New Zealand

OWASP New Zealand
Welcome to the OWASP New Zealand chapter homepage.

The chapter leaders are [mailto:kim.carter@owasp.org Kim Carter] (Christchurch), [mailto:kirk.jackson@owasp.org Kirk Jackson] (Wellington), and [mailto:john.dileo@owasp.org John DiLeo] (Auckland).

Keeping in Touch

 * Chapter Mailing List (Google Groups): [mailto:new-zealand-chapter@owasp.org New-Zealand-Chapter@owasp.org] - Join the Group
 * InfoSecNZ Workspace on Slack - Be sure to join the #events channel for calendar notices (NOTE: By design, we do not maintain a separate Slack Workspace for the New Zealand chapter)
 * Follow us on Twitter (@owaspnz)

Some Global OWASP Resources:
 * Directory of OWASP's Google Groups
 * OWASP Workspace on Slack

OWASP New Zealand Chapter Board
We are always looking for additional board members to evangelise the OWASP mission, help with meetings, projects and initiatives. As we all know, it takes time/effort to run a chapter. Please contact us if you are interested in joining the NZ OWASP board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to OWASP NZ.

 
 * NZ Board Member (Leader - Christchurch) [mailto:kim.carter@owasp.org Kim Carter] (@binarymist)
 * NZ Board Member (Leader - Auckland) [mailto:john.dileo@owasp.org John DiLeo] (@gr4ybeard)
 * NZ Board Member (Leader - Wellington) [mailto:kirk.jackson@owasp.org Kirk Jackson] (@kirkj)

= Upcoming Events =

Local Meetup Links

 * OWASP New Zealand Chapter-Auckland
 * OWASP New Zealand Chapter-Christchurch
 * OWASP New Zealand Chapter-Wellington

2020
19 - 21 February 2020

OWASP New Zealand Day 2020 - University of Auckland Business School
 * One-day conference, with two tracks on Friday, 21 February - Registration is FREE
 * Training sessions (half-day, one-day, or two-day) on Wednesday and Thursday, 19 - 20 February - Registration: $325 for half-day; $625 for one-day; $1250 for two-day (plus EventBrite fees)

2019
10 December 2019

Auckland Meetup
 * Top Ten Discussion: A7 - Cross-Site Scripting (XSS) - Led by John DiLeo
 * Presentation: TBC
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

= Past Events =

2019
8 October 2019

Auckland Meetup
 * Top Ten Discussion: A6 - Security Misconfiguration - Led by James Ting-Edwards
 * Presentation: What's In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
 * Venue Host: Simon White
 * Location: Middleware NZ, 104 Quay Street, CBD, Auckland



24 - 25 August 2019

OWASP NZ is proud to invite you to our first https://security.ac.nz event. Please visit the website for details.
 * Registration: FREE
 * Location: Maclaurin Lecture Theatres, Victoria University of Wellington

13 August 2019

Auckland Meetup
 * Top Ten Discussion: A9 - Using Components with Known Vulnerabilities - Led by John DiLeo
 * Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

10 August 2019

Auckland Training Day
 * Threat Modelling: Getting from None to Done - John DiLeo
 * Registration: $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

11 June 2019

Auckland Meetup
 * Top Ten Discussion: A5 - Broken Access Control - Led by John DiLeo
 * Technical Topic: My Recent Adventures at OWASP Conferences - John DiLeo
 * Location: Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland

9 April 2019

Auckland Meetup
 * Top Ten Discussion: A4 - XML External Entities (XXE) - Led by John DiLeo
 * Open Discussion: What do we want to do this year?
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

https://www.owasp.org/images/e/e3/NZDay_2019_web_banner.jpg 21 - 22 February 2019

OWASP New Zealand Day 2019 - University of Auckland Business School
 * One-day conference, with two tracks on Friday, 22 February - Registration is FREE
 * Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day

2018
11 December 2018

Auckland Meetup
 * Top Ten Discussion: A2 - Broken Authentication - Led by John DiLeo
 * Technical Topic: Some Thoughts on Threat Modelling - John DiLeo
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

29 October 2018

Wellington Meetup
 * Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
 * Video:
 * Location: Wellington

9 October 2018

Auckland Meetup
 * Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
 * Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland

27 August 2018

Wellington Meetup
 * Presentation: Developer's guide to Deserialization Attack - Felix Shi
 * Video:
 * Location: Wellington

14 August 2018

Auckland Meetup
 * Top Ten Discussion: A3 - Sensitive Data Exposure - Led by John DiLeo
 * Presentation: Web Application Penetration Testing Demo - Shofe Miraz
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

12 June 2018

Auckland Meetup
 * Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards
 * Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland

11 June 2018

Wellington Meetup
 * Presentation: What are certificates? - Matt Cotterell
 * Location: Wellington

10 April 2018

Auckland Meetup
 * Top Ten Discussion: A1 - Injection - Led by John DiLeo
 * Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
 * Location: Orion Health, 181 Grafton Road, Grafton, Auckland

28 March 2018

Christchurch Meetup
 * CERT NZ
 * Location: Christchurch
 * Co-Sponsor: Catalyst

Wellington Meetup
 * 26 Feb 2018
 * CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram
 * Video:
 * Location: Wellington
 * Presented by: Declan Ingram

https://www.owasp.org/images/5/53/NZ_day_2018_web.jpg 4 - 5 February 2018

OWASP New Zealand Day 2018 - University of Auckland Business School
 * One-day conference, with two tracks on Monday, 5 February - Registration is FREE
 * Training session (full-day) on Sunday, 4 February - Registration: $500

2017
Wellington Meetup
 * 2 Oct 2017
 * Presentation: Same-origin policy: The core of web security
 * Video:
 * Location: Wellington
 * Presented By: Kirk Jackson

Christchurch Meetup
 * 27 Sept 2017
 * Securing your data (your business) using SQL Server 2016
 * Presented By: Anupama Natarajan
 * Location: Christchurch
 * Co-Sponsor: Catalyst

Wellington Meetup
 * 31 July 2017
 * Presentation: What is Cross-Site Request Forgery?
 * Video:
 * Location: Wellington
 * Presented By: Vales Bakaitis

Christchurch Meetup
 * 28 June 2017
 * Web Developer Quiz Night
 * Prepared and Presented By: Kim Carter
 * Details: on binarymist.io
 * Location: Christchurch
 * Co-Sponsor: Catalyst

Wellington Meetup
 * 29 May 2017
 * Presentation: Developer's Guide to Preventing XSS
 * Video:
 * Location: Wellington
 * Presented By: Felix Shi

https://www.owasp.org/images/6/63/OWASP_NZ_Day_2017_logo.jpg

19 - 20 April 2017

OWASP New Zealand Day 2017 - University of Auckland Business School
 * One-day conference, with two tracks on Thursday, 20 April - Registration is FREE
 * Training sessions (half-day and full-day) on Wednesday, 19 April

Christchurch Meetup
 * 29 March 2017
 * PHP Hurts Programmers (and other tales)
 * Presented By: Keith Humm
 * Slides: on speakerdeck
 * Locations: Christchurch
 * Co-Sponsor: Catalyst

Wellington Meetup
 * 27 Feb 2017
 * Presentation: Building the ultimate login and signup
 * Video: Youtube
 * Location: Wellington
 * Presented By: Matt Cotterell

2016
OWASP NZ Wellington Meetup page
 * 29 November 2016
 * Presentation: OWASP Top Ten - Developing secure web apps (PHP-flavoured)
 * Video: Youtube
 * Location: Wellington
 * Presented By: Kirk Jackson
 * In conjunction with the PHP user group Wellington

OWASP NZ Wellington Meetup page
 * 10 October 2016
 * Presentation: Introduction to Ruby on Rails security
 * Video: Youtube
 * Locations: Wellington
 * Presented By: Tim Goddard
 * Sponsor: Insomnia

OWASP NZ Christchurch Meetup page
 * 28 September 2016
 * Presentation / Demo Applying Cold War Learnings to our Daily OPSEC
 * DeadDrop: (https://deaddrop.jadeworld.com/)
 * Github: (https://github.com/phage-nz/deaddrop)
 * Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
 * Locations: Christchurch
 * Presented By: Chris Campbell
 * Co-Sponsor: Catalyst and BinaryMist

OWASP NZ Wellington Meetup page
 * 29 August 2016
 * Presentation: Mobile app security: Intro to the OWASP Mobile Top 10
 * Video: Youtube
 * Location: Wellington
 * Presented By: Mike Haworth

OWASP NZ Christchurch Meetup page
 * 29 June 2016
 * Presentation / Demo Security Regression Testing with ZapAPI and NodeGoat
 * Teaser: (https://youtu.be/DrwXUOJWMoo)
 * Github: (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
 * Sourced From: Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
 * Locations: Christchurch
 * Presented By: Kim Carter
 * Co-Sponsor: Catalyst and BinaryMist

OWASP NZ Wellington Meetup page
 * 27 June 2016
 * Presentation: Introduction to using a web application firewall
 * Video: Youtube
 * Location: Wellington
 * Presented By: Graeme Neilson
 * Sponsor: RedShield

OWASP NZ Christchurch Meetup page
 * 30 March 2016
 * Presentation: Qubes OS Discussion (https://www.qubes-os.org)
 * Locations: Christchurch
 * Presented By: Craig Rowland
 * Co-Sponsor: Dimension Data and BinaryMist Limited


 * 3rd and 4th of February 2016

https://www.owasp.org/images/2/23/OWASP_NZ_Day_2016_logo.jpg

At the University of Auckland School of Commerce

Gold Sponsors:

2015
OWASP NZ Christchurch Meetup page
 * 25 November 2015
 * Presentation: UAC, Governance and Managing the External Infosec Audit
 * Locations: Christchurch
 * Presented By: Drewe Hinkley
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 30 September 2015
 * Two part Presentation: The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from Kims book
 * Locations: Christchurch
 * Presented By: Salinda Lekamge and Kim Carter

OWASP NZ Christchurch Meetup page
 * 24 June 2015
 * Presentation: "Does Your Cloud Solution Look Like a Mushroom".
 * Locations: Christchurch
 * Presented By: Kim Carter.
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 25 March 2015
 * Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations
 * Locations: Christchurch
 * Presented By: Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
 * Co-Sponsor: Dimension Data and BinaryMist Limited


 * 26th and 27th of February 2015



At the University of Auckland Engineering Department

2014
OWASP NZ Christchurch Meetup page
 * 26 November 2014
 * Workshop: Review SSL/TLS, demo sslstrip and mitigation techniques
 * Locations: Christchurch
 * Presented By: Kevin Alcock, Security Consultant at Katipo Security
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Christchurch Meetup page
 * 25 September 2014
 * Workshop: Review, Exploit and Learn from Vulnerable Web App
 * Locations: Christchurch
 * Presented By: Chris Campbell, Security & Operations Consultant Jade
 * Co-Sponsor: Dimension Data and BinaryMist Limited

OWASP NZ Wellington Meetup page
 * 24 July 2014
 * Workshop: Web App Security Workshop
 * Locations: Wellington
 * Presented By: Adrian Hayes
 * Sponsor: Dimension Data

2013
Meetup Link Here
 * 19 December 2013
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland, Christchurch, Webcast
 * Details: All details are on the meetup page above
 * Presentation: Extending Burp with Python
 * Presented By: Mike Haworth, Aura Information Security


 * 11th and 12th of September 2013



At the Auckland Business School

https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013

OWASP Meetup page to RSVP
 * 22 May 2013
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland, Webcast
 * Details: All details are on the meetup page above

2012
OWASP New Zealand Day 2012
 * 31st August 2012
 * Co-Sponsor: The University of Auckland, Security-Assessment.com, Aura Information Security, Insomnia Security, Lateral Security, Web Drive
 * Location: Auckland
 * Event site: OWASP New Zealand Day 2012


 * 8th May 2012
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: An Overview and introduction to modern day BeEF
 * Presented By: Mark Piper, Insomnia Security


 * 28th February 2012
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 3
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: Mistaken Identity: How Not To Build A Password Reset Process
 * Presented By: Nick Freeman, Senior Security Consultant (Security-Assessment.com)

2011

 * 6th December 2011
 * Co-Sponsor: Security-Assessment.com and Touchpoint
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 2
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: Hardened Hosting
 * Presented By: Quintin Russ, Technical Director (SiteHost)


 * 20th September 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 1
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Presentation: Clickjacking for Shells
 * Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)

https://www.owasp.org/images/0/05/OWASP_NZ_Day_2011_Logo.png
 * 7th July 2011
 * Co-Sponsor: Security-Assessment.com, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2011


 * 2nd March 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: I know what you did last summer: The latest from the world of web hacks
 * Presented By: Kirk Jackson, Security Consultant (Aura Software Security)

2010
http://www.owasp.org/images/a/a7/Owasp_nz_day_2010.jpg
 * 15th July 2010
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2010


 * 4th March 2010
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: MS-SQL Injections.
 * Presented By: Scott Bell, Security Consultant (Security-Assessment.com)

2009

 * 10th November 2009
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Testing AMF/Flex.
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Presentation: "Shared Ownership", from a web security perspective.
 * Presented By: Quintin Russ, Technical Director (Site Host)

https://www.owasp.org/images/8/85/Owasp_nz_logo.jpg
 * 13th July 2009
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2009


 * 19th March 2009
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "ActiveXploitation in 2009"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Reversing JavaScript"
 * Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)

2008

 * 5th November 2008
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Common Application Flaws"
 * Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
 * Presentation: "In your Browser, Jackin your Clicks"
 * Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
 * Presentation: "Opera Stored Cross Site Scripting"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 3rd September 2008
 * Co-Sponsor: Microsoft and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Browser Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
 * Presentation: "Time based blind SQL Injections"
 * Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)


 * 25th June 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Fuzz the Web"
 * Presented By: Dean Jerkovich, Security Analyst (ASB)
 * Presentation: "Hacking The World With Flash Part #2: The Results"
 * Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)


 * 29th April 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Hacking The World With Flash"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Web Spam Techniques - also available in HTML format"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 21st February 2008
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Xpath Injection - An Overview"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)

2007

 * 5th December 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Ajax Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
 * Presentation: "On the job browser exploitation"
 * Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)


 * 22nd May 2007
 * Co-Sponsor: Veda Advantage
 * Press Release: VedaAdvantage.com
 * Locations: Auckland
 * Presentation: "OWASP in New Zealand"
 * Presented By: Roberto Suggi Liverani / Antonio Spera


 * April 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland


 * January 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland

= Activities =

Activities
OWASP New Zealand members actively participate in various OWASP activities. The following are some highlights of activities undertaken by OWASP NZ members:

2019

 * John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the NZISF in Auckland
 * John DiLeo attended the Open Security Summit, June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
 * John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at Global AppSec-Tel Aviv in May 2019
 * John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

 * John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the Open Security Summit in the UK, in June 2018
 * John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
 * John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
 * John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
 * Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
 * Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018

Older

 * Kim Carter ran a workshop at the NYC chapter
 * Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
 * Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
 * Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
 * Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
 * Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
 * Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
 * Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
 * OWASP NZ Day 2009 - Presentations online
 * Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
 * Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
 * Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
 * Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
 * Rob Munro has been appointed as OWASP Evangelist
 * OWASP NZ has audio/video conference capability between Auckland and Wellington