This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 15:32, 12 February 2019 by Nu11by73 (talk | contribs) (Adding in past events)

Jump to: navigation, search

OWASP Houston

Welcome to the Houston chapter homepage. The Chapter Leaders are Ryan Tierney and Benjamin Loula.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Events


Past Events


Owasp Houston April Chapter Meeting

When: Wed, April 25, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security

Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.

Title: A phased approach to building security automation into your CI/CD

So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.

Back to Top

Owasp Houston February Chapter Meeting

When: Wed, February 28, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Houston Java Users Group

Title: App Security Really Will Make You Money!

When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.

Sponsor: Checkmarx

Back to Top


Owasp Houston July Chapter Meeting

When: Tuesday July, 2017 at 6:30 PM

Where: NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027

Speaker: Greg Anderson

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page:

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Back to Top