This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 16:13, 12 February 2019 by Nu11by73 (talk | contribs) (Added 2014 events)

Jump to: navigation, search

OWASP Houston

Welcome to the Houston chapter homepage. The Chapter Leaders are Ryan Tierney and Benjamin Loula.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Events


Past Events


Owasp Houston April Chapter Meeting

When: Wed, April 25, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security

Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.

Title: A phased approach to building security automation into your CI/CD

So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.

Back to Top

Owasp Houston February Chapter Meeting

When: Wed, February 28, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Houston Java Users Group

Title: App Security Really Will Make You Money!

When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.

Sponsor: Checkmarx

Back to Top


Owasp Houston July Chapter Meeting

When: Tuesday July, 2017 at 6:30 PM

Where: NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027

Speaker: Greg Anderson

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page:

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Back to Top

Owasp Houston May Chapter Meeting

When: Tuesday May 23, 2017 at 6:00PM

Where: Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003

Title: General Discussions and Networking

Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about:
  • OWASP Projects and events
  • Proposed topics for next meetings
  • Suggestions for becoming better involved in both the application development and security initiatives
  • Open discussion of current trends


  • 6:00 PM: Networking
  • 6:30 PM: Start of discussion
  • 8:00 PM Wrap-up and head home

Back to Top

Owasp Houston January Chapter Meeting

When: Sunday, January 8, 2017 6:00 PM to 9:00 PM

Where: Poison Girl 1641 Westheimer · Houston, TX

Title: New Year Kick-off

We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.

Sponsor: Alertlogic Back to Top




Owasp Houston March Chapter Meeting

When: Thursday, March 26, 2015 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.

Back to Top


Owasp Houston December Chapter Meeting

When: Wednesday, December 17, 2014 6:00 PM to 9:00 PM

Where: The Original OKRA Charity Saloon 924 Congress St · Houston, TX

Title: Happy Hour

Season's greetings Houston,

We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership.
When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.

Back to Top

Owasp Houston April Chapter Meeting

When: Thursday, April 10, 2014 6:00 PM to 9:00 PM

Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Owasp Houston Mini-Con

Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.

This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in.
Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM.
We may have a late announcement on a third speaker.

Speaker: Tyler Borland

The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize(), has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit.

Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!

Speaker: Adam Prigden

The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages.

Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings.

Back to Top

Owasp Houston March Chapter Meeting

When: Thursday, March 13, 2014 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.

Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.

Sponsors: White Hat Security & Alertlogic

Back to Top

Owasp Houston February Chapter Meeting

When: Thursday, February 20, 2014 6:00 PM to 9:00 PM

Where: TXRX Labs 205 Roberts St · Houston, TX

Title: Metasploit Workshop

We have a new venue sponsored by TXRX Labs ( If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC ( and host recreational programming events. ( They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.

Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)

Workshop Host: Dennis Maldonado

Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.


  • Reception 6PM-7PM
  • Presentation 7PM-8PM
  • Questions/Audience Participation 8PM-9PM

Back to Top