OWASP New Zealand Day 2012

2012-09-12T03:26:51Z

Nick Freeman:

__NOTOC__
<center>'''OWASP New Zealand Day 2012 30th and 31st August 2012 - Auckland'''

[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 https://www.owasp.org/images/a/ad/Owaspnz2012logo.png] 
</center>
----

= Introduction =
==Introduction==
We are proud to announce the fourth annual OWASP New Zealand Day conference, to be held at the University of Auckland on Friday August 31st, 2012. OWASP New Zealand Day is a one-day conference dedicated to web application security, with an emphasis on secure development techniques to help Kiwi developers build more secure applications.

Based on feedback from last year, the structure of the conference will be slightly different this time.

* We will be offering training on the day before the conference (Thursday August 30th) rather than at the same time as the conference.
* After lunch on the conference day, we will split to two tracks - one focused on deep technical topics, the other on policy, compliance and risk management.

The fourth OWASP New Zealand Day will be happening thanks to the support provided by the University of Auckland School of Business, which will kindly offer the same conference venue of the last three years. Entry to the event will, as in the past, be free.

For any comments, feedback or observations, please don't hesitate to contact [mailto:nick.freeman@owasp.org?cc=adrian.hayes@owasp.org us]. 

==Registration==

<center>Registrations are now closed.</center>

==Important dates==

* CFP & CFT closes: 22nd July 2012 [ CLOSED ]
* Conference Agenda due: 30th July 2012 [ CLOSED ]
* Conference Registration deadline: 20th August 2012 [ CLOSED ]
* Training Registration deadline: 27th August 2012 [ CLOSED ]
* Training Day date: 30th August 2012
* Conference Day date: 31st August 2012

==Conference Venue==

The University of Auckland Business School 
Owen G Glenn Building 
Room: OGGB 260-073 (OGGB4) 
Address: 12 Grafton Road 
Auckland 
New Zealand 
[http://maps.google.com/maps?oe=UTF-8&ie=UTF8&q=auckland+business+school&fb=1&split=1&cid=0,0,12303692579639430581&ei=6WeqSZr_OZLFkAWR--zbDQ&ll=-36.852308,174.770916&spn=0.01056,0.020621&z=16&iwloc=A Map] 
<center>[[Image:Auckland_business_school_small2.jpg]] [[Image:Room_hall.jpg]]</center>

==Conference Sponsors==
<table width="100%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td valign="bottom" width="50%"><center>[http://www.auckland.ac.nz/ https://www.owasp.org/images/8/82/University_of_Auckland_crest_small.png]</center></td>
<td valign="bottom" width="50%"><center>[http://www.security.org.nz/NZISF_NZISForumContent.php https://www.owasp.org/images/5/5a/Nz_information_security_forum.png]</center></td>
</tr>
<tr>
<td valign="top" width="50%"><center>ICT and Department of Information Systems and Operations Management</center></td>
<td valign="top" width="50%"> </td>
</tr>
</table>
----

'''Gold Sponsors:'''
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><center>[http://www.security-assessment.com https://www.owasp.org/images/4/41/SA_Logo_w_DD.gif]</center></td>
<td> </td>
<td> </td>
<td><center>[[File:F5aura-small.jpg|center|350px|link=http://www.aurainfosec.com/]]</center></td>
</tr>
<tr>
<td><center>[http://www.security-assessment.com www.security-assessment.com]</center></td>
<td> </td>
<td> </td>
<td><center>[http://www.aurasoftwaresecurity.co.nz Aura Information Security in partnership with F5 Networks]</center></td>
</tr>
</table>
----
 
'''Silver Sponsors:'''
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><center>[[File:INSOMNIA.PNG|center|200px|link=http://www.insomniasec.com]]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.insomniasec.com/ www.insomniasec.com]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.lateralsecurity.com/ https://www.owasp.org/images/f/f4/Lateral_security.jpeg]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.lateralsecurity.com/ www.lateralsecurity.com]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[[File:webdrive_logo.jpg|center|200px|link=]]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.webdrive.co.nz/ www.webdrive.co.nz]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>

==Conference Committee==

* Nick Freeman - OWASP New Zealand Leader (Auckland)
* Adrian Hayes - OWASP New Zealand Leader (Wellington)
* Lech Janczewski - Associate Professor - University of Auckland School of Business

Please direct all enquiries to nick.freeman@owasp.org and adrian.hayes@owasp.org.

= Training =
==Training==

===Test-Driven Security===
-----
Abstract

The purpose of this training is to introduce and demonstrate some
application of test-driven security. Based on a ruby application, we
are going to see how developers and testers can quickly improve and
ensure the security of an application by asking themselves some simple
questions and by checking simple things in their test cases.

Trainer: Louis Nyffenegger - PentesterLab

Louis is a security consultant working in Melbourne for Securus
Global. He focus on web application security and presented to Ruxcon,
Owasp and Auscert. In his spare, he works on 2 side projects:
pentesterlab (a training web site) and pntstr (an easy web to run the
first round of an interview).

[https://pentesterlab.com/ PentesterLab.com]

Trainee Requiements

* Laptop
* Some virtualisation software able to run an ISO. I.e. VirtualBox or VMWare.
* A basic Ruby understanding

Time: 9am till 12pm, 30th August 2012

Cost: $250.00

[https://www.regonline.com/owaspnzday2012 Register here!]

===Teaching the Good-Guys Bad-Tricks - OWASP Top 10 in real-life===
-----
Abstract

"I'm taught and I forget, I do and I remember" is particularly true with web-security.
At this session you will have web-security and insecurity clearly explained and we'll walk through clear examples.
But not only will you learn the OWASP Top 10 but you will also hand-craft your own attacks.
In our fully functional hack-lab websites you will have a variety of hack challenges from hacking into other users' accounts, stealing credit cards and killing websites!
But wait, there's more! We'll also cover techniques you need to employ to defend these attacks.

Trainer: Andy Prow - Aura

Andy Prow is an IT Security Consultant, Trainer and software developer who founded Aura back in 2001. With 18 years in the IT industry Andy has developed code for IBM, Vodafone, Telecom and Microsoft. Andy presents around the world at conferences including Microsoft's TechEd.

[http://www.aurainfosec.com/ AuraInfoSec.com]

Trainee Requiements

* Laptop
* A working browser and the [http://portswigger.net/burp/ Burp Suite] free edition installed.

Time: 9am till 5pm, 30th August 2012

Cost: $500.00

[https://www.regonline.com/owaspnzday2012 Register here!]

= Presentations - UPDATED =
==Conference Schedule / Presentations==
<center>
31st August 2012
<table width="80%">
<tr>
<td width="7%" valign="top">08:30</td>
<td colspan="2" style="background-color: #8595C2">Registration</td>
</tr>

<tr>
<td width="7%" valign="top">09:00</td>
<td colspan="2" style="background-color: #EEE; text-align: center">
Welcome to OWASP New Zealand Day 2012 
Adrian Hayes and Nick Freeman (OWASP Leaders) Lech Janczewski - The University of Auckland Business School
</td>
</tr>
<tr>
<td width="7%" valign="top">09:10</td>
<td colspan="2" style="background-color: #B9C2DC; text-align: center">
[https://www.owasp.org/images/0/01/OWASPNZ2012_AdamB.pdf How do I get into Security? I'm a webdev! (An introduction to in2securITy) (pdf)] 
Adam Bell - in2securITy
</td>
</tr>
<tr>
<td width="7%" valign="top">09:25</td>
<td colspan="2" style="background-color: #EEE; text-align: center">
[https://www.owasp.org/images/1/1c/OWASPNZ2012_BrittaO_LauraB.pdf Blindsided by Security - The Reality of Web Security for the Visually Impaired (pdf)] 
Laura Bell - Lateral Security and Britta Offergeld - Royal New Zealand Foundation of the Blind
</td>
</tr>
<tr>
<td width="7%" valign="top">10:00</td>
<td colspan="2" style="background-color: #B9C2DC; text-align: center">
Internet Junk 
Quintin Russ - SiteHost
</td>
</tr>

<tr>
<td width="7%" valign="top">10:30</td>
<td colspan="2" style="background-color: #D98B66; text-align: center">
Break for Morning Tea 
</td>
</tr>

<tr>
<td width="7%" valign="top">11:00</td>
<td colspan="2" style="background-color: #EEE; text-align: center">
[http://www.slideshare.net/fmarier/owaspnzday2012 Defeating Cross-Site Scripting with Content Security Policy (external link)] 
Francois Marier - Mozilla
</td>
</tr>
<tr>
<td width="7%" valign="top">11:20</td>
<td colspan="2" style="background-color: #B9C2DC; text-align: center">
[https://www.owasp.org/images/7/7f/OWASPNZ2012_DenisA.pdf The Dos and Don'ts of Web Application Frameworks (pdf)] 
Denis Andzakovic - Security-Assessment.com
</td>
</tr>
<tr>
<td width="7%" valign="top">11:50</td>
<td colspan="2" style="background-color: #EEE; text-align: center">
[https://www.owasp.org/images/8/81/OWASPNZ2012_AndyP_SamP.pdf Web Application Firewalls - Going where no WAFs have gone before... (pdf)] 
Sam Pickles - F5, and Andy Prow - Aura
</td>
</tr>

<tr>
<td width="7%" valign="top">12:30</td>
<td colspan="2" style="background-color: #D98B66; text-align: center">
Break for Lunch 
</td>
</tr>

<tr>
<td width="7%" valign="top">13:45</td>
<td style="background-color: #B9C2DC; text-align: center">
[https://www.owasp.org/images/e/ed/OWASPNZ2012_NickVD.pdf Mobile NFC 101 (pdf)] 
Nick von Dadelszen - Lateral Security
</td>
<td style="background-color: #B9C2DC; text-align: center">
[https://www.owasp.org/images/e/e3/OWASPNZ2012_AndrewK.pdf Comply or Die Trying (pdf)] 
Andrew Kelly
</td>
</tr>
<tr>
<td width="7%" valign="top">14:45</td>
<td rowspan="2" style="background-color: #EEE; text-align: center">
[https://www.owasp.org/images/a/a9/OWASPNZ2012_KirkJ_MikeH.pdf Going Down to the Wire (pdf)] 
Kirk Jackson - Xero and Mike Haworth - Aura
</td>
<td style="background-color: #EEE; text-align: center">
[https://www.owasp.org/images/d/d3/OWASPNZ2012_BrettM.pdf Increasing The Value of Penetration Testing (pdf)] 
Brett Moore- Insomnia Security
</td>
</tr>
<tr>
<td width="7%" valign="top">15:30</td>

<td style="background-color: #B9C2DC; text-align: center">
[https://www.owasp.org/images/8/85/OWASPNZ2012_DeanC_ShahnH.pdf An (Unofficial) OWASP Top 10 for Managers (pdf)] 
Dean Carter and Shahn Harris - Lateral Security
</td>
</tr>

<tr>
<td width="7%" valign="top">16:00</td>
<td colspan="2" style="background-color: #D98B66; text-align: center">
Break for Afternoon Tea 
</td>
</tr>

<tr>
<td width="7%" valign="top">16:30</td>
<td colspan="2" style="background-color: #EEE; text-align: center">
Discussion Panel and Wrap-up 

</td>
</tr>

</table>
</center>

= Speakers List=
==Speakers List==

===Adam Bell - in2securITy - How do I get into Security? I'm a webdev! (An introduction to in2securITy)===
----
Abstract

A brief introduction to in2securITy, it's aims and goals. A particular focus on the availability of mentoring, peers and the secure development stream.

Speaker Bio

Adam Bell is a security consultant with two years experience in the security industry backed by a further seven years experience in other IT industries. In this time he has worked for both local and national governments in network defence roles as well as working in more generalised system administration, programming, and (the dreaded) service centre. He currently works for Lateral Security and is the Network Defence writer for in2security.

===Andrew Kelly - Comply or Die Trying===
----
Abstract

We all have to comply with something: Laws or bylaws - regulations or recommendations - industry standards or industry best-practice. This OWASP talk will focus on the 'real-world' application of security policy and compliance in IT and business. How policy and compliance can actually be very useful when it comes to securing your job, your company - and your company's future. Both from an IT - and a business/commercial prospective. And - along the way - some common myths, misconceptions and downright misunderstandings around policy and compliance may well be busted. Come and listen to a guy who actually thinks compliance and policy ... are fun!

Speaker Bio

Andrew brings 27 years IT experience to OWASP - 24 of them in IT Security - and 13 of those spent in the UK and Europe (okay ... Belgium).
Now despite starting out as a mainframe uber-tech - Andrew's recognised today as being a 'pragmatic' subject-matter expert on corporate information security policy, compliance and governance. Andrew created his first BS 7799-compliant security policy - for a credit card
provider - in Cardiff back in 1999. Since then he's done much the same for the a number of security consultancies (NZ and UK),
Fonterra, Transpower and Telecom (NZ) - and BT, Deutsche Bank, Lloyds/TSB Bank and Legal & General Assurance (UK) - amongst many others.

===Andy Prow and Sam Pickles - Aura and F5 - Web Application Firewalls - Going where no WAFs have gone before...===
----
Abstract

So we all know that WAFs (web application firewalls) are not the silver bullet they're often sold as. Many of us in the pen-testing space completely discount their value as dumb signature based systems that are bypassed with a flurry of keystrokes and encoding. BUT WAFs are getting MUCH smarter, and you may be really interested to see what a really intelligent WAF can do today. Ever thought a WAF could stop attacks against business logic flaws and broken authorisation?

Speaker Bio

Andy Prow is an IT Security Consultant, Trainer and software developer who founded Aura back in 2001. With 18 years in the IT industry Andy has developed code for IBM, Vodafone, Telecom and Microsoft. Andy presents around the world at conferences including Microsoft's TechEd

Sam Pickles is a senior engineer and security specialist with F5 Networks. During over twelve years of security industry experience, Sam has designed and built IT security systems; and conducted network, application and hardware penetration testing in many countries. Sam studied Physics at the University of Otago, and Computer Science at the University of Oxford; and has presented at events including ISIG, First Tuesday, OWASP and AusCERT.

===Brett Moore - Insomnia Security - Increasing The Value of Penetration Testing===
----
Abstract

Penetration testing has become fairy accepted now as part of the requirements of any new project. Is it really part of a company's security practices, or is it just a tick in the box? This presentation will examine how effective this is for organisations and how it can best be used to increase the usefulness from this type of work.

* What is, and what isn't penetration testing
* How cost effective is this method as a security measure?
* How should it fit into the software development lifecycle of any application or network?
* what you should look for in a company doing this work
* what part of the work can you do yourselves

Speaker Bio

Having conducted vulnerability assessments, network reviews, and penetration tests for the majority of the large companies in New Zealand, Insomnia founder Brett Moore brings with him over ten years experience in information security. During this time, Brett has also worked with companies such as SUN Microsystems, Skype Limited and Microsoft Corporation by reporting and helping to fix security vulnerabilities in their products. Brett has released numerous whitepapers and technical postings related to security issues and has spoken at security conferences both locally and overseas, including BlackHat, Defcon, Syscan, Kiwicon, Ruxcon, and the invitation only Microsoft internal security conference called BlueHat.

===Dean Carter and Shahn Harris - Lateral Security - An (Unofficial) OWASP Top 10 for Managers===
----
Abstract

The OWASP Top 10 Web Application Security Risks has done a fantastic job
at a technical level.

Dean and Shahn have decided to turn their attention to the layer above
and create a Top 10 for Managers.

10 things to assist Managers in ensuring that their web application
projects are delivered in a secure, measurable, repeatable manner.

Oh… and they don’t cost a lot….

=== Denis Andzakovic - Security-Assessment.com - The Dos and Don'ts of Web Application Frameworks ===
----
Abstract

"Don't roll your own" has been common advice over the past decade;
however even when heeding these words, insecure practices and common
mistakes lead to glaring security holes. This talk will cover some of
the common errors made when implementing applcations based around web
frameworks, where to look for vulnerabilities and how to avoid them.

Speaker Bio

Denis is a Security Consultant for Security-Assessment.com, a security
consultancy based in Auckland, Wellington, and Singapore.

===Francois Marier - Mozilla - Defeating Cross-Site Scripting with Content Security Policy===
----
Abstract

Cross-site scripting vulnerabilities are very common in web applications. They have been in the OWASP top 10 for a while and are routinely used by attackers.

There are simple guidelines that one can follow to prevent XSS bugs and most of the web frameworks out there offer some level of protection but at the end of the day, it's easy to make a mistake.

Content Security Policy adds another layer to a website's defenses: browser-enforced restrictions against external resources or unauthorized scripting. An extra response header instructs browsers to enforce a policy set by the server administrator.

Speaker Bio

Francois is a software engineer on the Mozilla Identity team where he
works on Persona, the new decentralized authentication system for the
open web. A long time Debian developer, Francois has been involved in Open Source
and web development for a while and has always had a strong interest in
security.

===Kirk Jackson and Mike Haworth - Xero and Aura - Going Down to the Wire===
----
Abstract

You've built the flashiest web app your cow-orkers have ever seen.
Your boss loves you, and nominates you for a promotion next financial
year. You've leveraged the latest hip web framework, and have jaxed
your ajax to the max.

But have you done everything you can to make your application secure?
Are you perhaps, in fact, doing a little _too much_?

A common issue we've come across in the past few years is applications
that share too much information over the wire, or trust too much of
what they receive. In this talk we'll look at some common pitfalls and
techniques to counter them in modern web applications.

Let's go down to the wire.

Speaker Bio

Kirk works at Xero as a Security Architect, co-hosts the Wellington .NET user group, and is a Microsoft Developer Security MVP. He has previous experience in building and penetration testing large web applications.

Mike has previously spoken at OWASP and Kiwicon. He is a contributor to the BeEF project and spends his days pentesting for Aura Information Security.

===Laura Bell - Lateral Security and Britta Offergeld – Royal New Zealand Foundation of the Blind - Blindsided by Security - The Reality of Web Security for the Visually Impaired===
----
Abstract

Digital self-defence is now seen as a valuable life skill. As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. Even the least technical home users are becoming more confident in spotting suspicious behaviour online. Unfortunately, for the visually impaired, it’s not that simple. In a world where visual clues are not enough and where additional technologies such as screen readers are business as usual – web security is a very different matter.

Lateral Security and The Royal New Zealand Foundation of the Blind will examine the guidance and security best practice commonly in use for web applications today and how effective they are for those with visual impairments. In a talk that mixes real world examples, demonstrations and discussion from both a usability and security perspective, we aim to not only outline the issues but also suggest some solutions.

===Nick von Dadelszen - Lateral Security - Mobile NFC 101===
----
Abstract

This talk is designed to provide a detailed understanding of NFC on mobile phones and security considerations associated with the technology.

The participants should leave the presentation with an understanding of the technology behind NFC on mobile phones and how it interacts. They should obtain an understanding of the security considerations for NFC on Mobile and how it differs from standard NFC implementations.

The agenda for the talk will be the following:
- Introduce the audience to NFC
- Discuss the current state of NFC on mobile phones
- Analyse the technology involved and how this is used to develop NFC applications
- Discuss the security considerations of NFC on mobile devices

Speaker Bio

Nick von Dadelszen is the technical director at Lateral Security. Nick has been performing professional pen testing for over 12 years and has managed several successful penetration testing teams. He has worked with the majority of large corporates and Government agencies in New Zealand and is a regular presenter at OWASP and kiwicon conferences.

===Quintin Russ - SiteHost - Internet Junk===
----
Abstract

Junk, we all have it. Some have more, a lot more ... Whether you have accepted your Trademe addiction or are still in denial we all have a problem. Just like Space we are filling up the Internet with junk. What happens to our websites when we are finished with them? How are they closed? Are they ever closed? This talk will look at what sort of junk is left behind and how this can be used to attack your organisation. We will cover the issues with real world examples and time allowing, discuss simple steps to help overcome your Trademe addiction should you have one.

Speaker Bio

Quintin has carved out his own niche in the .nz hosting industry, having spent a large proportion of the last few years becoming an expert in both building and defending systems. He now runs enough infrastructure to ensure he never, ever gets a good night's sleep, and sometimes doesn't even get to snooze through Sunday mornings. Quintin has a keen interest in security, especially as it relates to web hosting. This has ranged from the vicissitudes of shared hosting to code reviews of popular blogging applications. He has previously presented at ISIG, OWASP & Kiwicon.

= Call For Sponsorships =
==Call For Sponsorships==

As mentioned above, OWASP New Zealand Day 2012 will be held in Auckland on the 31st of August, 2012. OWASP New Zealand Day is a security conference entirely dedicated to web application security. The conference is once again being hosted by the University of Auckland with their support and assistance. OWASP New Zealand Day 2012 is a free event, but requires sponsor support to help be an instructive and quality event for the New Zealand community. OWASP is strictly non for profit. The sponsorship money will be used to help make OWASP New Zealand Day 2012 a free, compelling and valuable experience for the audience.

The sponsorship funds collected are to be used for things such as:

* Refreshments (coffee break/lunch) - we want to keep people refreshed during the day; while we certainly bring good and interesting speakers, we don't want people to go home when they become hungry.
* Name tags - we feel that getting to know people within the New Zealand community is important, and name tags make that possible.
* Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
* Printed Materials - printed materials will include brochures, tags and lanyards.

== Facts ==

Last year, the event was supported by 5 sponsors and attracted more than 200 participants. Plenty of constructive (and positive!) feedback from the audience was received and we are using this to make the conference more appealing to more people. For more information on last year's event, please visit: https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011

The OWASP New Zealand community is strong and there are more than 220 people currently subscribed to the mailing-list. OWASP New Zealand Day is expected to attract between 200 and 250 attendees this year.

OWASP regular attendees are IT project managers, IT security managers, IT security consultants, web application architects and developers, QA managers, QA testers and system administrators.

== Sponsorships ==

There are three different levels of sponsorships for the OWASP Day event:

* Support Sponsorship: (Covering international speaker travel expenses, media coverage/article/promotion of the event)

Includes:

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012

* Silver Sponsorship: 1500 NZD

Includes:

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 
- The publication of the sponsor logo in the event site, in the agenda, on the flyers, brochure and in all the official communications with the attendees at the conference. 
- The possibility to distribute the company brochures, CDs or other materials to the participants during the event. 

* Gold Sponsorship: 2750 or 3500 NZD (see below)

Includes:

- The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference. 
- The possibility to distribute the company brochures, CDs or other materials to the participants during the event. 
- Publication of the sponsor logo on the OWASP New Zealand Chapter page 
- Sponsor logo on the OWASP NZ site prior and during the OWASP Day event - https://www.owasp.org/index.php/New_Zealand 
- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 
- Sponsor dedicated space at the conference (sponsor booth) to show products/services to the attendees during coffee breaks, lunch and snack breaks. If a booth is not required, the Gold Sponsorship fee is 2750 NZD instead of 3500 NZD. 

Those who are interested in sponsoring OWASP New Zealand 2012 Conference can contact the [mailto:nick.freeman@owasp.org?cc=adrian.hayes@owasp.org OWASP New Zealand Board]. 

= Conference Dates =
==Conference Dates==

Please find below important dates for the conference:

* CFP & CFT closes: 22nd July 2012 [CLOSED]
* Conference Agenda due: 30th July 2012
* Conference Registration deadline: 20th August 2012
* Training Registration deadline: 20th August 2012
* Training Day date: 30th August 2012
* Conference Day date: 31st August 2012

= Conference Committee =
==OWASP New Zealand Day 2012 Organising Committee==

* Nick Freeman - OWASP New Zealand Leader (Auckland)
* Adrian Hayes - OWASP New Zealand Leader (Wellington)
* Lech Janczewski - Associate Professor - University of Auckland School of Business

<headertabs/>

[[Category:OWASP AppSec Conference]]

OWASP New Zealand Day 2012

2012-09-12T03:24:36Z

2012-07-24T20:51:35Z

Nick Freeman:

OWASP New Zealand Day 2012

2012-07-18T21:14:44Z

Nick Freeman:

OWASP New Zealand Day 2012

2012-07-17T21:41:48Z

Nick Freeman:

OWASP New Zealand Day 2012

2012-06-28T22:02:48Z

Nick Freeman:

New Zealand

2012-06-28T21:30:42Z

Nick Freeman:

{{Chapter Template|chaptername=New_Zealand|extra=The chapter leaders are [mailto:nick.freeman@owasp.org Nick Freeman] and [mailto:scott.bell@owasp.org Scott Bell] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newzealand|emailarchives=http://lists.owasp.org/pipermail/owasp-newzealand}}

[[Category:OWASP Chapter]]
== Upcoming Event ==

== '''2012''' ==

; 31st August 2012
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 https://www.owasp.org/images/a/ad/Owaspnz2012logo.png]
: '''Co-Sponsor:''' [http://www.auckland.ac.nz/ The University of Auckland], [http://www.insomniasec.com Insomnia Security]
: '''Location:''' Auckland
: '''Event site:''' [[OWASP_New_Zealand_Day_2012|OWASP New Zealand Day 2012]]

== Past Events ==

== '''2012''' ==

; 8th May 2012
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' [https://www.owasp.org/images/e/e0/Owasp2012-MarkPiper.pdf An Overview and introduction to modern day BeEF]
: '''Presented By:''' Mark Piper, Insomnia Security

; 28th February 2012
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' [https://www.owasp.org/images/2/27/OWASP_Top_10-7_to_10-aj.pdf Introduction to the OWASP Top Ten - Part 3]
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
: '''Presentation:''' [https://www.owasp.org/images/0/08/OWASP-Mistaken_Identity-Password_Reset-nickf.pdf Mistaken Identity: How Not To Build A Password Reset Process]
: '''Presented By:''' Nick Freeman, Senior Security Consultant (Security-Assessment.com)

== '''2011''' ==


; 6th December 2011
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' [https://www.owasp.org/images/6/6d/OWASP_NZ-DEC2011-OWASP_Top_10-4_to_6.pdf Introduction to the OWASP Top Ten - Part 2]
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
: '''Presentation:''' [https://www.owasp.org/images/1/15/OWASP_NZ-DEC2011-Hardened_Hosting.pdf Hardened Hosting]
: '''Presented By:''' Quintin Russ, Technical Director (SiteHost)

; 20th September 2011
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' [https://www.owasp.org/images/c/cf/OWASP_NZ_SEP2011_TOP-10_1-of-3.pdf Introduction to the OWASP Top Ten - Part 1]
: '''Presented By:''' Nick Freeman, Security Consultant (Security-Assessment.com)
: '''Presentation:''' [https://www.owasp.org/images/3/31/OWASP_NZ_SEP2011_Clickjacking-for-shells_PDF-version.pdf Clickjacking for Shells]
: '''Presented By:''' Andrew Horton, Security Consultant (Security-Assessment.com)

; 7th July 2011
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011 https://www.owasp.org/images/0/05/OWASP_NZ_Day_2011_Logo.png]
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.auckland.ac.nz/ The University of Auckland]
: '''Location:''' Auckland
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011#tab=Speakers Download]
: '''Event site:''' [[OWASP_New_Zealand_Day_2011|OWASP New Zealand Day 2011]]

; 2nd March 2011
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' Crazy Insecure Web Apps Google Didn't Tell You About..
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
: '''Presentation:''' [http://www.owasp.org/images/5/5e/2011-03-02-OWASP.pdf I know what you did last summer: The latest from the world of web hacks]
: '''Presented By:''' Kirk Jackson, Security Consultant (Aura Software Security)

== '''2010''' ==



; 15th July 2010
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2010 http://www.owasp.org/images/a/a7/Owasp_nz_day_2010.jpg]
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.lateralsecurity.com Lateral Security], [http://www.auckland.ac.nz/ The University of Auckland]
: '''Location:''' Auckland
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2010#tab=Presentations Download]
: '''Event site:''' [[OWASP_New_Zealand_Day_2010|OWASP New Zealand Day 2010]]

; 4th March 2010
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' MS-SQL Injections.
: '''Presented By:''' Scott Bell, Security Consultant (Security-Assessment.com)

== '''2009''' ==



; 10th November 2009
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' Testing AMF/Flex.
: '''Presented By:''' Nick Freeman, Security Consultant (Security-Assessment.com)
: '''Presentation:''' "Shared Ownership", from a web security perspective.
: '''Presented By:''' Quintin Russ, Technical Director (Site Host)

; 13th July 2009
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009 https://www.owasp.org/images/8/85/Owasp_nz_logo.jpg]
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.lateralsecurity.com Lateral Security], [http://www.auckland.ac.nz/ The University of Auckland]
: '''Location:''' Auckland
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Download]
: '''Event site:''' [[OWASP_New_Zealand_Day_2009|OWASP New Zealand Day 2009]]

; 19th March 2009
: '''Co-Sponsor:''' [http://www.vodafone.co.nz Vodafone New Zealand] and [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "[http://www.owasp.org/index.php/Image:ActiveXploitation_In_2009.pptx ActiveXploitation in 2009]"
: '''Presented By:''' Paul Craig, Principal Security Consultant (Security-Assessment.com)
: '''Presentation:''' "[http://www.owasp.org/index.php/Image:OWASP_Mar09_Reversing_JavaScript.zip Reversing JavaScript]"
: '''Presented By:''' Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)
<hr>

== '''2008''' ==


; 5th November 2008
: '''Co-Sponsor:''' [http://www.vodafone.co.nz Vodafone New Zealand] and [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Common_Application_Flaws.ppt Common Application Flaws]"
: '''Presented By:''' Brett Moore, Network Intrusion Specialist (Insomnia Security)
: '''Presentation:''' "In your Browser, Jackin your Clicks"
: '''Presented By:''' Beau Butler, Security Consultant (Security-Assessment.com)
: '''Presentation:''' "Opera Stored Cross Site Scripting"
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)

; 3rd September 2008
: '''Co-Sponsor:''' [http://www.microsoft.com/en/nz/default.aspx Microsoft] and [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Browser_security.ppt Browser Security]"
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Time_Based_SQL_Injections.ppt Time based blind SQL Injections]"
: '''Presented By:''' Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)

; 25th June 2008
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "Fuzz the Web"
: '''Presented By:''' Dean Jerkovich, Security Analyst (ASB)
: '''Presentation:''' "Hacking The World With Flash Part #2: The Results"
: '''Presented By:''' Paul Crag, Principal Security Consultant (Security-Assessment.com)

; 29th April 2008
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Hacking_The_World_With_Flash.ppt Hacking The World With Flash]"
: '''Presented By:''' Paul Craig, Principal Security Consultant (Security-Assessment.com)
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Web_spam_techniques.ppt Web Spam Techniques] - also available in [http://malerisch.net/docs/web_spam_techniques/web_spam_techniques.html HTML] format"
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)

; 21st February 2008
: '''Co-Sponsor:''' [http://www.vedaadvantage.com/home/home_default.aspx Veda Advantage]
: '''Locations:''' Auckland
: '''Presentation:''' "[http://www.owasp.org/index.php/Image:Xpath_Injection.ppt Xpath Injection - An Overview]"
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-assessment.com)

<hr>

== '''2007''' ==


; 5th December 2007
: '''Co-Sponsor:''' [http://www.vedaadvantage.com/home/home_default.aspx Veda Advantage]
: '''Locations:''' Auckland
: '''Presentation:''' "[http://malerisch.net/docs/ajax_security/Ajax_security.ppt Ajax Security]"
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
: '''Presentation:''' "On the job browser exploitation"
: '''Presented By:''' Mark Piper, Senior Security Consultant (Security-assessment.com)

; 22nd May 2007
: '''Co-Sponsor:''' [http://www.vedaadvantage.com/home/home_default.aspx Veda Advantage]
: '''Press Release:''' [http://www.vedaadvantage.com/vantage/news_in_brief_and_events/host_nz_owasp_meeting.aspx VedaAdvantage.com]
: '''Locations:''' Auckland
: '''Presentation:''' "OWASP in New Zealand"
: '''Presented By:''' Roberto Suggi Liverani / Antonio Spera

; April 2007
: '''Co-Sponsor:''' [http://www.vedaadvantage.com/home/home_default.aspx Veda Advantage]
: '''Locations:''' Auckland

; January 2007
: '''Co-Sponsor:''' [http://www.vedaadvantage.com/home/home_default.aspx Veda Advantage]
: '''Locations:''' Auckland

== Activities ==

OWASP New Zealand members actively participate in various OWASP activities. The following are some recent activities undertaken by OWASP NZ members:

* Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
* Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
* Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
* Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
* OWASP NZ Day 2009 - [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Presentations online]
* Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
* Brett Moore will be speaking at [http://www.owasp.org/index.php/OWASP_AU_Conference_2009 OWASP AU Conference] about "Vulnerabilities In Action".
* Roberto Suggi Liverani contributed to the [http://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide v3].
* Mark Piper took his "On the job browser exploitation" talk to the [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference OWASP_Australia_AppSec_2008_Conference].
* Rob Munro has been appointed as OWASP Evangelist
* OWASP NZ has audio/video conference capability between Auckland and Wellington

== OWASP NZ Members ==

We are always looking for additional board members to evangelise the OWASP mission help with meetings, projects and initiatives as we all know it takes time/effort to run a chapter. Please contact us if you are interested to join the NZ OWASP board member or for any queries related to OWASP NZ.

<ul>
*NZ Board Member (Leader - Auckland) [mailto:nick.freeman(at)owasp.org Nick Freeman] 021 424 777
*NZ Board Member (Leader - Wellington) [mailto:scott.bell(at)owasp.org Scott Bell] 021 776 410
</ul>

The chapter mailing address is: 
Security-Assessment.com 
Level 1 - Building 2 
12-16 Nicholls Lane, Parnell, Auckland 1010 
 

== Chapter Sponsors ==

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><center>[http://www.security-assessment.com https://www.owasp.org/images/a/a4/Security-assessment_com.jpeg]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.security-assessment.com www.security-assessment.com]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.touchpoint.co.nz https://www.owasp.org/images/d/d8/Touchpoint.jpg]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><center>[http://www.touchpoint.co.nz www.touchpoint.co.nz]</center></td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>

OWASP New Zealand Day 2012

2012-06-26T19:34:44Z

Nick Freeman:

File:INSOMNIA.PNG

2012-06-26T19:33:54Z

Nick Freeman:

2012-06-14T01:03:43Z

Nick Freeman:

OWASP New Zealand Day 2012

2012-06-11T15:35:32Z

Nick Freeman: Created page with "TBA"

TBA