This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP New Zealand Day 2019

Revision as of 03:09, 28 November 2018 by John dileo (talk | contribs) (Added clarification about international travel support (available only if sponsors provide funds for that purpose).)

Jump to: navigation, search


21st and 22nd February 2019 - Auckland


We are proud to announce the tenth OWASP New Zealand Day conference, to be held at the University of Auckland on Friday, February 22nd, 2019. OWASP New Zealand Day is a one-day conference dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Who is it for?

  • Web Developers: There will be a choice of two streams in the morning. Talks in the first stream will include introductory talks to information security, while those in the second stream will address deeper technical topics. Afternoon sessions will cover offensive security in stream one, and continue with deeper technical topics in stream two
  • Security Professionals and Enthusiasts: Technical sessions later in the day will showcase new and interesting attack and defence topics

Conference structure

Date: Friday, 22 February 2019
Time: 9:30am - 6:00pm
Cost: Free

The main conference is on Friday, the 22nd of February, and will have two streams in both the morning and the afternoon:


In addition to the main conference on Friday, we are pleased to offer opportunities for application security-related training on Thursday (21 February), at the same venue. The Call for Training is currently open, and details on the training sessions selected will appear below as they are finalised.


The tenth OWASP New Zealand Day will be happening thanks to the support provided by the University of Auckland, which will kindly offer the same facilities as those we used in 2018. Entry to the event will, as in the past, be free.

For any comments, feedback or observations, please don't hesitate to contact us.


Registration is not yet open. Please join our low volume mailing list to be notified when registration opens and/or follow us on twitter @owaspnz

There is no cost for the main conference day. Currently, we are planning to provide morning and afternoon tea; however, this is subject to meeting our sponsorship goals for the event. Spaces are limited, so we do ask that, if at any point you realise you will not be able to attend, you cancel your registration to make room for others.

Important dates

  • CFP submission deadline: 21st December 2018
  • CFT submission deadline: 21st December 2018
  • Conference Registration deadline: 14th February 2019
  • Training Registration deadline: 14th February 2019
  • Training Day date: 21st February 2019
  • Conference Day date: 22nd February 2019

For those of you booking flights, ensure you can be at the venue by 9:00am. The conference will end by 6:00pm. However, we will have post conference drinks at a local drinking establishment for those interested. We are planning to hold a special event on Thursday evening for speakers, trainers, and conference volunteers - more details on that to follow.

Places to eat & drink on the day

  • Coffee cart and selection of snacks next to the reception on the ground floor, this is the closest but will probably have long lines
  • Mojo Symonds - also on campus
  • Shakey Isles - coffee and food across the road on the corner of Symonds & Alfred St
  • The CBD - walk up and over Albert Park to get to the CBD with many great food options
    • Fort Street has burgers, kebabs, and KFC
    • High Street & Lorne Street have lots of little cafes and restaurants
  • Subway, Starbucks, St. Pierre's Sushi & Pita Pit - walk up Symonds Street
  • Vulture’s Lane is a popular pub with the InfoSec crowd, there are more seats downstairs
  • The Bluestone Room - also a popular pub just across Queen St

Conference Venue

The University of Auckland School of Business
Owen Glen Building
Address: 12 Grafton Road

Stream One: Level 1
Room: 115 (Fisher & Paykel Auditorium)

Stream Two: Level 0
Room: 098

New Zealand

073 AUBiz 10Apr08small.jpg OWASPNZDayLectureTheatre.jpg

Conference Sponsors

Conference Host:


Platinum Sponsors:


Gold Sponsors:


Silver Sponsors:


Supporting Sponsors:


Conference Committee

  • John DiLeo - Conference Chair, OWASP New Zealand Leader (Auckland)
  • Brendan Seerup - Sponsorships and Promotion
  • Lech Janczewski - Conference Host Liaison - Associate Professor, University of Auckland School of Business
  • YOU - We are looking for volunteers to help make this our most successful conference yet!

Please direct all enquiries to John DiLeo ([email protected])

OWASP NZ on Twitter (

Call for Presentations

The Call for Presentations is now open, and will close on Friday, 21st December.

OWASP New Zealand Day conferences attract a high quality of speakers from a variety of security disciplines, including architects, Web developers and engineers, system administrators, penetration testers, policy specialists and more.

We would like a variety of technical levels in the presentations submitted, corresponding to the three focus areas of the conference:

Track One:

  • Introductions to various Information Security topics, and the OWASP projects
  • Policy, Compliance and Risk Management

Track Two:

  • Technical topics

Introductory talks should appeal to an intermediate to experienced software developer, without requiring a solid grounding in application security or knowledge of OWASP projects. These talks should be engaging, encourage developers to learn more about information security, and give them techniques that they can immediately return to work and apply to their jobs.

This being an OWASP conference, the selection process for talks in Track One will give priority to those related to OWASP's Projects, Tools, and Guidance (check out the current [OWASP Project Inventory]( for more information). If multiple submissions are received related to the same OWASP Project/Tool, preference will be given to speakers actively involved as leaders or members of the respective project teams.

Technical topics are running all day and should appeal to two audiences - experienced software security testers or researchers, and software developers who have a “OWASP Top Ten” level of understanding of web attacks and defences. You could present a lightning, short or long talk on something you have researched, developed yourself, or learnt in your travels. Ideally the topics will have technical depth or novelty so that the majority of attendees learn something new.

We would also like to invite talks that will appeal to those interested in the various non-technical topics that are important in our industry. These talks could focus on the development of policies, dealing with compliance obligations, managing risks within an enterprise, or other issues that could appeal to those in management roles.

We encourage presentations to have a strong component on fixing and prevention of security issues. We are looking for presentations on a wide variety of security topics, including but not limited to:

  • Web application security
  • Mobile security
  • Cloud security
  • Secure development
  • Vulnerability analysis
  • Threat modelling
  • Application exploitation
  • Exploitation techniques
  • Threat and vulnerability countermeasures
  • Platform or language security (JavaScript, NodeJS, .NET, Java, RoR, Python, etc)
  • Penetration Testing
  • Browser and client security
  • Application and solution architecture security
  • Risk management
  • Security concepts for C*Os, project managers and other non-technical attendees
  • Privacy controls

The submission will be reviewed by the OWASP New Zealand Day conference committee and the highest voted talks will be selected and invited for presentation.


  • Due to limited funds availability, the conference budget does not include a plan to cover expenses for international speakers. However, if sponsorship funds are received for this purpose, we will issue a call for support applications from those outside New Zealand who have submitted proposals. Please indicate in the "additional information" section, whether you would be able to present without such support.
  • If you are selected as a speaker, and your company is willing to cover travel and accommodation costs, the company will be recognised as a "Supporting Sponsor" of the event.

Please submit your presentation on PaperCall.

Submission Deadline: Friday, 21st December 2018

Applicants will be notified in the following week after the deadline, whether they were successful or not.

Call For Trainers

We are happy to announce that training will run on Thursday, 21 February 2019, the day before the OWASP NZ Day conference. The training venue will be Level 0, Rooms: case rooms 1(005), 2(057), 3(055), and 4(009), kindly provided by the University of Auckland School of Business, in the same building as the OWASP NZ Day conference itself. Classes can contain up to 69 students, with power for laptop usage and Wi-Fi. A wide range of half-day or full-day training proposals will be considered, see the Call for Papers for a list of example topics.

If you are interested in running one of the training sessions, please contact John DiLeo ([email protected]) with the following information:

  • Trainer name
  • Trainer organisation
  • Telephone + email contact
  • Short Trainer bio
  • Training title
  • Trainer requirements (e.g. a projector, whiteboard, etc)
  • Trainee requirements (e.g. laptop, VMware/VirtualBox, etc)
  • Training summary (less than 500 words)
  • Target audience (e.g. testers, project managers, security managers, web developers, architects)
  • Skill level required (Basic / Intermediate / Advanced)
  • What attendees can expect to learn (key objectives)
  • Short course outline

The fixed price per head for training will be $250 for a half-day session and $500 for a whole-day session. As this training is part of an OWASP event, part of the proceeds go back to OWASP. The split is as follows:

  • 25% to OWASP Global - used for OWASP projects around the world
  • 25% to OWASP NZ Day - used for NZ Day expenses
  • 50% to the training provider.

Submission Deadline: Friday, 21st December 2018

Applicants will be notified in the following week after the deadline, whether they were successful or not.

Call For Sponsorships

OWASP New Zealand Day 2019 will be held in Auckland on the 22nd of February, 2019, and is a security conference entirely dedicated to application security. The conference is once again being hosted by the University of Auckland with their support and assistance. OWASP New Zealand Day 2019 is a free event, but requires sponsor support to help be an instructive and quality event for the New Zealand community. OWASP is strictly not for profit. The sponsorship money will be used to help make OWASP New Zealand Day 2019 a free, compelling, and valuable experience for all attendees.

The sponsorship funds collected are to be used for things such as:

  • Name tags - we feel that getting to know people within the New Zealand community is important, and name tags make that possible.
  • Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
  • Printed Materials - printed materials will include brochures, tags and lanyards.
  • Recognition items for speakers and trainers
  • Morning and afternoon tea, to promote a congenial environment for networking among application security professionals


Last year, the event was supported by seven sponsors and attracted more than 700 registrations. Plenty of constructive (and positive!) feedback from the audience was received, and we are using this to make the conference more appealing to more people. For more information on the last New Zealand Day event, please visit:

The OWASP New Zealand community is strong, with more than 500 people currently subscribed to the mailing list (sign up). OWASP New Zealand Day is expected to attract between 900 and 1000 attendees this year.

OWASP regular attendees are IT project managers, IT security managers, IT security consultants, Web application architects and developers, QA managers, QA testers and system administrators.