This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ghana

From OWASP
Jump to: navigation, search

OWASP Ghana

Welcome to the Ghana chapter homepage. The chapter leaders are Ash Dastmalchi and Hassan Abudu. Follow chapter news on Twitter at http://twitter.com/OWASPGhana


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Chapter Sponsors

We are currently seeking OWASP Corporate Members who would like to aligned themselves with the Ghana chapter and therefore contribute funds to our chapter. Alternatively you can be a facility/venue sponsor or a refreshments sponsors. If Interested please get in touch with the Chapter leaders.

Meeting Sponsors

The following is the list of organisations who have generously provided us with space for OWASP Ghana chapter meetings:

    Ghana Tech Lab Department of Computer Science University of Ghana GIMPA School of Technology Linux Accra User Group Logo

Chapter Volunteers

Volunteering carries many benefits including meeting great people, learning new skills, and above all – fun! We appreciate the assistance that our volunteers provide to ensure our events run smoothly. If you would like to help out for few hours with administrative tasks on the day of events, please reach out via email or twitter. The following is the list of organisation(s) who have provided us volunteers:

    Ghana Volunteer Program

Stay in Touch

Meetup-button.png Follow-us-on-twitter.png Mailchimp Logo-Horizontal Black.png

Next Meeting/Event(s)

Chapter meetings are held several times a year, typically at a location provided by our current facility sponsor.

February/March 2020 (Exact date TBC and announced)

TICKETS:

This event will be free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security.

Register to attend this and our future events via meetup.com Or via eventbrite.com

Code of Conduct:

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://www.owasp.org/index.php/Governance/Conference_Policies

Speaking at OWASP Ghana Chapter Events

Call For Speakers

Call For Speakers is open - if you would like to present a 15-45 minute talk on Application / Cyber Security at future OWASP Ghana Chapter events - please review and agree with the OWASP Speaker Agreement and submit your talk/presentation via Google Forms

Google Forms.png

Please note that you can also pair up with a colleague and present a joint talk. Please ensure that your talk is objective, stresses open source approaches, and avoids references to any commercial offerings of your company. We are looking forward to your submissions

Speakers are prefered to use OWASP Presentation Template for submissions.

Past Events

Saturday 21st September 2019 10am-2pm

Location: Ghana Tech Lab, Accra Digital Lab, Ring Road West, Accra.

Attendance: 55 participants

TALKS:

  • WAF Filter 404 Not Found - Blay Safian (Slides PDF)
  • Lighting Talk on Broken Authentication: What it means, and what you can do - Hassan Abudu (Slides PDF)
  • Wireless Security and its Discontents - Boyan Lazarevski (Slides PDF)

SPEAKERS:

Blay Safian

An Electrical Engineering and Automation Degree holder and a certified Advance Penetration tester. Defcon China 2.0 attendee.

Boyan Lazarevski(@BoyanLazarevski)

Boyan is a certified IT Operations Specialist with a passion for computer hardware and cybersecurity.

Hassan Abudu(@hassanabudu)

Hassan is OWASP Ghana chapter co leader, a web developer, a teacher and a technologist in general.

CTF for Developers:

OWASP Ghana Chapter is pleased to announce the 2019 OWASP Ghana CTF Tournament for Application Developers.

CTF (Capture The Flag) is a type of computer security competition. Contestants are presented with a set of challenges and puzzles which test their creativity, technical coding (and googling) skills, and problem-solving ability. Challenges usually cover a number of categories and when solved, each yields a “flag” which is submitted to a real-time scoring service. The difficulty levels are from beginners to advanced. CTF tournaments are a great and fun way for software developers to learn a wide array of cyber security / application security skills in a safe and legal environment. Most programming languages supported. IMPORTANT: Please bring your own LAPTOP and a charger for it to this event

This CTF environment is kindly provided by Secure Code Warrior.

Saturday, 8th June 2019 10am-2pm

Location: Department of Computer Science, University of Ghana, Legon, Accra.

Attendance: 65 participants

TALKS:

  • The State of Phishing Attack Vector - Isaac Kweku Acheampong (Slides PDF)
  • Lighting Talk on HTTPS - Hassan Abudu (no slides)
  • Smart Grid IoT Security - Kwaku Sarpong Manu (Slides PDF)
  • Anatomy of a DNS Cache Poisoning Attack - Boyan Lazarevski (Slides PDF)

SPEAKERS:

Isaac Kweku Acheampong

Isaac is currently working as a Facilities Manager, holds BSc IT and Sec+ certified.

Kwaku Sarpong Manu(@_kwaku__)

Kwaku is a Graduate Computer engineering student from KNUST. Avid reader, active sportsman and student politician. He's also an student Consultant at GWCL, advising the Technology and Innovation Department.

Fabiola Amedo(@fabluzi)

Fabiola is currently working at KPMG Ghana as an IT advisory professional.

Boyan Lazarevski(@BoyanLazarevski)

Boyan is a certified IT Operations Specialist.

Saturday, 16th March 2019 10am-2pm

Location: Department of Computer Science, University of Ghana, Legon, Accra.

Attendance: 85 participants

TALKS:

  • OWASP Introduction, Welcome and News - Ash Dastmalchi (Slides PDF)
Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leader.
  • Your web server has been hacked now what? by Archzilon Eshun-Davies (Slides PDF)
A walk through on what to look out for after a web server has been hacked by analysing the logs and how to prevent future hacks.
  • Cross-Site Scripting Attacks (XSS) by Adam Nurudini (Slides PDF)
Intro to XSS, how it works, what it affects and how to prevent it along with a live demo.
  • OWASP Juice Shop Project video presentation by Bjoern Kimminich (Youtube.com)
A playback of recording from OWASP BeNeLux-Days 2018 giving a complete introduction to the OWASP Juice Shop including a live demonstration of the application and how to hack it.

SPEAKERS:

Adam Nurudini (@Bra__Qwesi)

Adam Nurudini is the Lead Security Researcher @ Netwatch Technologies, project Consultant, Information Security Architects Ltd, Member, Cybersecurity Resilience Service Team and a Web Application Penetration Tester. He is also the president of the GIMPA School of Technology Students Association and Black Hat Attendee.

Archzilon Eshun-Davies (@laudarch)

Arch is CISO and CEO of Tactical Intelligence Security(TAISE)

Bjoern Kimminich (@bkimminich)

OWASP [Juice Shop Project] Leader, more Information about Bjoern can be found via his OWASP profile page by [clicking here]

Saturday, 24th November 2018 2pm-5pm

Location: GIMPA School of Technology, Greenhill, Accra. (Legon Bypass)

Attendance: 120 participants

TALKS:

  • OWASP Introduction, Welcome and News - Ash Dastmalchi
Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leader.
  • "OWASP Risk Rating presented by OWASP Risk Rating Management" - Yoseman Putra (Slides Online)
OWASP Risk Rating Management Project is a tool projects aim to educate user who want to assessment more than one or many web application using owasp risk rating methodologies. The project page can be visited by clicking here [[1]]
  • "Defensive Coding" - Archzilon Eshun-Davies (Slides PDF)
A talk on defensive coding practices regardless of the language used.
  • "Open-Source Intelligence (OSINT)" - Adam Nurudini (Slides PDF)
A run down on what is OSINT, methods of data gathering via various resources, followed by a hands-on demo using open source tools.
Wordpress Content Management Systems has gained a lot of popularity since its initial launch thanks to its user friendliness and the vast collection of plugins and themes. It is estimated 30% of the world’s website are powered by Wordpress. Like any other web application it is important you deploy and manage properly to ensure your data is safe. Sadly this has not been the case, with over 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. This talk will focus on how to deploy Wordpress safely and managing wordpress instances in a way that safeguards the application from common vulnerabilities and attacks.

SPEAKERS:

Ade Yoseman Putra (@johnleedik)

OWASP Jakarta Indonesia Chapter Leader, more Information about Ade can be found via his OWASP profile page by [clicking here]

Archzilon Eshun-Davies (@laudarch)

Arch is CISO and CEO of Tactical Intelligence Security(TAISE)

Adam Nurudini (@Bra__Qwesi)

Adam Nurudini is the Lead Security Researcher @ Netwatch Technologies, project Consultant, Information Security Architects Ltd, Member, Cybersecurity Resilience Service Team and a Web Application Penetration Tester. He is also the president of the GIMPA School of Technology Students Association.

Nii Ankrah (@niiankrah)

Nii has transitioned into information security with special interest malware analysis and helping companies achieve a good cyber security posture His engagements over the period include performing data centre and physical security reviews for clients within various industries, vulnerability assessments, application security audits and incident response.

Saturday, 18th August 2018 2pm-5pm

Location: Kofi Annan ICT Centre, Ridge, Accra. (Next to Ministry of Communications)

Attendance: 70 participants

TALKS:

  • OWASP Introduction, Welcome and News - Ash Dastmalchi & Hassan Abudu
Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leaders.
A quick primer of injection attacks including SQL injection.
  • "Bypassing Security Restrictions , The case of CVE-2018-5955" - Adam Nurudini (Slides PDF)
  • "Exploiting Server Side Template Injection with TPLMAP" - Divine Tsa (Slides PDF)
  • "Insecure Direct Object Reference IDOR(Broken Access Control)" - Eric Biako (Slides PDF)

SPEAKERS:

Hassan Abudu(@hassanabudu)

Hassan Abudu is OWASP Ghana chapter co-leader. A Stanford University graduate, Hassan started the Freecodecamp in Ghana teaching students via weekly sessions various aspects of Web Development. He's also a freelance web developer and a part time artist.

Adam Nurudini (@Bra__Qwesi)

Adam Nurudini is a web application penetration tester at Netwatch Technologies and a recent Black Hat Asia attendee.

Divine Tsa (@selormofmars)

Divine Tsa is a cybersecurity engineer at a reputable tech company. He helps develop information security plans and policies, tests for vulnerabilities, monitors and investigates security breaches. During his 10 years experience in information technology, he has served in a variety of leadership, technical, and information security roles, including implementing the cybersecurity project in the central bank. Divine holds a bachelors degree in business administration and a post graduate diploma in IT from GIMPA.

Eric Biako

Eric has a Bsc in IT and a CEH v9. He's currently an Information security officer at E-connecta as well as moderator at Legal hackmen.