OWASP Tunisia

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Follow chapter news on Facebook , Linkedin, Youtube and Meetup We schedule our meetings on the Meetup

NEXT EVENT -Co-organizer: OWASP Algiers chapter!- I[OT]Security 25th October 2024 at 7pm UTC+1 on OWASP Tunisia youtube

Previous EVENT - 5 September 2024 at 3pm UTC+1

Topic: “GraphQL Vulnerabilities in the Wild: A Hands-On Workshop with OWASP TOP 10 Insights”

Speaker: Antoine Carossio, Co-founder & CTO of Escape

PAST EVENT- 26 April 2024 8 pm (UTC+1) !!

Topic: AI: The New Attack Surface and Strategies for Securing It

Speaker: Jeff Crume. IBM Distinguished Engineer and Master Inventor with more than 40 years’ experience in the IT industry.

Scheduled via Meetup

PAST EVENT- 23 March 2024 11h30 (GMT+1) !! Scheduled via Meetup https://www.meetup.com/fr-FR/owasp-tunis-meetup-group/events/

Topic: Safeguarding your software supply chain: A deep Dive into SCA With OWASP Dependency Check

Speaker: Aymen Touzi. Cybersecurity and Devops Expert. Sofrecom Tunisia

https://www.meetup.com/fr-FR/owasp-tunis-meetup-group/events/299907061/

PAST EVENT- 1 September 2023 7PM(GMT+1) !! Scheduled via Meetup https://www.meetup.com/fr-FR/owasp-tunis-meetup-group/events/

Workshops on

  • “Exploring LLM Vulnerabilities with OWASP TOP 10 for LLMs” by Alyssa Berriche : Lead Cyber Threat Intelligence Analyst.
  • “Code Red: Deciphering the Depths of Active Directory Security” by Foued saidi: Technical Director @Securinets ISI Club. Top HacktheBox Tunisia, Top60 HacktheBox WorldWide

Previous EVENT- 28 April 2023 7PM(GMT+1) Workshop on Small Coding Mistakes , Big Security Risks

Speaker: Mohamed Adib Boukthir View Youtube Video

–>

Our meetings are open to the public, and you do not need to be a member to attend. Please do consider joining OWASP if you find our community, projects, and meetings valuable, or sponsoring this chapter.

Meeting Supporters

The following is the list of organisations who have generously provided us with space for OWASP Tunisia chapter meetings. Thank you for your contribution.

The following is the list of organisations/Foundations who have generously help us to communicate about OWASP projects and OWASP Tunisia chapter activities. Thank you for your contribution.

Among our PAST EVENTS (See PASTEVENTS)!

Mobile app Pentest and Security

OUR Speaker ! Ahmed Abdallah, Senior Solutions Architect and Cyber Security Consultant. OWASP Dubai Chapter Leader

Securing Mobile Apps with the OWASP MASVS Standard. Our Journey to v2.0. [NEW NEW!!]

With our Honorable Guest ! Carlos Holguera Mobile security research engineer. NowSecure . Project Leader @OWASP Mobile Security Project

Join us via https://www.meetup.com/fr-FR/owasp-tunis-meetup-group/events/286694349/

OWASP Tunisia Chapter Local Meeting at NACS (National Agency of Computer Security)20 October 2021!

View the video on our Youtube Channel

Hands-On - Static Analysis Security Testing (SAST) in CI/CD - 20 May 2021 at 8 PM UTC+1

OUR GUEST: Raouf Mnif -Devops Architect at Baaz

Raouf Mnif Spent 10 years developing the skills to increase velocity, reliability, and quality with a high focus on security. Good experience with AWS, Docker, Kubernetes, and ArgoCD, helping organizations instill Devops for the modern ag

Take your ticket Now and subscribe to our Meetup OWASP Tunis Group!

April/May 2021 - Common Project about Software Security Awarness with National Agency of Computer Security !

OWASP SAMM2 - Your Dynamic Software Security Journey - 29 January 2021 at 12pm CET

Take your ticket and subscribe to our Meetup OWASP Tunis Group!

Our Guest: Sebastien Deleersnyder

Sebastien Deleersnyder (https://twitter.com/sebadele) is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba also co-founded the yearly security & hacker BruCON conference and trainings in Belgium. With a background in development and many years of experience in security, he has trained countless developers to create software more securely. He has led OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he is adapting application security models to the evolving field of DevOps and is also focused on bringing Threat Modeling to a wider audience.

Description

OWASP Software Assurance Maturity Model (SAMM) enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organisation. In this talk, we give an overview of the new release of the SAMM model. After 10 years since its first conception, it was important to align it with today’s development practices. We will cover a number of topics in the talk: the core structure of the model, which was redesigned and extended to align with modern development practices, the measurement model which was setup to cover both coverage and quality and the new security practice streams where the SAMM activities are grouped in maturity levels. We will demonstrate the new SAMM2 toolbox to measure the maturity of an example development team and how you can create a roadmap of activities.

LAST ONLINE EVENT! Blockchain [for] Security - 5-12-20

Abstract

Blockchain is a disruptive technology proposing some security properties for various digital applications. But Blockchain has also its own challenges in terms of security……

“Blockchain as a security brick for software applications” by Sami Bel Hadj

Sami is Technical/Software Dev Manager with more than 18 years’ experience designing, developing and supporting software systems. Creative and dynamic Engineer with proven expertise in effectively leading technical teams. His professional strengths include extensive database technology expertise, team leadership and management, strong oral and written communication skills, and ability to achieve corporate objectives in challenging work environments. Sami is also professor of Blockchain technology / philosophy in several Tunisian universities. PDF

“Pen testing Blockchain Solutions (Ethereum Smart Contracts & Nodes)” By Alex Devassy

Alex is Cyber Security Professional, having 2+ years of rich and insightful exposure in Red Teaming, security consultancy along with cyber security training. Focused on Penetration testing of commercial off-the-shelf applications, Web Application, Web Service, Network PT including Active Directory, SAP, IOS, Blockchain and Salesforce applications using open source and commercial tools. Experienced in developing automation / malicious scripts in windows PowerShell, node js. Have been a part of the winning team at IIT Delhi, Open Innovation Blockchain Hackathon, conducted by Best of Block Inc.

“Secured Smart Contracts Development using SCSVS” by Damian Rusinek

Damian is Senior IT Security Specialist, since 2016 in SecuRing. Professionally responsible for web and mobile application audits and source code analysis. Software developer and analyst with over a decade of experience. Mainly focused on the cryptographic protocols, distributed ledger technologies and applications that use them.

Finished PhD at Warsaw University of Technology. Damian works as researcher at Maria Curie Sklodowska University in Lublin where his main topic of research are biocrypto and blockchain based protocols and applications. Author of several academic research papers and speaker at such conferences as Cryptography and Security Systems, International Science Conference on Computer Networks, Confidence, Confidence London, AppSec EU, InfoShare. Creator of Smart Contracts Security Verification Standard. PDF

Previous Event- Hands-on on Secure Programming & Secure Coding Standards 13-07-20

Subscribe/Follow us via our Youtube Channel!

Our Speaker - Azzeddine RAMRAMI

- IBM Security - Senior Security & Network Architect
- OWASP Morocco Chapter
- OWASP AppSec Africa President
- Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM
- Professor/instructor and an expert information security development with over 22 years of 
   experience in the security, secure coding, network and telecommunication arena.
- Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH

Hands-on Description

Generally, it is much less expensive to build secure software than to correct security issues after the software package has been completed, not to mention the costs that may be associated with a security breach. We will discuss how to embed security in the SDLC and how to design a secure application architecture.

The following areas will presented:

 1. Software Security and Risk Principles Overview
 2. Secure Coding Standards for Java, C/C++
 3. Secure Coding Practices Checklist
     - Input Validation
     - Output Encoding
     - Authentication and Password Management
     - Session Management
     - Access Control
     - Cryptographic Practices
     - Error Handling and Logging
     - Data Protection
     - Communication Security
     - System Configuration
     - Database Security
     - File Management
     - Memory Management
   4. General Coding Practices & Code Quality

Thanks

Thanks IEEE Tunisia Section !! to be among our valued partners.

and Thanks again to:

for helping us to further develop national software security awarness and extend our OWASP Tunisia community!

Speaking at OWASP Tunisia Chapter Events

If you would like to present a talk on Application Security at future OWASP Tunisia Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leader via e-mail: nihel.benyoussef (at) owasp.org Please mention in email’s subject : Tunisia Speaker request-your name

Event/meeting TICKETS!

All events/meetings are free to attend for both members and non-members of OWASP and are open to anyone interested in application security and cyber security. Please note that for our future events, you MUST REGISTER to book your place and get a ticket to be admitted to the event - your name will be checked against the guest list. Please note that generally the space are limited, so please only book tickets if you are able to attend!


Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


Past Events

2023-9-01 Online Workshops co-organized with SecuriNets association

  • “Exploring LLM Vulnerabilities with OWASP TOP 10 for LLMs”( Last version 26 August 2023) by

    OUR Speaker !

    Alyssa Berriche : Lead Cyber Threat Intelligence Analyst at Cimpress/Vistaprint.Former president of Securinets INSAT club

  • “Code Red: Deciphering the Depths of Active Directory Security”

OUR Speaker !

Foued saidi: Technical Director @Securinets ISI Club. Top HacktheBox Tunisia, Top60 HacktheBox WorldWide

View the video on our Youtube Channel

|

2023-4-28 Workshop- Small Coding Mistakes, Big Security Risks”

OUR Speaker !

Mohamed Adib Boukthir, Cyber Security Pentester,EY Tunisia

View the video on our Youtube Channel

| 2022-12-17 Workshop- Mobile app Pentest and Security

OUR Speaker !

Ahmed Abdallah, Senior Solutions Architect and Cyber Security Consultant. OWASP Dubai Chapter Leader

View the video on our Youtube Channel

2022-06-24 Workshop- Securing Mobile Apps with the OWASP MASVS Standard. Our Journey to v2.0

View the video on our Youtube Channel

OUR Speaker !

Carlos Holguera. Mobile security research engineer working. NowSecure Project Leader, OWASP Mobile Security Project

2022-3-2 OWASP Tunisia Local Meeting at National Agency of Computer Security View the video on our Youtube Channel

OUR Speakers!

Mondher Smii , Chef de service information Sharing & Analysis Center at ANSI(National Agnecy of computer Security)

Hajji Wajih , OWASP member, Lead cyber security engineer at Ernst and Young (EY)

Sofien Maatallah, Cyber-security Expert at National Agency of Computer Security, Head of computer security incident response team at (National Agnecy of computer Security)

Baha Baghdadi, Cyber security consultant and penetration tester at EY Tunisia,

2022-2-19 All about OWASP and OWASP top 10 2021 View the video on our Youtube Channel

OUR Speaker!

Vandana Verma - OWASP Board of Directors Chair, OWASP Bangalore chapter leader,Security Leader at Snyk

| |

2021-10-20 OWASP Tunisia Chapter Local Meeting at NACS (National Agency of Computer Security)! View the video on our Youtube Channel

OUR Speakers!

Abdelkader Ben Ali- cyber threat intelligence analyst @ODDO-BHF CSIRT. “Mapping OWASP TOP 10 2021 TO ATT&CK”

Ahmed Belkahla - Cyber Security Specialist at Yogosha, technical director at Securinets National Association. “Workshop on APIs Business Logic Flaws”

Alyssa Berriche -Lead Cyber Threat Analyst @ Cimpress, Instructor @ Cybrary. “Boosting Security Operations and Response using Orchestration and Automation”

2021-5-20 Hands-On - Static Analysis Security Testing (SAST) in CI/CD - 20 May 2021 at 8 PM UTC+1 View the video on our Youtube Channel

OUR GUEST:

Raouf Mnif -Devops Architect at Baaz

2021-1-29 OWASP SAMM2 - Your Dynamic Software Security Journey View the video on our Youtube Channel

Our Ghest:
  • Sebastien Deleersnyder is co-founder, CEO of Toreon, OWASP Belgium Chapter co-Leader, OWASP SAMM project co-leader

2020-12-5 Online Event- Blockchain [for] Security View the video on our Youtube Channel

Our Ghests:
  • Sami BelHadj. Senior Technical/Software Dev Manager at ODOO BHF and Blockchain professor
  • Damien Rusinek. Senior IT Security Specialist at Securing and PhD in biocrypto and blockchain based protocols and applications.
  • Alex Devassy. Security Analyst at EY and have been part of winning team at IIT Delhi, Open Innovation Blockchain Hackathon.

2020-07-13 Online Event- Hands-on on Secure Programming and Secure Coding Standards View the video on our Youtube Channel

Our Ghest:

Azzedine RAMRAMI. Senior Security & Network Architect-IBM Security. OWASP Morocco Chaper Leader OWASP Appsec Africa President

2020-05-23 Virtual Event- Presentation of OWASP Foundation and OWASP Tunisia Chapter and Hands on Pwing with OWASP Juice Shop View the video on our Youtube Channel

Our Ghest:

Wajih HAJJI. OWASP member. Cybersecurity and Multi Cloud Management Engineer. Ditriot Consulting

2020-01-16. Participation at 3rd edition of TT Security Day “Cybersécurité et Confiance numérique , clés de la transformation digitale”. Table ronde sur les challenges en sécurité des nouvelles tendances technologiques. Présentation des projets et publications OWASP autour de “Security and privacy by design”

| | 2019-11-16. Local OWASP Tunisia Chapter Meeting.Cercle des bureaux. Centre Urbain Nord. Tunis. Thanks for Axians Cybersecurity for Hosting the event

2019-04-14 Participation of OWASP Tunisia Chapter, SecuriDay2K19 Event : National Security Day. Privacy and Personal Data Protection. With SecuriNets Foundation . INSAT.Tunis.

2019-02-23 : Participation of OWASP Tunisia Chapter, “The art of DevSecOps” Event with SecuriNets Foundation: Presentation of OWASP DevSecOps projects.@ SecurinetsISI Acropolium de Carthage. Tunis. Speaker: Raouf Mnif DevOps Engineer, Futura Digital

2018-06-29 : OWASP Tunisia Chapter, Workshop on OWASP IOT PROJECT and Demo : Exploiting Command injection Vulnerability in firmware using Firmware analysis Tool, Firmadyne, binwalk) and OWASP ZAP : Carthage Cyber Arena CCA 2018 @Arena Lac (Guest Lecture). Speaker: Nihel Ben Youssef. OWASP Tunisia Chapter leader.

2018-03-08 : Workshop on Big DATA Security and OWASP NoSQL injection Demo: Hackathon BigDATA @FSJEG (Guest Lecture). Speaker: Nihel Ben Youssef. OWASP Tunisia Chapter leader.

*2018-03-03: Presentation of OWASP Foundation and OWASP Tunisia Chapter: Ebanking CyberSecurity Event organized by SECURINETS_ISI @Pôle El Ghazela (Guest Lecture)

2017-04-06 : Workshop: Introduction to the OWASP Top 10 Mobile Security Risks @ISET RADESBy Abdessabour Arous, Past OWASP Tunisia Chapter

2017-03-08: Workshop: Introduction to the OWASP Top 10 IoT Security Risks @SECURINETS ISI

2017-02-19 : OWASP Tunisia Chapter, “Project Zero” Project Meetup

2017-02-16: OWASP Tunisia Chapter contributed to the Rounde Table: “Table Ronde sur la sécurité de l’information” @UIT - Université Internatioanle de Tunis