due to the COVID-19 situation.

February 2020

February Meetup
Slide Deck

This month we discussed how a tool like BeEF can reveal the true potential of what Cross Site Scripting (XSS) can lead to. BeEF can be used to leverage the exploitability of the browser to send payloads to unsuspecting victims. Being aware of these attacks and how they work can help developers better prepare and defend against them.

January 2020

January Meetup
Slide Deck

BSides SF is fast approaching! Who’s going?

This month we talked about a number of modern web security patterns. Like how to add Subresource Integrity (SRI) checking to your external resources. Ways you can enable Content Security Policies (CSP) and reporting on CSPs. What to expect from Expect Certificate Transparency (Expect-CT) and Certificate Authorization Authorities (CAAs). Then we wrapped it up with how to set up a security.txt on your site with the securitytxt proposal. There’s also a generator found at https://securitytxt.org

October 2019

Kick off Meetup

Come join us for the inaugural event of the Sacramento OWASP Chapter. We have so much AppSec, NetSec, and InfoSec talent in the Sacramento area that it’s time we form a community for us to share our thoughts, experiences, and best practices.

The Sacramento OWASP chapter has been dormant for a while and it’s time to give it a jump start. This will be our first official meeting. Come by, say hello, put a face to a name, and maybe let us know what you’re interested in learning or even contributing!

Please RSVP by October 15th so we can accommodate seating, snacks, and drinks.