OWASP Kyiv

Future Events

🟦🟦🟦🟦🟦🟦🟦🟦🟦🟦🟦🟦
🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

OWASP Kyiv Winter 2022 Meetup is postponed due to russian attacks on Ukraine.

We are defending ourselfs.
We do not stop.
Glory to our army!
Glory to Ukraine!

Who are we

OWASP Kyiv chapter was founded in 2017 by Vlad Styran and Ihor Bliumental. The chapter is run by a team of dedicated cybersecurity enthusiasts: Kyrylo Hobrenyak, Dmytro Diordiychuk, Anatolii Bereziuk and Serhii Korolenko.

The chapter aims at holding quarterly meetups in the format of 2 practical workshops and up to 5 talks. The meetups are normally streamed online and recorded, and are followed by unofficial parties in Kyiv pubs.

How to find us

Follow our news and announcements on social media: Facebook, Twitter & Telegram

Upcoming Meeting

Find us on the semi-official OWASP Slack channel (you have to register first)

Watch recordings of our previous events YouTube

Join the chapter Mailing List or browse the Archives

How to support the chapter

If your company wishes to support the chapter, please contact Ihor Bliumental, Kyrylo Hobrenyak, Dmytro Diordiychuk, Anatolii Bereziuk or Serhii Korolenko.

Become a Speaker

Call For Speakers at OWASP Kyiv events is permanently open. If you want to present at future events, review and agree with the OWASP Speaker Agreement and check for upcoming events at https://cfp.owaspukraine.org, or simply send the title and abstract of your talk and speaker bio to Ihor Bliumental, Kyrylo Hobrenyak, Dmytro Diordiychuk, Anatolii Bereziuk or Serhii Korolenko.

Become a Partner

To become a partner of OWASP Kyiv event, contact Ihor Bliumental, Kyrylo Hobrenyak, Dmytro Diordiychuk, Anatolii Bereziuk or Serhii Korolenko.

We don’t have any special partnership package, however the partner organization or individual will receive our warm thanks and a fair amount of gratitude spread over our social media presence, placed at the chapter official web-page, and announced at the event itself.

Become a Host

To host an OWASP Kyiv event, contact Ihor Bliumental, Kyrylo Hobrenyak, Dmytro Diordiychuk, Anatolii Bereziuk or Serhii Korolenko.

Venue requirements include:

  • Capacity to welcome up to 100 attendees
  • Possibility to host a lunch (paid separately by the Chapter)
  • Separate high-quality internet connection for online streaming
  • No need for additional attendee registration or providing attendee lists
  • No marketing, advertising, or hiring at the event

Our supporters

Chapter meeting sponsors

These companies have demonstrated their support for Ukrainian Application Security community by funding our quarterly chapter meetings.

Berezha Security Trend Micro Pentest.com.ua WebbyLab HackenProof Linkos Group Raiffeisen Bank Aval

Chapter meeting hosts

These companies have demonstrated their support for Ukrainian Application Security community by hosting our quarterly chapter meetings.

Державний Університет Телекомунікацій Grammarly EVO Ciklum InnoHub	MacPaw


Chapter Online Meetup Spring 2021

Hosted by Zoom Partner: Raiffeisen Bank Aval
Zoom Pentest.com.ua

Date April 24th, 2021

Program

Event schedule

  1. “A9:Using Components with Known Vulnerabilities?” by Svyat Login | Video
  2. “Information security academic minors in modern Ukrainian higher education” by Trokhym Babych | Video
  3. “Responsible disclosure: it’s not all about the money” by Carlo Di Dato | Video

Chapter Online Meetup Winter 2021

Hosted by Zoom Partner: Pentest.com.ua
Zoom Pentest.com.ua

Date February 27th, 2021

Program

Event schedule

  1. “AppSec vs Pentest vs Audit vs Assessment: В чому різниця і чому це важливо?” by Vlad Styran | Video
  2. “Web-security technologies (SOP, CORS, CSP)” by Oleksii Kyseliov | Video
  3. “Android application dynamic analysis” by Michael Burlin | Video
  4. “Ansible 101: For fun and profit” (Workshop) by Kyrylo Hobreniak | Video

OWASP Ukraine Online Meetup 2020

Date Deember 5th, 2020

Program

Event schedule

  1. “React Native Security: Addressing Typical Mistakes” by Julia Potapenko | Video
  2. “Безпека додатку Дія - “Оскар” чи “Золота малина”” by Константин Корсун | Video
  3. “OAuth2.0: What? Where? When?” by Anatolii Bereziuk | Video
  4. “OWASP JuicyShop Workshop” (Workshop) by Serhii Korolenko & Eduard Kiiko & Oksana Safronova | Video
  5. “Leveraging the crowd power to regain faith in Internet’s zero trust architecture” by Philippe Humeau | Video
  6. “Serverless security: attack & defense” by Pawel Rzepa | Video
  7. “6 digit OTP for 2FA is brute-forceable in 3 days + OTP Lottery” by Maksym Khramov & Serhii Korolenko | Video

Chapter Webinars 2020

  1. “Threat Modeling with OWASP Threat Dragon by Vlad Styran“ Video
  2. “Security Misconfiguration на прикладі Unauthorized Database Access“ by Serhii Korolenko Video
  3. “Типові атаки на Active Directory та як їх уникнути в один клік“ by Кирило Гобреняк Video
  4. “Software Supply Chain Security та компоненти з відомими вразливостями“ by Ігор Блюменталь Video
  5. “Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite“ by Анатолій Березюк Video
  6. “Is there a penetration testing within PCI DSS certification?“ by Dmytro Diordiychuk Video
  7. “Debate on Pentest & AppSec – Blue Team vs. Red Team Perspective“ by Yevgen Balyutov, Andrii Garaschuk, Igor Beliaiev, Vlad Styran Video

Chapter Online Meetup Spring 2020

Hosted by Zoom Partner: Berezha Security
Zoom Berezha Security

Date April 25th, 2020

Program

Event schedule

  1. “AppSec vs Pentest vs Audit vs Assessment: В чому різниця і чому це важливо?” by Vlad Styran | Video
  2. “Web-security technologies (SOP, CORS, CSP)” by Oleksii Kyseliov | Video
  3. “Android application dynamic analysis” by Michael Burlin | Video
  4. “Ansible 101: For fun and profit” (Workshop) by Kyrylo Hobreniak | Video
  5. “OWASP Kyiv QUIZ” by Serhii Korolenko

Chapter Meetup Winter 2020

Hosted by Державний Університет Телекомунікацій Partner: Trend Micro
DUT Trend Micro

Date Feb 29, 2020

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Event schedule

  1. “Продвинутая разведка в сети” by Daniel Matviyiv | Video
  2. “Role of API testing in Android App Pentest” by Andrii Panasiuk | Video
  3. “ЯК пофіксити Х вразливостей, Y з яких критичні, за Z днів” by Viktoriia Tsyhak | Video
  4. “What is wrong with your apps” by Volodymyr Nevmerzhytskyi | Video
  5. “360 View of XSS” by Svyatoslav Login | Video
  6. “Simple lockpicking” by Alex Shmelev | Video
  7. “AppSec Quiz”

2019

Chapter Meetup Fall 2019

Hosted by Grammarly. Partner: Trend Micro.
Grammarly Trend Micro

Date Nov. 23, 2019

Location Grammarly 02121, Україна, м Київ, Харківське шосе, 201/203, корпус 2-А, літера Ф

Program

Event schedule

  1. “Cilium - Network Security for Microservices. Let’s See How It Works with Istio“ by Stanislav Kolenkin | Video
  2. “Quarantine Nights: exploiting macOS File Quarantine in popular apps“ by Vladimir Metnew | Video
  3. “Injections - 4 Ways of Penetration” by Evgeny Tolchinsky | Video
  4. “Pentest Expectations” by Ihor uZ | Video
  5. “Hacktoberfest та open-source” by Mykhailo Pazyniuk | Video
  6. “Basic Ideas of OSINT and Why It Is Useful” by Nadia Klymenko | Video
  7. “AppSec Quiz“ by Serhii Korolenko

Chapter Meetup Summer 2019

Hosted by EVO. Partner: Pentest.com.ua.
Evo pentest.com.ua

Date Aug 3, 2019

Location EVO Company 02121, Україна, м Київ, Харківське шосе, 201/203, корпус 2-А, літера Ф

Program

Event schedule

  1. “Top Mobile Applications Vulnerabilities” by Svyatoslav Login | Video
  2. Web Application Security Quiz | No video
  3. Mitre ATT\&CK in Practice. Detectors, Alerting, Coverage by Den Iuzvyk | Video
  4. “How to Find Security Vulnerabilities in Python Applications?” by Andrey Shalaenko | Video
  5. “Как manual QA может протестировать проект со стороны security + XSS” by Evgeny Tolchinsky | Video
  6. Ruby Security Tips - Roman Rott | Video

Chapter Meetup Spring 2019

Hosted by Ciklum. Partner: WebbyLab.
Ciklum Webbylab

Date Apr 6, 2019

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Event schedule

  1. All about Subdomain Takeover attack - Workshop (Kostiantyn Sanduliak) | Video
  2. Overview of iOS apps security assessment - Workshop (Dmytro Diordiichuk) | Video
  3. Shooting yourself in the feet with PHP (Taras Sharkadi) | Video
  4. Your web application is vulnerable! (Dmytro Naumenko) | Video
  5. OWASP Mobile Security Testing Guide (MSTG) in Real Life (Julia Potapenko) | Video
  6. Adversarial attacks on Deep Neural Networks (Andrey Shalaenko) | Video

Chapter Meetup Winter 2019

Hosted by InnoHub Partner: Berezha Security
Innohub Berezha Security

Date Feb 2, 2019

Location InnoHub, 6-z, Vatslava Havela Blvd, Kyiv, Ukraine, 03124

Program

Event schedule

  1. 10:00 Web Application Firewall bypass techniques - Workshop (Bohdan Lukin) | Video
  2. 11:40 Subdomain discovering as an essential part of the reconnaissance phase - Workshop (Kostiantyn Sanduliak) | Video
  3. 13:20 Introduction lstio Service Mesh (Stanislav Kolenkin) | Video
  4. 14:50 OWASP Top-10 A2: Broken Authentication (Svyatoslav Login) | Video
  5. 15:40 Email as an initial attack vector (Arthur Hil) | Video
  6. 16:30 Building SQL firewall: insights from developers (Artem Storozhuk) | Video
  7. 17:20 Application Threat Modeling (Vlad Styran) | Video

2018

Chapter Meetup Fall 2018

Hosted by MacPaw Partner: HackenProof
MacPaw HackenProof

Date Sep 29, 2018

Location MacPaw, 81 Antonovycha Street, Kyiv, Ukraine

Program

  1. 10:00 Serhii Korolenko - XSS from zer0 to Hero (workshop) | Video
  2. 11:30 Eduard Babych - Burp Suite: from First Run to Website Hack in 60 min (workshop) | Video
  3. 12:30 Oleksii Baranovskyi - BeEF it up (workshop) | Video
  4. 14:00 Stanislav Kolenkin - How to Secure Your Kubernetes Cluster | Video
  5. 15:00 Valentin Averin - AppSec Requirements in PCI DSS | Video
  6. 16:00 Artem Tykhonov - Setting up the Setapp Bug Bounty Program | Video

Chapter Meetup Summer 2018

Hosted by Ciklum. Partner: Linkos Group.
Ciklum Linkos Group

Date Jul 14, 2018

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

  1. Stanislav Kolenkin - Kubernetes Security | Video
  2. Stanislav Kolenkin - Practical Kubernetes Security (Workshop) | Video
  3. Pavlo Radchuk - Smart Contracts Security: Understanding Token Security (Workshop) | Video
  4. Ali Huseyn Aliyev - The Browser Does Not Protect You | Video
  5. Olha Pasko - Security Baseline for Incident Response | Video
  6. Yan Kravchenko - Evolution of Application Security Programs and OWASP SAMM 2.0 | Video
  7. Andriy Shalaenko - Intro to JS and Vue.js Sandbox Escape | Video

Chapter Meetup Spring 2018

Date Mar 3, 2018,

Location Sky Point (Ciklum Kyiv, 20th floor): 12 Amosova street, Horizon Park business center, Kyiv, Ukraine

Program

Morning Workshops

  1. Serhii Korolenko - Crack The Hash Workshop | Video
  2. Vlad Styran - Pentesting Android Apps | Video

Afternoon Talks

  1. Vlad Styran - OWASP Kyiv 2017 Results and 2018 Plans | Slides | Video
  2. Vlada Kulish - Why So Serial? Threats to Modern Serialization Capabilities | Slides | Video
  3. Roman Borodin - ISC2 & ISACA Certifications First-hand Experience | Slides | Video
  4. Ihor Bliumental - WebSocket Security | Slides | Video
  5. Oleksii Dorogan - A Struggle to Start a Bug Bounty for a .gov.ua. | Video
  6. Yevhen Teleshyk - Phishing Threats to Cloud Users | Slides | Video

2017

Chapter Meetup Winter 2017

Date Dec 2, 2017

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Kyrylo Hobrenyak - Bash Scripting 101 | Video
  2. Vladyslav Makalish & Ivan Berdnik - Cloud Security at AWS | Video

Afternoon Talks

  1. Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly | Video | Slides
  2. Pavel Radchuk - SAMM: Understanding Agile in Security | Video | Slides
  3. Vlad Styran - Security Economics | Video | Slides
  4. Dima Kovalenko - Modern SSL Pinning | Video | Slides
  5. Ivan Vyshnevskyi - Not So Quiet git push | Video | Slides

Photo album by Serhiy Rekun

Event writeup by Ivan Vyshnevskyi

Chapter Meetup Fall 2017

Date Sep 9, 2017

Location Student Center of State University of Telecommunications, 7 Solomianska Street, Kyiv, Ukraine

Program

Morning Workshops

  1. Vlad Styran - “Hidden” Features of the Tools We All Love | Video | Slides
  2. Ihor Bliumental - Collision CORS | Video | Slides

Afternoon Talks

  1. Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017 | Video | Slides
  2. Lidiia ‘Alice’ Skalytska - Security Checklist for Web Developers | Video | Slides
  3. Volodymyr Ilibman - Close look at Nyetya investigation | Video | Slides
  4. Viktor Zhora - Cyber and Geopolitics: Ukrainian factor | Video | Slides
  5. Andriy Shalaenko - GO security tips | Video | Slides

Photo album by Serhiy Rekun

Chapter Kick-off Meeting

Date May 27

2017 Location Smartworking “SAD”, 3, Oleksandra Dovzhenka str., Kyiv, Ukraine, 03057

Program

  1. Vlad Styran - Chapter Introduction and the 2017 Plan.
  2. Ihor Bliumental - Is there life outside OWASP Top-10? Real-life bugs that didn’t make the list (yet) | Video | Slides
  3. Roman Rott - Ruby for Pentesters | Video | Slides
  4. Taras Bobalo - Application Security automation with DevOps tools and Clouds | Video | Slides
  5. Tim Karpinsky - OpSec! Not the PoopSec