This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
New Zealand
OWASP New Zealand
Welcome to the OWASP New Zealand chapter homepage.
The chapter leaders are Kim Carter (Christchurch), Kirk Jackson (Wellington), and John DiLeo (Auckland).
Keeping in Touch
- Chapter Mailing List (Google Groups): [email protected] - Join the Group
- InfoSecNZ Workspace on Slack - Be sure to join the #events channel for calendar notices (NOTE: By design, we do not maintain a separate Slack Workspace for the New Zealand chapter)
- Follow us on Twitter (@owaspnz)
Some Global OWASP Resources:
OWASP New Zealand Chapter Board
We are always looking for additional board members to evangelise the OWASP mission, help with meetings, projects and initiatives. As we all know, it takes time/effort to run a chapter. Please contact us if you are interested in joining the NZ OWASP board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to OWASP NZ.
- NZ Board Member (Leader - Christchurch) Kim Carter (@binarymist)
- NZ Board Member (Leader - Auckland) John DiLeo (@gr4ybeard)
- NZ Board Member (Leader - Wellington) Kirk Jackson (@kirkj)
Local Meetup Links
- OWASP New Zealand Chapter-Auckland
- OWASP New Zealand Chapter-Christchurch
- OWASP New Zealand Chapter-Wellington
2020
OWASP New Zealand Day 2020 - University of Auckland Business School
- One-day conference, with three tracks on Friday, 21 February - Registration is FREE
- Training sessions (half-day, one-day, or two-day) on Wednesday and Thursday, 19 - 20 February - Registration: $325 for half-day; $625 for one-day; $1250 for two-day (plus EventBrite fees)
2019
10 December 2019
- Top Ten Discussion: A7 - Cross-Site Scripting (XSS) - Led by John DiLeo
- Presentation: TBC
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
Past Events
2019
8 October 2019
- Top Ten Discussion: A6 - Security Misconfiguration - Led by James Ting-Edwards
- Presentation: What's In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
- Venue Host: Simon White
- Location: Middleware NZ, 104 Quay Street, CBD, Auckland
24 - 25 August 2019
OWASP NZ is proud to invite you to our first https://security.ac.nz event. Please visit the website for details.
- Registration: FREE
- Location: Maclaurin Lecture Theatres, Victoria University of Wellington
13 August 2019
- Top Ten Discussion: A9 - Using Components with Known Vulnerabilities - Led by John DiLeo
- Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
10 August 2019
- Threat Modelling: Getting from None to Done - John DiLeo
- Registration: $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
11 June 2019
- Top Ten Discussion: A5 - Broken Access Control - Led by John DiLeo
- Technical Topic: My Recent Adventures at OWASP Conferences - John DiLeo
- Location: Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland
9 April 2019
- Top Ten Discussion: A4 - XML External Entities (XXE) - Led by John DiLeo
- Open Discussion: What do we want to do this year?
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
OWASP New Zealand Day 2019 - University of Auckland Business School
- One-day conference, with two tracks on Friday, 22 February - Registration is FREE
- Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day
2018
11 December 2018
- Top Ten Discussion: A2 - Broken Authentication - Led by John DiLeo
- Technical Topic: Some Thoughts on Threat Modelling - John DiLeo
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
29 October 2018
- Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
- Video: [1]
- Location: Wellington
9 October 2018
- Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
- Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland
27 August 2018
- Presentation: Developer's guide to Deserialization Attack - Felix Shi
- Video: [2]
- Location: Wellington
14 August 2018
- Top Ten Discussion: A3 - Sensitive Data Exposure - Led by John DiLeo
- Presentation: Web Application Penetration Testing Demo - Shofe Miraz
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
12 June 2018
- Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards
- Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland
11 June 2018
- Presentation: What are certificates? - Matt Cotterell
- Location: Wellington
10 April 2018
- Top Ten Discussion: A1 - Injection - Led by John DiLeo
- Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
- Location: Orion Health, 181 Grafton Road, Grafton, Auckland
28 March 2018
- CERT NZ
- Location: Christchurch
- Co-Sponsor: Catalyst
- 26 Feb 2018
- CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram
- Video: [3]
- Location: Wellington
- Presented by: Declan Ingram
OWASP New Zealand Day 2018 - University of Auckland Business School
- One-day conference, with two tracks on Monday, 5 February - Registration is FREE
- Training session (full-day) on Sunday, 4 February - Registration: $500
2017
- 2 Oct 2017
- Presentation: Same-origin policy: The core of web security
- Video: [4]
- Location: Wellington
- Presented By: Kirk Jackson
- 27 Sept 2017
- Securing your data (your business) using SQL Server 2016
- Presented By: Anupama Natarajan
- Location: Christchurch
- Co-Sponsor: Catalyst
- 31 July 2017
- Presentation: What is Cross-Site Request Forgery?
- Video: [5]
- Location: Wellington
- Presented By: Vales Bakaitis
- 28 June 2017
- Web Developer Quiz Night
- Prepared and Presented By: Kim Carter
- Details: on binarymist.io
- Location: Christchurch
- Co-Sponsor: Catalyst
- 29 May 2017
- Presentation: Developer's Guide to Preventing XSS
- Video: [6]
- Location: Wellington
- Presented By: Felix Shi
OWASP New Zealand Day 2017 - University of Auckland Business School
- One-day conference, with two tracks on Thursday, 20 April - Registration is FREE
- Training sessions (half-day and full-day) on Wednesday, 19 April
- 29 March 2017
- PHP Hurts Programmers (and other tales)
- Presented By: Keith Humm
- Slides: on speakerdeck
- Locations: Christchurch
- Co-Sponsor: Catalyst
- 27 Feb 2017
- Presentation: Building the ultimate login and signup
- Video: Youtube
- Location: Wellington
- Presented By: Matt Cotterell
2016
- 29 November 2016
OWASP NZ Wellington Meetup page
- Presentation: OWASP Top Ten - Developing secure web apps (PHP-flavoured)
- Video: Youtube
- Location: Wellington
- Presented By: Kirk Jackson
- In conjunction with the PHP user group Wellington
- 10 October 2016
OWASP NZ Wellington Meetup page
- Presentation: Introduction to Ruby on Rails security
- Video: Youtube
- Locations: Wellington
- Presented By: Tim Goddard
- Sponsor: Insomnia
- 28 September 2016
OWASP NZ Christchurch Meetup page
- Presentation / Demo Applying Cold War Learnings to our Daily OPSEC
- DeadDrop: (https://deaddrop.jadeworld.com/)
- Github: (https://github.com/phage-nz/deaddrop)
- Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
- Locations: Christchurch
- Presented By: Chris Campbell
- Co-Sponsor: Catalyst and BinaryMist
- 29 August 2016
OWASP NZ Wellington Meetup page
- Presentation: Mobile app security: Intro to the OWASP Mobile Top 10
- Video: Youtube
- Location: Wellington
- Presented By: Mike Haworth
- 29 June 2016
OWASP NZ Christchurch Meetup page
- Presentation / Demo Security Regression Testing with ZapAPI and NodeGoat
- Teaser: (https://youtu.be/DrwXUOJWMoo)
- Github: (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
- Sourced From: Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
- Locations: Christchurch
- Presented By: Kim Carter
- Co-Sponsor: Catalyst and BinaryMist
- 27 June 2016
OWASP NZ Wellington Meetup page
- Presentation: Introduction to using a web application firewall
- Video: Youtube
- Location: Wellington
- Presented By: Graeme Neilson
- Sponsor: RedShield
- 30 March 2016
OWASP NZ Christchurch Meetup page
- Presentation: Qubes OS Discussion (https://www.qubes-os.org)
- Locations: Christchurch
- Presented By: Craig Rowland
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 3rd and 4th of February 2016
At the University of Auckland School of Commerce
Gold Sponsors:
2015
- 25 November 2015
OWASP NZ Christchurch Meetup page
- Presentation: UAC, Governance and Managing the External Infosec Audit
- Locations: Christchurch
- Presented By: Drewe Hinkley
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 30 September 2015
OWASP NZ Christchurch Meetup page
- Two part Presentation: The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from Kims book
- Locations: Christchurch
- Presented By: Salinda Lekamge and Kim Carter
- 24 June 2015
OWASP NZ Christchurch Meetup page
- Presentation: "Does Your Cloud Solution Look Like a Mushroom".
- Locations: Christchurch
- Presented By: Kim Carter.
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 25 March 2015
OWASP NZ Christchurch Meetup page
- Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations
- Locations: Christchurch
- Presented By: Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 26th and 27th of February 2015
At the University of Auckland Engineering Department
2014
- 26 November 2014
OWASP NZ Christchurch Meetup page
- Workshop: Review SSL/TLS, demo sslstrip and mitigation techniques
- Locations: Christchurch
- Presented By: Kevin Alcock, Security Consultant at Katipo Security
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 25 September 2014
OWASP NZ Christchurch Meetup page
- Workshop: Review, Exploit and Learn from Vulnerable Web App
- Locations: Christchurch
- Presented By: Chris Campbell, Security & Operations Consultant Jade
- Co-Sponsor: Dimension Data and BinaryMist Limited
- 24 July 2014
OWASP NZ Wellington Meetup page
- Workshop: Web App Security Workshop
- Locations: Wellington
- Presented By: Adrian Hayes
- Sponsor: Dimension Data
2013
- 19 December 2013
- Co-Sponsor: Security-Assessment.com and Touchpoint
- Locations: Wellington, Auckland, Christchurch, Webcast
- Details: All details are on the meetup page above
- Presentation: Extending Burp with Python
- Presented By: Mike Haworth, Aura Information Security
- 11th and 12th of September 2013
At the Auckland Business School
https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013
- 22 May 2013
- Co-Sponsor: Security-Assessment.com and Touchpoint
- Locations: Wellington, Auckland, Webcast
- Details: All details are on the meetup page above
2012
- 31st August 2012
- Co-Sponsor: The University of Auckland, Security-Assessment.com, Aura Information Security, Insomnia Security, Lateral Security, Web Drive
- Location: Auckland
- Event site: OWASP New Zealand Day 2012
- 8th May 2012
- Co-Sponsor: Security-Assessment.com and Touchpoint
- Locations: Wellington, Auckland
- Presentation: An Overview and introduction to modern day BeEF
- Presented By: Mark Piper, Insomnia Security
- 28th February 2012
- Co-Sponsor: Security-Assessment.com and Touchpoint
- Locations: Wellington, Auckland
- Presentation: Introduction to the OWASP Top Ten - Part 3
- Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
- Presentation: Mistaken Identity: How Not To Build A Password Reset Process
- Presented By: Nick Freeman, Senior Security Consultant (Security-Assessment.com)
2011
- 6th December 2011
- Co-Sponsor: Security-Assessment.com and Touchpoint
- Locations: Wellington, Auckland
- Presentation: Introduction to the OWASP Top Ten - Part 2
- Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
- Presentation: Hardened Hosting
- Presented By: Quintin Russ, Technical Director (SiteHost)
- 20th September 2011
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: Introduction to the OWASP Top Ten - Part 1
- Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
- Presentation: Clickjacking for Shells
- Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)
- 7th July 2011
- Co-Sponsor: Security-Assessment.com, The University of Auckland
- Location: Auckland
- Presentations: Download
- Event site: OWASP New Zealand Day 2011
- 2nd March 2011
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
- Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
- Presentation: I know what you did last summer: The latest from the world of web hacks
- Presented By: Kirk Jackson, Security Consultant (Aura Software Security)
2010
- 15th July 2010
- Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
- Location: Auckland
- Presentations: Download
- Event site: OWASP New Zealand Day 2010
- 4th March 2010
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: MS-SQL Injections.
- Presented By: Scott Bell, Security Consultant (Security-Assessment.com)
2009
- 10th November 2009
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: Testing AMF/Flex.
- Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
- Presentation: "Shared Ownership", from a web security perspective.
- Presented By: Quintin Russ, Technical Director (Site Host)
- 13th July 2009
- Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
- Location: Auckland
- Presentations: Download
- Event site: OWASP New Zealand Day 2009
- 19th March 2009
- Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: "ActiveXploitation in 2009"
- Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
- Presentation: "Reversing JavaScript"
- Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)
2008
- 5th November 2008
- Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: "Common Application Flaws"
- Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
- Presentation: "In your Browser, Jackin your Clicks"
- Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
- Presentation: "Opera Stored Cross Site Scripting"
- Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
- 3rd September 2008
- Co-Sponsor: Microsoft and Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: "Browser Security"
- Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
- Presentation: "Time based blind SQL Injections"
- Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)
- 25th June 2008
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: "Fuzz the Web"
- Presented By: Dean Jerkovich, Security Analyst (ASB)
- Presentation: "Hacking The World With Flash Part #2: The Results"
- Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)
- 29th April 2008
- Co-Sponsor: Security-Assessment.com
- Locations: Wellington, Auckland
- Presentation: "Hacking The World With Flash"
- Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
- Presentation: "Web Spam Techniques - also available in HTML format"
- Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
- 21st February 2008
- Co-Sponsor: Veda Advantage
- Locations: Auckland
- Presentation: "Xpath Injection - An Overview"
- Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
2007
- 5th December 2007
- Co-Sponsor: Veda Advantage
- Locations: Auckland
- Presentation: "Ajax Security"
- Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
- Presentation: "On the job browser exploitation"
- Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)
- 22nd May 2007
- Co-Sponsor: Veda Advantage
- Press Release: VedaAdvantage.com
- Locations: Auckland
- Presentation: "OWASP in New Zealand"
- Presented By: Roberto Suggi Liverani / Antonio Spera
- April 2007
- Co-Sponsor: Veda Advantage
- Locations: Auckland
- January 2007
- Co-Sponsor: Veda Advantage
- Locations: Auckland
Activities
OWASP New Zealand members actively participate in various OWASP activities. The following are some highlights of activities undertaken by OWASP NZ members:
2019
- John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the NZISF in Auckland
- John DiLeo attended the Open Security Summit, June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
- John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at Global AppSec-Tel Aviv in May 2019
- John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019
2018
- John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the Open Security Summit in the UK, in June 2018
- John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
- John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
- John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
- Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
- Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018
Older
- Kim Carter ran a workshop at the NYC chapter
- Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
- Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
- Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
- Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
- Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
- Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
- Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
- OWASP NZ Day 2009 - Presentations online
- Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
- Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
- Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
- Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
- Rob Munro has been appointed as OWASP Evangelist
- OWASP NZ has audio/video conference capability between Auckland and Wellington