Jump to: navigation, search
This OWASP Chapter is inactive.  If you are interested in restarting this Chapter contact us for more information or apply to restart this chapter .

OWASP Kitchener/Waterloo

Welcome to the Kitchener/Waterloo chapter homepage. The chapter leader position is OPEN. Visit the Volunteer page to suggest a new leader or to take on the role. <paypal>Kitchener/Waterloo</paypal>
Click here to join the local chapter mailing list.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming Meetings & Presentations

2014 Meeting Schedule and Topics TBD
If you are interested in presenting, please let me know via email.
Input on topics of interest or things you would like to see covered is also appreciated.


We are always looking for security minded speakers to present on a topic of your choice, Developers, Quality Assurance, Project Managers, Managers are all welcome, if you're interested please contact one of the chapter leaders.


Meetings are open, free and welcoming for all to attend. Some Beverages & food will be provided.

Previous Meetings

Thursday March 28th, 2013 6:00-7:30
Location: McAfee Anti-Virus, 565 Kumpf Drive, Waterloo - Basically Northfield & Expressway.


  1. Introductions
  2. Presentation: (Dave Ockwell-Jenner) Annoying Persistent Threat edition

Presentation Brief: China: All up in your business - Annoying Persistent Threat edition

For the past few years, I've been involved in examining intrusions by a group informally known as Comment Crew -- which are now better known as 'APT1' following the recent release of the report from Mandiant. This group falls into the class of the 'Advanced Persistent Threat' and are known to use compromised web sites to supply command/control to compromised systems. I have a live demo of an annotated attack against a fictitious company, using custom malware and metasploit. It shows how attackers initially compromise a system, supply commands, install additional malware, gain privileges in post-exploit and loot the network for fun and profit! All-in-all it takes about an hour including questions as we go. It's targeted toward beginner/intermediate and we can focus on the demo-malware code itself if we have lots of devs - advanced pentesters will find it pretty typical.

Dave's Bio:

Dave Ockwell-Jenner has an extensive background in technology: from building one of the Internet’s earliest major web sites, to helping secure some of the world’s most critical systems. He has led the development of solutions for some of Canada’s most prominent technology companies, including Research In Motion and Nortel.

He currently works for a Swiss-based company that specializes in IT and communications for the Air Transport Industry. In this role he has focused on designing and delivering the company's secure software development lifecycle. Through this, Dave regularly trains developers in secure software techniques, and has co-authored the SANS course on Developing Defensible Java EE Solutions.

Dave also runs a boutique security consultancy called Prime Information Security, concentrating on information security within Small-to-Medium Businesses. He is a security blogger for TELUS and also co-founded a business networking organization called the Small Business Community Network (SBCN).

Tuesday February 26th 2013, 6:00-8:00pm
Location: Morty's Pub (Basement) 272 King Street North, Waterloo Ontario


  1. Introductions
  2. OWASP Mission & Meetings
  3. Guest Presentation & Discussions
  4. OWASP Materials
  5. OWASP Membership

'Wednesday, November 16th, 8pm - Local Chapter Kickoff Meeting + Presentation (Steve Hendrikse - Introduction To Web Services Security Testing)

Location: RumRunnerPub, 1 King Street W., Kitchener (Basement of Walper Hotel, corner of King and Queen- Map/Directions

Description: For this informal meeting, we will have brief introductions, complete some general housekeeping, and discuss what we would like to get out of our local chapter. For the second half, our guest speaker will present an introduction to web services security testing

Welcome & Introductions
- OWASP Mission & Goals
- OWASP Meetings
- OWASP resources and materials
- OWASP Membership

Guest Speaker
- Steve Hendrikse - Intro to testing Web Services
- Q&A
- Open Discussion
- Feedback & Closing Comments

Speaker Bio: Steve Hendrikse is a Technical Security Analyst with Research In Motion. He specializes in web application security assessment and testing. Steve also has a leading role within the Corporate Security Department in developing and extending the Secure Development Lifecycle at RIM. Steve studied Computer Science at the University of Western Ontario and attained an MSc. in Information Security from the Royal Holloway. His interests include application/system usability and accessibility, reverse engineering, and design for security.

Outcome / Update: Our first meeting was a great success. We had 9 people attend, including our speaker. We had some techical diffictulties with our projector setup, but were able to overcome it due to the small crowd. The presentation was very interesting and the speaker was Class One. Thanks Steve for a great / informative presentation. Below is a link to the slideshow portion of the presentation for anyone intersted in the topic to view. We are looking forward to our next meeting, hoping some time in May / June. Stay tuned.

Past Presentations

Steve's Presentation on Web Service Security Testing [Presentation Slide Show]

Contact Chapter Leaders & Committee

Feel free to contact our chapter leaders via email...
Colin Delaney

If you're interested in getting involved we are interested in hearing from you, we're looking to build a great committee to set direction and vision for KW OWASP into the future.

Also feel free to join our mailing list and contact us through it in a public / open fashion.


OWASP is a non-profit vendor neutral organization we are committed to raising the collective security awareness and knowledge in the Kitchener-Waterloo IT community, globally working with our OWASP parent organization to provide the IT community with tools & resources to better make the IT professional aware of security vulnerabilities. If you're a security dedicated individual and you would like to help the Kitchener-Waterloo chapter, put on events, educate the IT professionals and the public. Please consider making a donation through the donate button on this page.

Other Chapter Events

We partner with other chapters, and display their upcoming events in this section in case you are visiting our chapter from somewhere else or you will be in their area, feel free to stop by their events and see what is new and happening at their meetings.

Toronto Chapter

Ottawa Chapter