OWASP Sydney


Welcome to the OWASP Sydney Chapter home page!

The OWASP Sydney Chapter was active in 2019 and is being rebooted in 2020. We organise local events throughout the year.

The chapter leaders are Ric Campo, Jack Gifford, and Sherry Liu.

Our Goals

We aim to bring together people from research, academia and industry to motivate, and empower others to pursue a career in cybersecurity. By raising awareness against discrimination within the workforce, we work towards increasing diversity and equality in cybersecurity.

We are committed to helping discover the next generation of cybersecurity talent. We aim to offer mentorship programs to educate those new to cybersecurity, and provide talks from industry professionals to showcase all cybersecurity has to offer.

We want to help you connect with like-minded individuals. Whether you are new to cybersecurity or a seasoned veteran, our goal is to build a community where everyone can openly discuss and explore current issues in cybersecurity, employment opportunities and more. By providing networking opportunities, we want everyone to get involved in the community and establish relationships with new people.

No cybersecurity summit would be complete without CTF events! We aim to hold an annual end of year competition where participants compete for a shot at glory and a cash prize.

Upcoming Events

Event: Unprotect Project: The Malware Evasion Technique Database
Date: 4th May 2022
Link: https://www.meetup.com/OWASP-Sydney-Chapter/events/285183712/

Event: Fun with Hack The Box
Date: The 2nd Thursday night of every month
Link: https://www.meetup.com/OWASP-Sydney-Chapter/events/

Follow us on our socials to stay updated, we are on MeetUp, LinkedIn, Facebook, and Discord.

Interested In Speaking?

We are always open to speakers who want to present a talk that aligns with our Chapter goals. If you are interested, please email your proposed topic, abstract, and brief speaker bio to Ric Campo.

OWASP Statement on Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Past Events

Past event recordings will be uploaded to our YouTube channel: https://www.youtube.com/channel/UCKx3H-oNkly9cwKRpFziCag?view_as=subscriber


Date: 30th March 2022

Our Annual General Meeting where we share with you all our plans for the upcoming year, as well as recapping our activities from 2021.


- Chair Welcome & Introduction
- 2021 Summary Presentation & Financial Statement
- 2022 Schedule
- Member Feedback
- Action Items
- Open Floor

Zero Trust Model - A Swiss Knife for API Risk Management

Date: 15th February 2022

Dr Baljeet Malhotra provides an overview of an API Governance framework for effective API Risk Management. This framework is inspired by the Zero Trust model that enterprises can use as a “Swiss Knife” for reducing their API related risks. He also highlights best practices and hands-on examples for API Risk Management.


Dr Baljeet Malhotra
Dr Baljeet Malhotra is an award-winning researcher known for his work in Open Source and API Data Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He currently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.

Application Security Scaling & Security Champion

Date: 14th December 2021

Special guest Abhijeth Dugginapeddi shares his experiences in running the Security Champion program in two large companies and the lessons he has learnt from them.


Abhijeth Dugginapeddi
Abhijeth Dugginapeddi is the Head of AppSec, Adjunct Professor, and Mentor. He is a security enthusiast in the fields of Penetration Testing and Application/Mobile/Infrastructure Security. He believes in the need for more security awareness and free responsible disclosures. He has found a few vulnerabilities with Google, Yahoo, Facebook, Microsoft, eBay, Dropbox, etc. He has previously presented at Defcon, Blackhat, OWASP AppSec USA, c0c0n, Secure-2018 Poland, CISO Summit, and several other events.

Interview Tips & Tricks

Date: 19th October 2021

Mon Siv wants to help you become more confident in yourself when you next interview for a job, whether it’s in cybersecurity or in any other industry. His tips and tricks will ensure you establish the right skills to understand the interview process, what’s expected of yourself, and how to be ready to smash your goals.


Mon Siv
Mon Siv has spent 15 years working in the recruitment industry, recently moving to a new role with Fortian to help build and mature their internal recruitment function on their growth journey. He has also worked in the agency world, specialising in the cybersecurity domain, helping candidates at various levels navigate through the recruitment process to secure their next role on their career path.

Continuous Security - Building Security Into Your Pipelines

Date: 17th August 2021

The lines between what constitutes infrastructure and what constitutes our application are becoming increasingly blurred in the era of continuous delivery and cloud-native. Vandana Verma goes through the problem space, the types of security challenges we need to think about, and where the integration points are for incorporating security into our CI/CD process.


Vandana Verma
Vandana is a Security Relations leader at Snyk with a current focus on DevSecOps. In her previous experience, she has dealt with Application Security, Vulnerability Management, SOC, Infrastructure Security and Cloud Security.

Stranger Danger: Helping Developers Discover Vulns

Date: 26th July 2021

Developer Steve presents a sample application, Goof, to demonstrate how developers inadvertently let vulnerabilities in without realising it. He also looks at how to educate developers into embracing the shift-left approach.

Threat Modelling 101 + 1

Date: 18th May 2021

Special guest Abhijeth Dugginapeddi demonstrates technical and non-technical approaches to understanding threat modelling so that everyone, even with varying levels of skill will be able to participate and deepen their knowledge.


Abhijeth Dugginapeddi
Abhi currently Heads a security team at BigCommerce, Lectures at UNSW and Mentors Strobes a Security orchestration startup. He also spoke at several international conferences like Defcon, Blackhat, OWASP AppSec USA and B-sides. Abhijeth is also an active researcher and has found vulns in major tech companies like Google, Facebook, Yahoo and eBay. He is also interested in Digital Marketing, Product Design and Growth Hacking.

Fight Club Feb

Date: 21st April 2021

Our every second-month CTF where we let you unleash your most brutal attacks! Check out the Fight Club Leaderboard for the running scoreboard!

Bridging The Cybersecurity Skill Gap

Date: 25th March 2021

Researcher and educator Yenni Tim addresses the need for stronger collaboration between higher education and the industry, and how collaboration leads to a successful outcome in both students beginning their career and organisations hunting for talent.


Yenni Tim
Yenni Tim is an educator and researcher at UNSW’s School of Information Systems and Technology Management. She believes in career-focused education and is committed to working with students to develop the skills sets they need to enter a rapidly changing digital environment. Yenni’s research focuses on digital resilience, with her work including the design and use of technology for pandemics and disaster response, and the building of cyber resilience amidst persistent security threats.

Fight Club Feb

Date: 17th February 2021

Our every second-month CTF where we let you unleash your most brutal attacks! Check out the Fight Club Leaderboard for the running scoreboard!

Jingleton Hack for Beginners 2020

Date: 21st December, 2020 - 4th January, 2021

Our annual Christmas web application security CTF for beginners. Check out the Jingleton leaderboard for the final scores!

How To Become A Security Specialist

Date: 21st October, 2020

Special guest speakers Ricki Burke and Lukasz Gogolkiewicz discuss some of the challenges of getting into the security job market and overcoming them to land your first role in the field.


Ricki Burke
Ricki is heavily involved in the infosec community and is one of Australia’s leading cyber security recruiters. He is the founder of CyberSec People, where him and his team support organisations in hiring skilled infosec professionals.

Lukasz Gogolkiewicz
Lukasz is a highly proficient security professional who heads up Corporate Security at SEEK. He has worked with some of the world largest banks and financial organisations, has worked with federal, state and local governments, presented at and organised a number security conferences, and helps mentor the next generation of security professionals.

OWASP ASVS V.4 for Startup Founders and Developers

Date: 22nd May, 2019

A short talk on the OWASP Application Security Verification Standard (ASVS) project and an opportunity to meet and get to know the local community. The primary purpose of the OWASP ASVS project is to standardise web application security verification by providing a basis for testing web application security controls and providing developers with a list of requirements for secure development.


Hemi Gur-Ary
A cybersecurity expert with an extensive application and cloud security experience gained as a security manager in the finance and startup industries in Israel. Hemi Gur-Ary specialises in security architecture, engineering and operations management.

Fight Club leaderboard

See our running leaderboard below!

Jingleton Hack For Beginners Leaderboard 2020

Introduction Video: https://www.youtube.com/watch?v=kQ3J87KOM9Y
Closing Video: https://www.youtube.com/watch?v=rQr2SwGXZrM


The Offensive Labs training content is based on real world experiences and examples. All courses are comprehensive and highly hands-on. Our vision is to provide quality online training at an affordable price and make it an enjoyable experience

Find cybersecurity related resources here!

Web Security Testing Guide Checklist

OWASP Vulnerability Management Guide

PyGoat - Vulnerable Web Application

Markdown Cheatsheet