This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 18:52, 27 June 2018 by Dfagbemi (talk | contribs) (June 28 2018 Event: Cyber Security Awareness: Protecting Accounts Against Hackers)

Jump to: navigation, search
This OWASP Chapter is inactive.  If you are interested in restarting this Chapter contact us for more information or apply to restart this chapter .

OWASP Nigeria

Welcome to the Nigeria chapter homepage. The chapter leaders are

- Abuja: Abdullahi Arabo 
- Lagos: Damilare Fagbemi, Olufuwa Tayo 


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News

Meeting Location: Co-creation hub, 6th Floor, 294 Herbert Macaulay Rd, Lagos, Nigeria

Everyone is welcome to join us at our chapter meetings.

Chapter Meetings - 2018

June 2018 Event: OWASP Video Call - 10 Mistakes Security Engineers Make

Chapter Meeting - June 30, 2018
When Where
Saturday June 30, 2018
Talks Start: 4:00PM
End: 5:00PM
(Nigerian time, GMT+1)
OWASP GoTo Meeting:



10 Mistakes Security Engineers Take

How can security engineers succeed and scale effectively?

To answer that question, we peeled back the different layers of the product security engineering role. We explored how the security engineer approaches projects, interacts with teams, trains developers, communicates with management, assesses business risk and tackles other problems. We theorized that it should be possible to identify simple, straightforward guidelines that product security experts can employ to work effectively and efficiently with product teams and organizations as they strive to build secure systems.

Post analysis, we arrived at a set guidelines which we’re calling the Don’ts (and Dos) of the trade.

June 28 2018 Event: Cyber Security Awareness: Protecting Accounts Against Hackers

Chapter Meeting - June 30, 2018
When Where
Thursday June 28, 2018
Talks Start: 10:00AM
End: 2:00PM
(Nigerian time, GMT+1)
Maiduguri Road, Opposite Al-Yuma House, Tarauni 700223, Kano

[The session will be recorded and shared via YouTube]


Cyber Security Awareness: Protecting Accounts Against Hackers

In this talk, Shehu Awwal, an experienced Cybersecurity, researcher will discuss Information and Data Security. He will demonstrate How Script Kiddies, Hackers, and Social-Engineers use different ways to get Information. He will provide in-depth analysis of attacker techniques like Spear Phishing, Phishing, Email Spoofing.

Shehu will also explain how Internet users in Nigeria can avoid scams perpetrated through Email, Text etc., Using OWASP references and prevention guides. Finally, the SEToolkit will be used to demonstrate how Network Attacks occur and how they can be prevented.

Chapter Meetings - 2017

December 2017 Event: OWASP Top 10 2017 Video Call - The Most Critical Web Application Security Risks Today

Chapter Meeting - December 15, 2017
When Where
Friday December 15, 2017

Talks Start: 4:00PM
End: 5:00PM
Google Hangouts: Join Video Call

OWASP Top 10 2017 Video Call - The Most Critical Web Application Security Risks Today

Insecure software places critical infrastructure at risk inseveral sectors such as finance, healthcare, e-commerce, government, and thelist goes on. That places all users of such systems at risks like data theft,account impersonation, fraud etc.

The OWASP top ten is a de facto application securitystandard that outlines the ten most critical web application security risks.

The pace of change in technology has accelerated over thepast four years, and as such the OWASP top 10 has been completely refactored tocater to the latest web development technologies.

Please join us as we explore the top web applicationsecurity risks relevant to today's application developer, software engineer, orsystem administrator.

August 2017 Event: OWASP Top 10 Workshop Series - Understanding SQL Injection and XSS

Chapter Meeting - August 12, 2017
When Where
Saturday August 12, 2017

Doors: 12:00PM
Talks Start: 12:15PM
End: 2:30PM
Venue Location: CC-HUB

Venue Address: Co-creation hub, 6th Floor, 294 Herbert Macaulay Rd, Lagos, Nigeria
Venue Map: Google Maps
(Registration. Register here)


Sponsors: Cchub.png

OWASP Top 10 Workshop Series - Understanding SQL Injection and XSS

Please join us for the first workshop of our OWASP Top 10 series. In this exciting series, we will explore the top web application security vulnerabilities, and how to prevent them.

The OWASP Top 10 is a list of the most pertinent security issues that affect web applications today.

In this workshop, we will cover:

  1. OWASP Top 10 A1 (Injection): Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
  2. OWASP Top 10 A3 (Cross-Site Scripting, XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Please try to arrive 15 - 30 minutes early.

Chapter Meetings - 2016

OWASP Lagos February Event

Chapter Meeting - February 13, 2016
When Where
Saturday February 13 2016

Doors: 12:00PM
Talks Start: 12:15PM
Venue Location: CC-HUB

Venue Address: Co-creation hub, 6th Floor, 294 Herbert Macaulay Rd, Lagos, Nigeria
Venue Map: Google Maps
(Registration. Register here)


Sponsors: Cchub.png    Inits.png

The inaugural OWASP Lagos, Nigeria meeting is taking place on Saturday February 16 at CC-HUB from 12:00PM - 5:00PM.

Hope to see you there.

There are three talks lined up including an Intro of OWASP and the chapter leaders:

Intro: Chapter leads - our background, how we got into security, stuff we're exploring or hope to learn and what we hope to achieve in starting OWASP Lagos. About OWASP: A look at OWASP, her objectives, some flagship projects (tools, guidelines, cheat sheets)

Talk 1: Introduction to OWASP ZAP

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. This talk will describe the tool and how to use it for validating web application security.

Talk 2: Exploiting a Vulnerable website to steal user credentials and gain root

This talk will describe how user authentication credentials can hijacked on a vulnerable website, using a practical demo. It will also demonstrate the compromise of a webserver hosting a vulnerble web application.

Talk 3: The OWASP Web Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. In this session we'll introduce the security shepherd and use it to learn SQL Injection . PLEASE BRING YOUR LAPTOPS.