This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

New Zealand

From OWASP
Jump to: navigation, search


OWASP New Zealand

Welcome to the OWASP New Zealand chapter homepage.

The chapter leaders are Kim Carter (Christchurch), Kirk Jackson (Wellington), and John DiLeo (Auckland).

Keeping in Touch

Some Global OWASP Resources:

OWASP New Zealand Chapter Board

We are always looking for additional board members to evangelise the OWASP mission, help with meetings, projects and initiatives. As we all know, it takes time/effort to run a chapter. Please contact us if you are interested in joining the NZ OWASP board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to OWASP NZ.


Local Meetup Links

2020

Conference Web Banner-2020 OWASP NZ Day
19 - 21 February 2020

OWASP New Zealand Day 2020 - University of Auckland Business School

One-day conference, with three tracks on Friday, 21 February - Registration is FREE
Training sessions (half-day, one-day, or two-day) on Wednesday and Thursday, 19 - 20 February - Registration: $325 for half-day; $625 for one-day; $1250 for two-day (plus EventBrite fees)

2019

10 December 2019

Auckland Meetup

Top Ten Discussion: A7 - Cross-Site Scripting (XSS) - Led by John DiLeo
Presentation: TBC
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

Past Events

2019

8 October 2019

Auckland Meetup

Top Ten Discussion: A6 - Security Misconfiguration - Led by James Ting-Edwards
Presentation: What's In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
Venue Host: Simon White
Location: Middleware NZ, 104 Quay Street, CBD, Auckland

Logo for security.ac.nz event

24 - 25 August 2019

OWASP NZ is proud to invite you to our first https://security.ac.nz event. Please visit the website for details.

Registration: FREE
Location: Maclaurin Lecture Theatres, Victoria University of Wellington

13 August 2019

Auckland Meetup

Top Ten Discussion: A9 - Using Components with Known Vulnerabilities - Led by John DiLeo
Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

10 August 2019

Auckland Training Day

Threat Modelling: Getting from None to Done - John DiLeo
Registration: $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

11 June 2019

Auckland Meetup

Top Ten Discussion: A5 - Broken Access Control - Led by John DiLeo
Technical Topic: My Recent Adventures at OWASP Conferences - John DiLeo
Location: Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland

9 April 2019

Auckland Meetup

Top Ten Discussion: A4 - XML External Entities (XXE) - Led by John DiLeo
Open Discussion: What do we want to do this year?
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

NZDay_2019_web_banner.jpg
21 - 22 February 2019

OWASP New Zealand Day 2019 - University of Auckland Business School

One-day conference, with two tracks on Friday, 22 February - Registration is FREE
Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day

2018

11 December 2018

Auckland Meetup

Top Ten Discussion: A2 - Broken Authentication - Led by John DiLeo
Technical Topic: Some Thoughts on Threat Modelling - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

29 October 2018

Wellington Meetup

Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
Video: [1]
Location: Wellington

9 October 2018

Auckland Meetup

Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland

27 August 2018

Wellington Meetup

Presentation: Developer's guide to Deserialization Attack - Felix Shi
Video: [2]
Location: Wellington

14 August 2018

Auckland Meetup

Top Ten Discussion: A3 - Sensitive Data Exposure - Led by John DiLeo
Presentation: Web Application Penetration Testing Demo - Shofe Miraz
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

12 June 2018

Auckland Meetup

Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards
Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland

11 June 2018

Wellington Meetup

Presentation: What are certificates? - Matt Cotterell
Location: Wellington

10 April 2018

Auckland Meetup

Top Ten Discussion: A1 - Injection - Led by John DiLeo
Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

28 March 2018

Christchurch Meetup

CERT NZ
Location: Christchurch
Co-Sponsor: Catalyst

26 Feb 2018

Wellington Meetup

CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram
Video: [3]
Location: Wellington
Presented by: Declan Ingram

NZ_day_2018_web.jpg

4 - 5 February 2018

OWASP New Zealand Day 2018 - University of Auckland Business School

One-day conference, with two tracks on Monday, 5 February - Registration is FREE
Training session (full-day) on Sunday, 4 February - Registration: $500

2017

2 Oct 2017

Wellington Meetup

Presentation: Same-origin policy: The core of web security
Video: [4]
Location: Wellington
Presented By: Kirk Jackson

27 Sept 2017

Christchurch Meetup

Securing your data (your business) using SQL Server 2016
Presented By: Anupama Natarajan
Location: Christchurch
Co-Sponsor: Catalyst

31 July 2017

Wellington Meetup

Presentation: What is Cross-Site Request Forgery?
Video: [5]
Location: Wellington
Presented By: Vales Bakaitis

28 June 2017

Christchurch Meetup

Web Developer Quiz Night
Prepared and Presented By: Kim Carter
Details: on binarymist.io
Location: Christchurch
Co-Sponsor: Catalyst

29 May 2017

Wellington Meetup

Presentation: Developer's Guide to Preventing XSS
Video: [6]
Location: Wellington
Presented By: Felix Shi

OWASP_NZ_Day_2017_logo.jpg
19 - 20 April 2017

OWASP New Zealand Day 2017 - University of Auckland Business School

One-day conference, with two tracks on Thursday, 20 April - Registration is FREE
Training sessions (half-day and full-day) on Wednesday, 19 April

29 March 2017

Christchurch Meetup

PHP Hurts Programmers (and other tales)
Presented By: Keith Humm
Slides: on speakerdeck
Locations: Christchurch
Co-Sponsor: Catalyst

27 Feb 2017

Wellington Meetup

Presentation: Building the ultimate login and signup
Video: Youtube
Location: Wellington
Presented By: Matt Cotterell

2016

29 November 2016

OWASP NZ Wellington Meetup page

Presentation: OWASP Top Ten - Developing secure web apps (PHP-flavoured)
Video: Youtube
Location: Wellington
Presented By: Kirk Jackson
In conjunction with the PHP user group Wellington
10 October 2016

OWASP NZ Wellington Meetup page

Presentation: Introduction to Ruby on Rails security
Video: Youtube
Locations: Wellington
Presented By: Tim Goddard
Sponsor: Insomnia
28 September 2016

OWASP NZ Christchurch Meetup page

Presentation / Demo Applying Cold War Learnings to our Daily OPSEC
DeadDrop: (https://deaddrop.jadeworld.com/)
Github: (https://github.com/phage-nz/deaddrop)
Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
Locations: Christchurch
Presented By: Chris Campbell
Co-Sponsor: Catalyst and BinaryMist
29 August 2016

OWASP NZ Wellington Meetup page

Presentation: Mobile app security: Intro to the OWASP Mobile Top 10
Video: Youtube
Location: Wellington
Presented By: Mike Haworth
29 June 2016

OWASP NZ Christchurch Meetup page

Presentation / Demo Security Regression Testing with ZapAPI and NodeGoat
Teaser: (https://youtu.be/DrwXUOJWMoo)
Github: (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
Sourced From: Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
Locations: Christchurch
Presented By: Kim Carter
Co-Sponsor: Catalyst and BinaryMist
27 June 2016

OWASP NZ Wellington Meetup page

Presentation: Introduction to using a web application firewall
Video: Youtube
Location: Wellington
Presented By: Graeme Neilson
Sponsor: RedShield
30 March 2016

OWASP NZ Christchurch Meetup page

Presentation: Qubes OS Discussion (https://www.qubes-os.org)
Locations: Christchurch
Presented By: Craig Rowland
Co-Sponsor: Dimension Data and BinaryMist Limited
3rd and 4th of February 2016

OWASP_NZ_Day_2016_logo.jpg

At the University of Auckland School of Commerce

Gold Sponsors:

INSOMNIA.PNG
   
RedShield.png
   
SA_Logo_w_DD.gif
Insomnia Security
   
Aura RedShield
   
www.security-assessment.com

2015

25 November 2015

OWASP NZ Christchurch Meetup page

Presentation: UAC, Governance and Managing the External Infosec Audit
Locations: Christchurch
Presented By: Drewe Hinkley
Co-Sponsor: Dimension Data and BinaryMist Limited
30 September 2015

OWASP NZ Christchurch Meetup page

Two part Presentation: The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from Kims book
Locations: Christchurch
Presented By: Salinda Lekamge and Kim Carter
24 June 2015

OWASP NZ Christchurch Meetup page

Presentation: "Does Your Cloud Solution Look Like a Mushroom".
Locations: Christchurch
Presented By: Kim Carter.
Co-Sponsor: Dimension Data and BinaryMist Limited
25 March 2015

OWASP NZ Christchurch Meetup page

Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations
Locations: Christchurch
Presented By: Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
Co-Sponsor: Dimension Data and BinaryMist Limited
26th and 27th of February 2015

26th and 26th February 2015 - University of Auckland Engineering Department

At the University of Auckland Engineering Department

2014

26 November 2014

OWASP NZ Christchurch Meetup page

Workshop: Review SSL/TLS, demo sslstrip and mitigation techniques
Locations: Christchurch
Presented By: Kevin Alcock, Security Consultant at Katipo Security
Co-Sponsor: Dimension Data and BinaryMist Limited
25 September 2014

OWASP NZ Christchurch Meetup page

Workshop: Review, Exploit and Learn from Vulnerable Web App
Locations: Christchurch
Presented By: Chris Campbell, Security & Operations Consultant Jade
Co-Sponsor: Dimension Data and BinaryMist Limited
24 July 2014

OWASP NZ Wellington Meetup page

Workshop: Web App Security Workshop
Locations: Wellington
Presented By: Adrian Hayes
Sponsor: Dimension Data

2013

19 December 2013

Meetup Link Here

Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland, Christchurch, Webcast
Details: All details are on the meetup page above
Presentation: Extending Burp with Python
Presented By: Mike Haworth, Aura Information Security
11th and 12th of September 2013

11th and 12st September 2013 - Auckland Business School

At the Auckland Business School

https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013


22 May 2013

OWASP Meetup page to RSVP

Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland, Webcast
Details: All details are on the meetup page above


2012

31st August 2012

OWASP New Zealand Day 2012

Co-Sponsor: The University of Auckland, Security-Assessment.com, Aura Information Security, Insomnia Security, Lateral Security, Web Drive
Location: Auckland
Event site: OWASP New Zealand Day 2012
8th May 2012
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: An Overview and introduction to modern day BeEF
Presented By: Mark Piper, Insomnia Security


28th February 2012
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 3
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: Mistaken Identity: How Not To Build A Password Reset Process
Presented By: Nick Freeman, Senior Security Consultant (Security-Assessment.com)


2011

6th December 2011
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 2
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: Hardened Hosting
Presented By: Quintin Russ, Technical Director (SiteHost)


20th September 2011
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 1
Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
Presentation: Clickjacking for Shells
Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)


7th July 2011

OWASP_NZ_Day_2011_Logo.png

Co-Sponsor: Security-Assessment.com, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2011


2nd March 2011
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: I know what you did last summer: The latest from the world of web hacks
Presented By: Kirk Jackson, Security Consultant (Aura Software Security)

2010

15th July 2010

Owasp_nz_day_2010.jpg

Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2010
4th March 2010
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: MS-SQL Injections.
Presented By: Scott Bell, Security Consultant (Security-Assessment.com)

2009

10th November 2009
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Testing AMF/Flex.
Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
Presentation: "Shared Ownership", from a web security perspective.
Presented By: Quintin Russ, Technical Director (Site Host)


13th July 2009

Owasp_nz_logo.jpg

Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2009


19th March 2009
Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "ActiveXploitation in 2009"
Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
Presentation: "Reversing JavaScript"
Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)

2008

5th November 2008
Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Common Application Flaws"
Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
Presentation: "In your Browser, Jackin your Clicks"
Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
Presentation: "Opera Stored Cross Site Scripting"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


3rd September 2008
Co-Sponsor: Microsoft and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Browser Security"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
Presentation: "Time based blind SQL Injections"
Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)


25th June 2008
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Fuzz the Web"
Presented By: Dean Jerkovich, Security Analyst (ASB)
Presentation: "Hacking The World With Flash Part #2: The Results"
Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)


29th April 2008
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Hacking The World With Flash"
Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
Presentation: "Web Spam Techniques - also available in HTML format"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
21st February 2008
Co-Sponsor: Veda Advantage
Locations: Auckland
Presentation: "Xpath Injection - An Overview"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)


2007

5th December 2007
Co-Sponsor: Veda Advantage
Locations: Auckland
Presentation: "Ajax Security"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
Presentation: "On the job browser exploitation"
Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)
22nd May 2007
Co-Sponsor: Veda Advantage
Press Release: VedaAdvantage.com
Locations: Auckland
Presentation: "OWASP in New Zealand"
Presented By: Roberto Suggi Liverani / Antonio Spera
April 2007
Co-Sponsor: Veda Advantage
Locations: Auckland
January 2007
Co-Sponsor: Veda Advantage
Locations: Auckland

Activities

OWASP New Zealand members actively participate in various OWASP activities. The following are some highlights of activities undertaken by OWASP NZ members:

2019

  • John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the NZISF in Auckland
  • John DiLeo attended the Open Security Summit, June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
  • John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at Global AppSec-Tel Aviv in May 2019
  • John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

  • John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the Open Security Summit in the UK, in June 2018
  • John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
  • John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
  • John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
  • Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
  • Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018

Older

  • Kim Carter ran a workshop at the NYC chapter
  • Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
  • Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
  • Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
  • Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
  • Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
  • Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
  • Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
  • OWASP NZ Day 2009 - Presentations online
  • Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
  • Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
  • Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
  • Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
  • Rob Munro has been appointed as OWASP Evangelist
  • OWASP NZ has audio/video conference capability between Auckland and Wellington