OWASP Sofia Chapter

This is the page of the OWASP Sofia Chapter. An OWASP Chapter is like a user group. We do events, discuss topics.

If you’d like to be a part of our community, want to do a talk or sponsor us, check out the about page.

All our resources are located here.

Upcoming Events

Check our Upcoming Meetup Events:

Past Events

XSS Attacks and Defenses


OWASP Sofia chapter presents Dimitar Boyanov from Progress. In this session Dimitar will talk about XSS Attacks:

Attackers have weapons but defenders have strong armor. XSS is one of the most popular and dangerous attacks for web applications. All XSS types will be explained and defenses in-depth will be presented.

Dimitar Boyanov is a web developer with more than 15 years of experience. Leading developer and one of the founders of Sitefinity Security Team in Progress. Author of many defenses part of the leading CMS.

Level: Mid/Advanced Web Programming

Meeting details: Mihail is inviting you to a scheduled Zoom meeting.

Topic: OWASP Sofia presents XSS Attacks and Defenses by Dimitar Boyanov Time: Apr 27, 07:00 PM Sofia

Svetlin Nakov - Compromising Modern Online Banking Apps through Hijacking Android Devices


(The talk will be in Bulgarian)

Live Demo: Compromising Modern Online Banking Apps through Hijacking Android Devices

In this talk Dr. Svetlin Nakov will explain and demonstrate how easily a 10-years old child can gain full control over modern European online banking apps, through hijacking an Android mobile phone, using trivial remote administration tools and screen recording apps from the official Android app store. The speaker will demonstrate why online banking should not rely for the multi-factor authentication on a single connected device. Finally, the speaker will give recommendations for fixing the security in online banking systems.

Dr. Svetlin Nakov (https://nakov.com) is a passionate software engineer, inspirational technical trainer and tech entrepreneur, with 20 years of experience in a broad range of programming languages, software technologies and platforms, applied cryptography and cybersecurity. He is an author of the “Practical Cryptography for Developers” book (https://cryptobook.nakov.com). Svetlin is co-founder of several highly successful tech startups and non-profit organizations. Currently, he is innovation and inspiration manager at SoftUni (https://softuni.org) - the largest tech education provider in South-Eastern Europe.

Atanas Pashov - Pros & Cons of Penetration Testing (June 27th, 2019)


In this session you will learn what is penetration testing. What are the objectives and benefits of it and at what cost. You will also learn why some vulnerabilities may not be ever discovered by automated tools. You will see only real life examples from real penetration tests, no theory, no set-ups, no fictious vulnerabilities, nothing discovered by somebody else that you can find somewhere else.

Atanas is a cloud security penetration tester at SAP LAB Bulgaria. He has more than 10 years experience in information security working in various position as an infosec manager, security officer and network and firewall administrator for huge enterprise companies in different industries like banking, service providers, pharmaceuticals and software development. He is keen on pentesting especially in infrastructure and web application perspective.

Venue, food by ESI CEE

Beer by STY

Presentation, No Video

Pictures, attendance, comments: Meetup event

Session: Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)


A real-world pentester talks about OSINT - Open Source Intelligence - the exploration of various techniques and tools for one of the most important parts of every penetration test - the information gathering.

Angel Bochev is Offensive Security Certified Professional (OSCP) since 2016; is a CTF player; has 12+ years of networking/sysadmin experience; currently working in the InfoSec team at PROS.

Venue, beer and food by Paysafe.

Presentation, Video

Pictures, attendance, comments: Meetup event


All the presentations that we’re allowed to share are here.


All the videos that we’re allowed to share are here.


We have a Linkedin group.

We’re one of the youngest chapters. Since we’re the first in Bulgaria, we expect to grow quickly.

Join our community?

Currently we use Meetup as a place to talk about owasp related stuff.

If there’s critical mass of people, we might set up a slack channel.

Share your conference room?

Are you a local company that would like to share your conference room for an event? Please contact us.

Attendance is still small. The ballpark figure is 20-30 people.

Do a talk?

Do you have an interesting topic and would like to share? If you’re interested in speaking or would like to share your expertise, please contact us.

Keep in mind that our meetings are still small and very welcoming so there’s no pressure if you want to speak for a first time or feel unsure on the topic.

Are a company that would like to sponsor us? We use the money to buy food/beer or pay for travel/accomodation expenses when we invite non-local speakers.

Please contact us.

The background is a traditional Bulgarian embroidery called Шевица or more concretely Елбетица.


Symbolizes harmony. The two crosses depict the four cardinal directions and their combinations (N, S, E, W, NW, NE, SW, SE) that meet in a “strong” center. The second meaning is that the cross depicts the four weather seasons common in Bulgaria.

Sofia chapter logo designed by Desi.