New Zealand

Upcoming Event

 * 20th September 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Introduction to the OWASP Top Ten - Part 1
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Abstract: This is the first in a series of 3 presentations that will introduce the OWASP Top Ten risks to developers. The target audience for this presentation is developers new to OWASP or unfamiliar with secure coding practices and the risks that web applications face on a daily basis.
 * Presentation: Clickjacking for Shells
 * Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)
 * Abstract: Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. I will demonstrate step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking. To demonstrate this issue I will publish an 0day clickjacking exploit for WordPress v3.1.2 and earlier to gain a shell on the webserver. In May this year the tech media reported and speculated upon clickjacking protection being implemented in WordPress and now I will show you why it is so important.

2011
https://www.owasp.org/images/0/05/OWASP_NZ_Day_2011_Logo.png
 * 7th July 2011
 * Co-Sponsor: Security-Assessment.com, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2011


 * 2nd March 2011
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
 * Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
 * Presentation: I know what you did last summer: The latest from the world of web hacks
 * Presented By: Kirk Jackson, Security Consultant (Aura Software Security)

2010
http://www.owasp.org/images/a/a7/Owasp_nz_day_2010.jpg
 * 15th July 2010
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2010


 * 4th March 2010
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: MS-SQL Injections.
 * Presented By: Scott Bell, Security Consultant (Security-Assessment.com)

2009

 * 10th November 2009
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: Testing AMF/Flex.
 * Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
 * Presentation: "Shared Ownership", from a web security perspective.
 * Presented By: Quintin Russ, Technical Director (Site Host)

https://www.owasp.org/images/8/85/Owasp_nz_logo.jpg
 * 13th July 2009
 * Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
 * Location: Auckland
 * Presentations: Download
 * Event site: OWASP New Zealand Day 2009


 * 19th March 2009
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "ActiveXploitation in 2009"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Reversing JavaScript"
 * Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)

2008

 * 5th November 2008
 * Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Common Application Flaws"
 * Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
 * Presentation: "In your Browser, Jackin your Clicks"
 * Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
 * Presentation: "Opera Stored Cross Site Scripting"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 3rd September 2008
 * Co-Sponsor: Microsoft and Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Browser Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
 * Presentation: "Time based blind SQL Injections"
 * Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)


 * 25th June 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Fuzz the Web"
 * Presented By: Dean Jerkovich, Security Analyst (ASB)
 * Presentation: "Hacking The World With Flash Part #2: The Results"
 * Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)


 * 29th April 2008
 * Co-Sponsor: Security-Assessment.com
 * Locations: Wellington, Auckland
 * Presentation: "Hacking The World With Flash"
 * Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
 * Presentation: "Web Spam Techniques - also available in HTML format"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


 * 21st February 2008
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Xpath Injection - An Overview"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)

2007

 * 5th December 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland
 * Presentation: "Ajax Security"
 * Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
 * Presentation: "On the job browser exploitation"
 * Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)


 * 22nd May 2007
 * Co-Sponsor: Veda Advantage
 * Press Release: VedaAdvantage.com
 * Locations: Auckland
 * Presentation: "OWASP in New Zealand"
 * Presented By: Roberto Suggi Liverani / Antonio Spera


 * April 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland


 * January 2007
 * Co-Sponsor: Veda Advantage
 * Locations: Auckland

Activities
OWASP New Zealand members actively participate in various OWASP activities. The following are some recent activities undertaken by OWASP NZ members:


 * Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
 * Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
 * Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
 * Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
 * OWASP NZ Day 2009 - Presentations online
 * Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
 * Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
 * Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
 * Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
 * Rob Munro has been appointed as OWASP Evangelist
 * OWASP NZ has audio/video conference capability between Auckland and Wellington

OWASP NZ Members
We are always looking for additional board members to evangelise the OWASP mission help with meetings, projects and initiatives as we all know it takes time/effort to run a chapter. Please contact us if you are interested to join the NZ OWASP board member or for any queries related to OWASP NZ.

 
 * NZ Board Member (Leader - Auckland) [mailto:nick.freeman(at)owasp.org Nick Freeman] 021 424 777
 * NZ Board Memeber (Leader - Wellington) [mailto:scott.bell(at)owasp.org Scott Bell] 021 776 410
 * NZ Board Member (Evangelist) [mailto:rob(at)robmunro.com Rob Munro] 021 677 785

The chapter mailing address is: Security-Assessment.com Level 1 - Building 2 12-16 Nicholls Lane, Parnell, Auckland 1010