New Zealand

2019
= Past Events =

2019
24 - 25 August 2019, Wellington - security.ac.nz

OWASP NZ is proud to invite you to our first https://security.ac.nz event. Please visit the website for details.

https://www.owasp.org/images/e/e3/NZDay_2019_web_banner.jpg 21 - 22 February 2019

OWASP New Zealand Day 2019 - University of Auckland Business School
 * One-day conference, with two tracks on Friday, 22 February - Registration is FREE
 * Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day

2018
11 December 2018

Meetup - OWASP New Zealand-Auckland
 * Top Ten Focus: A4 - XML External Entities (XXE)
 * Technical Topic: TBC
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland


 * 29 Oct 2018

OWASP NZ Wellington Meetup page
 * Make the Cyber Safer with Multi-factor Authentication - with Kevin Thomas
 * Video:
 * Location: Wellington
 * Presented by: Kevin Thomas


 * 9 October 2018

Meetup - OWASP New Zealand-Auckland
 * Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
 * Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland


 * 27 Aug 2018

OWASP NZ Wellington Meetup page
 * Developer's guide to Deserialization Attack with Felix Shi
 * Video:
 * Location: Wellington
 * Presented by: Felix Shi


 * 14 August 2018

Meetup - OWASP New Zealand-Auckland
 * Top Ten Focus: A3 - Sensitive Data Exposure
 * Technical Topic: Web Application Penetration Testing Demo - Shofe Miraz
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland


 * 12 June 2018

Meetup - OWASP New Zealand-Auckland
 * Top Ten Focus: A2 - Broken Authentication
 * Technical Topic: GDPR and New Zealand Privacy Law - James Ting-Edwards
 * Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland


 * 11 June 2018

OWASP NZ Wellington Meetup page
 * What are certificates? with Matt Cotterell
 * Location: Wellington
 * Presented by: Matt Cotterell


 * 10 April 2018

Meetup - OWASP New Zealand-Auckland
 * Top Ten Focus: A1 - Injection
 * Technical Topic: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland


 * 28 March 2018 OWASP NZ Christchurch Meetup page
 * CERT NZ
 * Location: Christchurch
 * Co-Sponsor: Catalyst

OWASP NZ Wellington Meetup page
 * 26 Feb 2018
 * CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram
 * Video:
 * Location: Wellington
 * Presented by: Declan Ingram


 * 5 Feb 2018

https://www.owasp.org/images/5/53/NZ_day_2018_web.jpg

OWASP NZ Day 2018 will be held on Monday the 5th of February 2018 at the University of Auckland School of Business.

Gold Sponsors:

2017
OWASP NZ Wellington Meetup page
 * 2 Oct 2017
 * Presentation: Same-origin policy: The core of web security
 * Video:
 * Location: Wellington
 * Presented By: Kirk Jackson

OWASP NZ Christchurch Meetup page
 * 27 Sept 2017
 * Securing your data (your business) using SQL Server 2016
 * Presented By: Anupama Natarajan
 * Location: Christchurch
 * Co-Sponsor: Catalyst

OWASP NZ Wellington Meetup page
 * 31 July 2017
 * Presentation: What is Cross-Site Request Forgery?
 * Video:
 * Location: Wellington
 * Presented By: Vales Bakaitis

OWASP NZ Christchurch Meetup page
 * 28 June 2017
 * Web Developer Quiz Night
 * Prepared and Presented By: Kim Carter
 * Details: on binarymist.io
 * Location: Christchurch
 * Co-Sponsor: Catalyst

OWASP NZ Wellington Meetup page
 * 29 May 2017
 * Presentation: Developer's Guide to Preventing XSS
 * Video:
 * Location: Wellington
 * Presented By: Felix Shi


 * 19th and 20th of April 2017

https://www.owasp.org/images/6/63/OWASP_NZ_Day_2017_logo.jpg

At the University of Auckland School of Business

Gold Sponsors:

OWASP NZ Christchurch Meetup page
 * 29 March 2017
 * PHP Hurts Programmers (and other tales)
 * Presented By: Keith Humm
 * Slides: on speakerdeck
 * Locations: Christchurch
 * Co-Sponsor: Catalyst

OWASP NZ Wellington Meetup page
 * 27 Feb 2017
 * Presentation: Building the ultimate login and signup
 * Video: Youtube
 * Location: Wellington
 * Presented By: Matt Cotterell

2016
OWASP NZ Wellington Meetup page
 * 29 November 2016
 * Presentation: OWASP Top Ten - Developing secure web apps (PHP-flavoured)
 * Video: Youtube
 * Location: Wellington
 * Presented By: Kirk Jackson
 * In conjunction with the PHP user group Wellington

OWASP NZ Wellington Meetup page
 * 10 October 2016
 * Presentation: Introduction to Ruby on Rails security
 * Video: Youtube
 * Locations: Wellington
 * Presented By: Tim Goddard
 * Sponsor: Insomnia

OWASP NZ Christchurch Meetup page
 * 28 September 2016
 * Presentation / Demo Applying Cold War Learnings to our Daily OPSEC
 * DeadDrop: (https://deaddrop.jadeworld.com/)
 * Github: (https://github.com/phage-nz/deaddrop)
 * Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
 * Locations: Christchurch
 * Presented By: Chris Campbell
 * Co-Sponsor: Catalyst and BinaryMist

OWASP NZ Wellington Meetup page
 * 29 August 2016
 * Presentation: Mobile app security: Intro to the OWASP Mobile Top 10
 * Video: Youtube
 * Location: Wellington
 * Presented By: Mike Haworth

OWASP NZ Christchurch Meetup page
 * 29 June 2016
 * Presentation / Demo Security Regression Testing with ZapAPI and NodeGoat
 * Teaser: (https://youtu.be/DrwXUOJWMoo)
 * Github: (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
 * Sourced From: Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
 * Locations: Christchurch
 * Presented By: Kim Carter
 * Co-Sponsor: Catalyst and BinaryMist

OWASP NZ Wellington Meetup page
 * 27 June 2016
 * Presentation: Introduction to using a web application firewall
 * Video: Youtube
 * Location: Wellington
 * Presented By: Graeme Neilson
 * Sponsor: RedShield

OWASP NZ Christchurch Meetup page
 * 30 March 2016
 * Presentation: Qubes OS Discussion (https://www.qubes-os.org)
 * Locations: Christchurch
 * Presented By: Craig Rowland
 * Co-Sponsor: Dimension Data and BinaryMist Limited


 * 3rd and 4th of February 2016

https://www.owasp.org/images/2/23/OWASP_NZ_Day_2016_logo.jpg

At the University of Auckland School of Commerce

Gold Sponsors:

2015
OWASP NZ Christchurch Meetup page
 * 25 November 2015
 * Presentation: UAC, Governance and Managing the External Infosec Audit
 * Locations: Christchurch
 * Presented By: Drewe Hinkley
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 30 September 2015
 * Two part Presentation: The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from Kims book
 * Locations: Christchurch
 * Presented By: Salinda Lekamge and Kim Carter

OWASP NZ Christchurch Meetup page
 * 24 June 2015
 * Presentation: "Does Your Cloud Solution Look Like a Mushroom".
 * Locations: Christchurch
 * Presented By: Kim Carter.
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 25 March 2015
 * Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations
 * Locations: Christchurch
 * Presented By: Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
 * Co-Sponsor: Dimension Data and BinaryMist Limited


 * 26th and 27th of February 2015



At the University of Auckland Engineering Department

2014
OWASP NZ Christchurch Meetup page
 * 26 November 2014
 * Workshop: Review SSL/TLS, demo sslstrip and mitigation techniques
 * Locations: Christchurch
 * Presented By: Kevin Alcock, Security Consultant at Katipo Security
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 25 September 2014
 * Workshop: Review, Exploit and Learn from Vulnerable Web App
 * Locations: Christchurch
 * Presented By: Chris Campbell, Security & Operations Consultant Jade
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Wellington Meetup page
 * 24 July 2014
 * Workshop: Web App Security Workshop
 * Locations: Wellington
 * Presented By: Adrian Hayes
 * Sponsor: Dimension Data

2013
Meetup Link Here
 * 19 December 2013
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland, Christchurch, Webcast
 * Details: All details are on the meetup page above
 * Presentation: Extending Burp with Python
 * Presented By: Mike Haworth, Aura Information Security


 * 11th and 12th of September 2013



At the Auckland Business School

https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013

OWASP Meetup page to RSVP
 * 22 May 2013
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland, Webcast
 * Details: All details are on the meetup page above

2012
OWASP New Zealand Day 2012
 * 31st August 2012
 * Co-Sponsor: The University of Auckland, Security-Assessment.com, Aura Information Security, Insomnia Security, Lateral Security, Web Drive
 * Location: Auckland
 * Event site: OWASP New Zealand Day 2012


 * 8th May 2012
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: An Overview and introduction to modern day BeEF
 * Presented By: Mark Piper, Insomnia Security


 * 28th February 2012
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 3
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: Mistaken Identity: How Not To Build A Password Reset Process
 * Presented By: Nick Freeman, Senior Security Consultant (Security-Assessment.com)

2011

 * 6th December 2011
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 2
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: Hardened Hosting
 * Presented By: Quintin Russ, Technical Director (SiteHost)


 * 20th September 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 1
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Presentation: Clickjacking for Shells
 * Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)

https://www.owasp.org/images/0/05/OWASP_NZ_Day_2011_Logo.png
 * 7th July 2011
 * Co-Sponsor: Security-Assessment.com, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2011


 * 2nd March 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: I know what you did last summer: The latest from the world of web hacks
 * Presented By: Kirk Jackson, Security Consultant (Aura Software Security)

2010
http://www.owasp.org/images/a/a7/Owasp_nz_day_2010.jpg
 * 15th July 2010
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2010


 * 4th March 2010
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: MS-SQL Injections.
 * Presented By: Scott Bell, Security Consultant (Security-Assessment.com)

2009

 * 10th November 2009
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Testing AMF/Flex.
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Presentation: "Shared Ownership", from a web security perspective.
 * Presented By: Quintin Russ, Technical Director (Site Host)

https://www.owasp.org/images/8/85/Owasp_nz_logo.jpg
 * 13th July 2009
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2009


 * 19th March 2009
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "ActiveXploitation in 2009"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Reversing JavaScript"
 * Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)

2008

 * 5th November 2008
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Common Application Flaws"
 * Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
 * Presentation: "In your Browser, Jackin your Clicks"
 * Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
 * Presentation: "Opera Stored Cross Site Scripting"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 3rd September 2008
 * Co-Sponsor: Microsoft and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Browser Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
 * Presentation: "Time based blind SQL Injections"
 * Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)


 * 25th June 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Fuzz the Web"
 * Presented By: Dean Jerkovich, Security Analyst (ASB)
 * Presentation: "Hacking The World With Flash Part #2: The Results"
 * Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)


 * 29th April 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Hacking The World With Flash"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Web Spam Techniques - also available in HTML format"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 21st February 2008
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Xpath Injection - An Overview"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)

2007

 * 5th December 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Ajax Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
 * Presentation: "On the job browser exploitation"
 * Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)


 * 22nd May 2007
 * Co-Sponsor: Veda Advantage
 * Press Release: VedaAdvantage.com
 * Locations: Auckland
 * Presentation: "OWASP in New Zealand"
 * Presented By: Roberto Suggi Liverani / Antonio Spera


 * April 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland


 * January 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland

= Activities =

Activities
OWASP New Zealand members actively participate in various OWASP activities. The following are some recent activities undertaken by OWASP NZ members:


 * Denis Andzakovic has resigned from his position as OWASP New Zealand Chapter Leader at OWASP NZ Day 2018
 * Kim Carter ran a workshop at the NYC chapter
 * Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
 * Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
 * Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
 * Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
 * Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
 * Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
 * Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
 * OWASP NZ Day 2009 - Presentations online
 * Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
 * Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
 * Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
 * Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
 * Rob Munro has been appointed as OWASP Evangelist
 * OWASP NZ has audio/video conference capability between Auckland and Wellington