OWASP Bristol

Welcome to OWASP Bristol Chapter

The OWASP Bristol Chapter is run by Craig Francis and Jon Gadsden. We are a bunch of friendly people interested in application security and we meet up four or five times a year to discuss a whole range of security topics.

The Bristol Chapter is pleased to have the support of WiTCH (Women in Tech & Cyber Hub) in promoting a more diverse software security community in the South West of England.

Social media

Chapter Meetings

Typically our meetings are held in the evening and last for a couple of hours. View the schedule on the events tab for our next meeting and also for past meetings.

To register for an event please visit our Meetup page.

Speaking at OWASP Bristol Chapter Events

If you would like to present a talk on application security at a future OWASP Bristol Chapter event then that would be most welcome. All types of talks and presentations are encouraged :

  • Short / lightning talks, approximately 10 minutes on a specific subject
  • Longer talks between 30 and 45 minutes
  • Wider ranging presentation or tutorials up to an hour long

Please review and agree with the OWASP Speaker Agreement and contact Craig Francis for further information.

Meeting Supporters

Here is the list of organisations who have generously provided us with space for our OWASP Bristol chapter meetings:

  • ImmersiveLabs
  • RBS
  • GreshamTechnologies
  • JustEat
  • Ovo
  • HargreavesLansdown

Scheduled events

To register for this event, please visit our Meetup page.

Past events

A list of our previous events and presentations, and occasionally videos.

2025

  • 2025-7-15:
    • Talk: Implementing a bug bounty program, Ashley Dunn
    • Talk: Don’t tell Mum I joined up (she thinks I’m a bicycle repair man), David Greeney
  • 2025-3-25:
    • Introduction slides
    • Talk: Ship Happens: The Stormy Seas of Supply Chain Security, David Archer
    • Discussion: The human element of the supply chain, led by Illyana Mullins of WiTCH (Women in Tech & Cyber Hub)

2024

  • 2024-5-21:
    • Workshop: Interactive cyber crisis simulation, hosted by James Riley and Chris Wood at the Immersive Labs Bristol office
  • 2024-3-5:
    • Talk: OWASP Threat Dragon, Jon Gadsden - slides
    • Discussion: The Effects of our Decisions, led by Craig Francis

2023

  • 2023-11-28:
    • Talk: Integrating Threat Modeling into the SDLC, Rob Fewster - video slides
  • 2023-10-17:
    • Talk 1: Secure by Design and by Default, Chris Goff - video
    • Talk 2: Exploring Security, Dan Billing - video
    • Update: ZAP and the Software Security Project, Jon Gadsden - video slides
  • 2023-06-15:
    • Talk 1: LLM and Application Security, Chris Wood
    • Talk 2: An Introduction to scripting for Application Testers, Alex Archondakis - slides

2021 virtual meetings only

  • 2021-12-02
    • Talk: Infrastructure as Code (IaC) Misconfigurations, Ori Bendet - video
  • 2021-06-24
    • Talk: Enforcing Code Security Standards with Semgrep, Clint Gibler - video
  • 2021-06-22
    • Talk: IoT Security - Importance, threats, best practice, Ilya Kudryavtsev - video
  • 2021-03-18
    • Introduction - video
    • Discussion: is_literal(), Craig Francis - video

2020

2019

  • 2019-11-14:
    • Talk 1: Least-privilege principle of container security, Ben Meier - video
    • Talk 2: OWASP Threat Dragon: Cupcake to the rescue, Jon Gadsden - video slides
  • 2019-09-12:
    • Talk 1: Hacking into Developers’ Security Consciousness, Andra Lezza
    • Talk 2: Stranger Danger: Finding Security Vulnerabilities Before They Find You!, Siobhan Meier
  • 2019-07-07:
    • Talk 1: autom8on’s infamous stalking talk, Steve Wilson
    • Talk 2: Exploits with Scratch, Kevin Sheldrake
  • 2019-06-06:
    • Talk: Cracking HiTag2 Crypto - Weaponising Academic Attacks for Breaking and Entering, Kev Sheldrake
  • 2019-01-09: “Capture The Flag (CTF) Evening”

2018

2017

  • 2017-11-30:
    • Talk 1: Can DevSecOps Prevent the Impending Software Apocalypse?, Jeff Williams
    • Talk 2: Cookie Security - Myths and Misconceptions, David Johansson
  • 2017-11-23:
    • Talk 1: A Corporate Phishing Trip, Iain Baughen
    • Talk 2: Modern Access Management, Jonathan Scudder
  • 2017-09-28:
    • Talk 1: Website hacking, Craig Francis
    • Talk 2: Threat Modeling, Jon Gadsden - slides
  • 2017-06-22:
    • Talk 1: IoT, Ramesh Krishnasagar
    • Talk 2: Securing financial APIs, Dave Tonge
  • 2017-04-20:
    • Talk: The path of secure software, Katy Anton
  • 2017-03-09:
    • Talk: OWASP Top 10 Proactive Controls

2016

  • 2016-11-17:
    • Talk: Embedded Systems or - the Unwitting Accomplice, Jamie Riden
  • 2016-09-15:
    • Talk: How to test your software for security, Matteo Meucci
  • 2016-07-21:
    • Talk 1: OT is not IT, Vitor Jesus
    • Talk 2: Car hacking, Ken Munro
  • 2016-05-20:
    • Workshop: Threat Modelling
  • 2016-03-17:
    • Talk 1: New Era of Software with modern Application Security, Dinis Cruz
    • Talk 2: Android app security on a shoestring budget, Scott Alexander-­Bown
  • 2016-01-21:
    • Talk 1: Don’t Panic - Maintain Security in Continuous Deployments, Chris Dare
    • Talk 2: New Adventures in Security Testing, Dan Billing

2015

  • 2015-11-19:
    • Talk 1: Devops & Continuous Delivery Security, Jason Alexander
    • Talk 2: Dip Your Toes in the Sea of Security, James Titcumb
  • 2015-07-02
Watch Star