Kyiv



= About =

Chapter meeting sponsors
These companies have demonstrated their support for Ukrainian Application Security community by funding our quarterly chapter meetings.



Chapter meeting hosts
These companies have demonstrated their support for Ukrainian Application Security community by hosting our quarterly chapter meetings.



Who are we
OWASP Kyiv chapter was founded in 2017 by [mailto:vlad.styran@owasp.org Vlad Styran] and [mailto:ihor.bliumental@owasp.org Ihor Bliumental]. The chapter is run by a team of dedicated cyber security enthusiasts: Kyrylo Hobrenyak, Dmytro Diordiychuk, and Serhii Korolenko.

The chapter aims at holding quarterly meetups in the format of 2 practical workshops and up to 5 talks. The meetups are normally streamed online and recorded, and are followed by unofficial parties in Kyiv pubs.

How to find us
Follow our news and announcements on social media: Facebook, Twitter & Telegram

Find us on the semi-official OWASP Slack channel (you have to register first)

Watch recordings of our previous events YouTube

Join the chapter Mailing List or browse the Archives

Personal supporter
You can become a chapter supporter by making a donation via PayPal.

You can also become an Individual OWASP Member. Make sure you choose to support OWASP Kyiv chapter!

Corporate supporter
If your company wishes to support the chapter, please review and agree with OWASP Membership terms and conditions and contact [mailto:vlad.styran@owasp.org Vlad Styran]. The funds donated are divided with 90% directly supporting the OWASP local chapter and 10% to the OWASP Foundation.

For donations in USD click here:

For donations in EUR click here:

If you require an invoice or would like to pay via wire transfer, please let us know using this form.

= Future Events =

Become a Speaker
Call For Speakers at OWASP Kyiv events is permanently open. If you want to present at future events, review and agree with the OWASP Speaker Agreement and check for upcoming events at https://cfp.owaspukraine.org, or simply send the title and abstract of your talk and speaker bio to [mailto:vlad.styran@owasp.org Vlad Styran] or [mailto:ihor.bliumental@owasp.org Ihor Bliumental].

Become a Sponsor
To sponsor an OWASP Kyiv event, contact [mailto:vlad.styran@owasp.org Vlad Styran] or [mailto:ihor.bliumental@owasp.org Ihor Bliumental].

We don't have any special sponsorship package, however the sponsoring organization or individual will receive our warm thanks and a fair amount of gratitude spread over our social media presence, placed at the chapter official web-page, and announced at the event itself.

Become a Host
To host an OWASP Kyiv event, contact [mailto:vlad.styran@owasp.org Vlad Styran] or [mailto:ihor.bliumental@owasp.org Ihor Bliumental].

Venue requirements include:
 * Capacity to welcome up to 100 attendees
 * Possibility to host a lunch (paid separately by the Chapter)
 * Separate high-quality internet connection for online streaming
 * No need for additional attendee registration or providing attendee lists
 * No marketing, advertising, or hiring at the event

Announcements
= Past Events = 2019 | 2018 | 2017

Chapter Meetup Spring 2019
Date Apr 6, 2019 Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program
Event schedule
 * 1) All about Subdomain Takeover attack - Workshop (Kostiantyn Sanduliak) | Video
 * 2) Overview of iOS apps security assessment - Workshop (Dmytro Diordiichuk) | Video
 * 3) Shooting yourself in the feet with PHP (Taras Sharkadi) | Video
 * 4) Your web application is vulnerable! (Dmytro Naumenko) | Video
 * 5) OWASP Mobile Security Testing Guide (MSTG) in Real Life (Julia Potapenko) | Video
 * 6) Adversarial attacks on Deep Neural Networks (Andrey Shalaenko) | Video

Chapter Meetup Winter 2019
Date Feb 2, 2019 Location InnoHub, 6-z, Vatslava Havela Blvd, Kyiv, Ukraine, 03124

Program
Event schedule
 * 10:00 Web Application Firewall bypass techniques - Workshop (Bohdan Lukin) | Video
 * 11:40 Subdomain discovering as an essential part of the reconnaissance phase - Workshop (Kostiantyn Sanduliak) | Video
 * 13:20 Introduction lstio Service Mesh (Stanislav Kolenkin) | Video
 * 14:50 OWASP Top-10 A2: Broken Authentication (Svyatoslav Login) | Video
 * 15:40 Email as an initial attack vector (Arthur Hil) | Video
 * 16:30 Building SQL firewall: insights from developers (Artem Storozhuk) | Video
 * 17:20 Application Threat Modeling (Vlad Styran) | Video

Chapter Meetup Fall 2018
Date Sep 29, 2018 Location MacPaw, 81 Antonovycha Street, Kyiv, Ukraine

Program

 * 10:00 Serhii Korolenko - XSS from zer0 to Hero (workshop) | Video
 * 11:30 Eduard Babych - Burp Suite: from First Run to Website Hack in 60 min (workshop) | Video
 * 12:30 Oleksii Baranovskyi - BeEF it up (workshop) | Video
 * 14:00 Stanislav Kolenkin - How to Secure Your Kubernetes Cluster | Video
 * 15:00 Valentin Averin - AppSec Requirements in PCI DSS | Video
 * 16:00 Artem Tykhonov - Setting up the Setapp Bug Bounty Program | Video

Chapter Meetup Summer 2018
Date Jul 14, 2018 Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

 * 1) Stanislav Kolenkin - Kubernetes Security | Video
 * 2) Stanislav Kolenkin - Practical Kubernetes Security (Workshop) | Video
 * 3) Pavlo Radchuk - Smart Contracts Security: Understanding Token Security (Workshop) | Video
 * 4) Ali Huseyn Aliyev - The Browser Does Not Protect You | Video
 * 5) Olha Pasko - Security Baseline for Incident Response | Video
 * 6) Yan Kravchenko - Evolution of Application Security Programs and OWASP SAMM 2.0 | Video
 * 7) Andriy Shalaenko - Intro to JS and Vue.js Sandbox Escape | Video

Chapter Meetup Spring 2018
Date Mar 3, 2018, Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program
Morning Workshops Afternoon Talks
 * 1) Serhii Korolenko - Crack The Hash Workshop | Video
 * 2) Vlad Styran - Pentesting Android Apps | Video
 * 1) Vlad Styran - OWASP Kyiv 2017 Results and 2018 Plans | Slides | Video
 * 2) Vlada Kulish - Why So Serial? Threats to Modern Serialization Capabilities | Slides | Video
 * 3) Roman Borodin - ISC2 & ISACA Certifications First-hand Experience | Slides | Video
 * 4) Ihor Bliumental - WebSocket Security | Slides | Video
 * 5) Oleksii Dorogan - A Struggle to Start a Bug Bounty for a .gov.ua. | Video
 * 6) Yevhen Teleshyk - Phishing Threats to Cloud Users  | Slides | Video

Chapter Meetup Winter 2017
Date Dec 2, 2017, Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program
Morning Workshops Afternoon Talks Photo album by Serhiy Rekun
 * 1) Kyrylo Hobrenyak - Bash Scripting 101 | Video
 * 2) Vladyslav Makalish & Ivan Berdnik - Cloud Security at AWS | Video
 * 1) Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly | Video | Slides
 * 2) Pavel Radchuk - SAMM: Understanding Agile in Security | Video | Slides
 * 3) Vlad Styran - Security Economics | Video | Slides
 * 4) Dima Kovalenko - Modern SSL Pinning | Video | Slides
 * 5) Ivan Vyshnevskyi - Not So Quiet git push | Video | Slides

Event writeup by Ivan Vyshnevskyi

Chapter Meetup Fall 2017
Date Sep 9, 2017 Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program
Morning Workshops Afternoon Talks Photo album by Serhiy Rekun
 * 1) Vlad Styran - "Hidden" Features of the Tools We All Love | Video | Slides
 * 2) Ihor Bliumental - Collision CORS | Video | Slides
 * 1) Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017 | Video | Slides
 * 2) Lidiia 'Alice' Skalytska - Security Checklist for Web Developers | Video | Slides
 * 3) Volodymyr Ilibman - Close look at Nyetya investigation | Video | Slides
 * 4) Viktor Zhora - Cyber and Geopolitics: Ukrainian factor | Video | Slides
 * 5) Andriy Shalaenko - GO security tips | Video | Slides

Chapter Kick-off Meeting
Date May 27, 2017 Location Smartworking "SAD", 3, Oleksandra Dovzhenka str., Kyiv, Ukraine, 03057

Program

 * 1) Vlad Styran - Chapter Introduction and the 2017 Plan.
 * 2) Ihor Bliumental - Is there life outside OWASP Top-10? Real-life bugs that didn't make the list (yet) | Video | Slides
 * 3) Roman Rott - Ruby for Pentesters | Video | Slides
 * 4) Taras Bobalo - Application Security automation with DevOps tools and Clouds | Video | Slides
 * 5) Tim Karpinsky - OpSec! Not the PoopSec