This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 22:27, 25 September 2013 by Mohd Fazli Azran (talk | contribs)

Jump to: navigation, search

OWASP Malaysia

Welcome to the Malaysia chapter homepage. The chapter leader is Mohd Fazli Azran


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

<paypal>Malaysia</paypal> Owaspmy.jpg

OWASP Malaysia & MySecurity Community

OWASP Malaysia Project now officially handle and organize by MySecurity Community. It was non-profit organization. We are pleasure and welcome to all Malaysian to join us and share the knowledge, skill, idea and related to make OWASP Malaysia Project are benefit to everybody. OWASP Malaysia Project as well are the pioneer project for Web Security Application and we tied with Malaysia Government Security Agency & Organization to promote and give awareness to Malaysian specially to government,university and public. Any private sector want to contribute and sponsor are welcome.

Join the local Malaysia chapter Facebook Page

Join the local Malaysia Chapter Discussion Facebook Group

Follow our twitter OWASP Malaysia #owaspmy

OWASP Malaysia Linkedin Group

OWASP Malaysia Meetup Planning Schedule

OWASP Malaysia Translation Project (OMTP) We need any volunteer for our translation project from English - Malay Please free to contact any of our BOM for update the Project

NOTE: OWASP now promote for who want to become Official Members for Malaysia Chapter. You can get special rate and discount and get email with 25GB space. Please register at here as individual(Memberships) and to see the example how to (REGISTER) OWASP Memberships

For all new members and existing member please free to contribute to OWASP Malaysia Chapter and if you are commitment to help OWASP Malaysia please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Malaysia please contact OWASP Admin.

We are welcome to join our conversation. If any query don't hesitate to contact OWASP Admin. Everyone is welcome to join us at our chapter meetings.

Related Security Events for this years.



OWASP AppSec AsiaPac 2013 (AppSecAsiaPac2013) 19-22 February 2013
ZebraCon 2013 (ZebraCon2013) 27-28 August 2013
Malaysia Open Source Conference 2013 (MOSC2013) 10-11 September 2013
HITBSecConf 2013 (HITBSecConf2013) 14-17 October 2013


OWASP Global AppSec AsiaPac 2012 (AppSecAsiaPac2012)11-14 April 2012
FUDCon AsiaPac KL 2012 (FUDConKL2012) 18-20 May 2012
EPF ISSS Quarterly Services Status Meeting and Technology Presentation Update 14 June 2012 (Closed Invitation)
Cyber Security, Cyber Warfare and Digital Forencis (CyberSec12) 26-28 June 2012
Malaysia Open Source Conference 2012 (MOSC2012)8-10 July 2012
Hack In The Box (HITBSecConf2012) 8-11 October 2012
Hacker Halted AsiaPac 2012 (HHAPAC2012)19-22 November 2012


KL GreenHAT Challange 2011 (KLGHC 2011) 9-10 February 2011
OWASP Summit 2011 (OWASP Summit 2011) 8-11 February 2011
Counter eCrime Operation Summit V 2011 (CECOSv 2011) 27-29 April 2011
Info Security Conference 2011 (INFOSEC 2011) 12 May 2011
Malaysia Open Source Conference 2011 (MOSC2011) 3-5 July 2011
OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011
Hack In The Box (HITBSecConf2011) 10-13 October 2011
Security Black Belt Day 2011 (SBBD2011) 3 November 2011
Mozilla AsiaCamp 2011 (MozCamp Asia 2011) 18-20 November 2011
Hacker Halted APAC (HHAPAC2011) 15-17 November 2011
Malaysia Government Open Source Conference 2011 (MyGOSSCON2011) 29-30 November 2011
Computer Security Day 2011 (CSD2011) 30 November 2011


Malaysia Open Source Conference 2010 (MOSC2010) 29/30 June - 1 July 2010
Advanced Identify Management & Security 2010 (AIMS 2010) 20-21 September 2010
Next Generation Broadband Wireless Architecture Masterclass (NGBWAM 2010) 28-29 September 2010
Gartner Security Local Briefing 2010 (GartnerSec 2010) 15 July 2010
Hack In The Box 2010 (HITBSecconf 2010) - 4-14 October 2010
OSS Day KPM 2010 (OSS KPM 2010) - 12-13 October 2010
KL Green Hat 2010 (KLGH 2010) - 19-20 October 2010
CyberSecurity Malaysia Conference & Exhibition 2010 (CSMCE 2010)- 25-28 October 2010
Malaysia Government Open Source Conference 2010 (MyGOSSCON 2010)2-3 November 2010
Hacker Halted Asia Pacific 2010 (HHAPAC2010)- 9-11 November 2010
AMDI-USM OSS Day (AMDIOSS) 23 December 2010

Chapter Leader - Mohd Fazli Azran

Board Of Members 2010

Advisor - Amir Haris (MyNIC Berhad)

Observer - MySecurity Community (MySecurity)

OWASP Meetup Q2 2013

  • Date : 16 July 2013 (Tuesday)
  • Time : 9.00a.m - 1.00p.m
  • Venue: IMATEC, INTAN, Bukit Kiara
  • INTAN.gif

Event Program:

8.30a.m - 9.00a.m  - Arrival Participant
9.00a.m - 9.10a.m  - Opening Speech by INTAN VVIP
9.10a.m - 9.20a.m  - Speech by OWASP Malaysia Chapter Leader
9.20.a.m - 10.20a.m  - Speech By Tobias Gordon - CISO for Manager
10.20a.m - 10.35a.m  - Rest
10.35a.m - 10.50a.m  - Talk by INTAN (TBA)
10.50a.m - 11.50a.m  - Speech by Drew William - Governance, Risk and Compliance
11.50a.m - 12.50a.m  - Speech By Tobias Gordon - Secure Coding
12.50p.m - 1.00p.m  - Social Network

BIO: Tobias Gondrom


"Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.

He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector.

Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (, a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he is a board member of the OWASP London and the CSA Hong Kong and Macau chapters and leads the OWASP CISO Report and Survey project. He is an ISC2 CSSLP and CISSP Instructor. Tobias has authored the Internet standards RFC 4998 and RFC 6283, also co-authored the books „Secure Electronic Archiving“ and the OWASP CISO Guide and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).

BIO: Drew Williams


Drew Williams has a pedigree in information management and security that began more than 30 years ago while serving as a journalist and public affairs liaison in the U.S. Navy, participating in key military missions that included the U.S. counter-deterrent against the Soviet invasion of Afghanistan in 1979, and the attempted hostage rescue operation in Tehran in 1980.

On matters of State, Drew served on the President’s Partnership for Critical Infrastructure Security (a precursor to the Department of Homeland Security), and was one of a handful of original drafters of the 1996 Health Information Portability and Accountability Act (HIPAA) Security Policy guidelines for the U.S. government, the 1998 Common Vulnerabilities Enumeration (CVE) reporting model for how viruses and security risks are reported, and was a founding member of the Intrusion Detection Consortium (1999), and worked on the early stages of Common Criteria parameters for infosec product development. In 2004, Drew established the Center for Policy and Compliance for Configuresoft/VM-Ware, and lectures annually in Southeast Asia on IT security trends and best practices, and was named by a security consortium in Australia as “One of the top 20 most influential people in IT security in the Pacific” in 2010.

Please register here :

OWASP Meetup Q1 2013

We welcome all the people that have interest to join this mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 3 April 2013
  • Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor


  • Schedule
12.30p.m  - Lunch (Provided by CSM) 
1.00p.m  - Registration 
2.00p.m  - Opening Speech by CSM VVIP 
2.10p.m  - Welcome Remark by Mohd Fazli Azran (OWASP Malaysia) 
2.20p.m  - Speech by MyCERT - Activity Hacking & Report 2012  
2.45p.m  - Speech by Jim Manico - Top 10 Web Security Defense 
3.45p.m  - Tea Break 
4.10p.m  - Q&A with the presenter (MyCERT, Jim & OWASP) 
4.45p.m  - Social Network
5.00p.m  - Dismiss 

CyberSecurity Malaysia (Maps)

Facebook Event

Title: Top Ten Web Security Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.


BIO: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.

  • Required

Computer Security Day 2011

We welcome all the people that have interest to join the mini events and it open to everybody. Meetup with all hacker around Malaysian and Open Discussion with CyberSecurity Malaysia

  • Date : 30 November 2011
  • Avenue: Theater Room, Level 7, Bangunan Sapura@Mines, Seri Kembangan, Selangor


  • Schedule
1.00p.m  - 2.00p.m  - Registration (Lunch Provided) 
2.00p.m  - Arrival Lt Col. (R) Prof Dato' Husin Bin Jazri 
2.05p.m  - Opening Speech by MC 2.10p.m - Doa 
2.15p.m  - Opening Speech by Mohd Fazli Azran (OWASP Malaysia) 
2.20p.m  - Introduction by the participant 
2.50p.m  - Presentation about CSM & activity CSM for 2012-2013 - Corporate Video - MyCERT Introduction by Adli Wahid Vice President Responsive Service CSM Dialogue 
3.15p.m  - Speech by CEO CyberSecurity Malaysia Lt Col. (R) Prof Dato' Husin Bin Jazri 
3.40p.m  - Q & A session 
4.20p.m  - Tea Break and Networking 
4.50p.m  - Dismiss 

CyberSecurity Malaysia (Maps)

Facebook Event

  • Required


  • Date : 23 December 2010 Thurday
  • Time : 8.00a.m - 5.00p.m
  • Avenue : Hotel Seri Malaysia, Kepala Batas, Pulau Pinang Malaysia

AMDI USM OSS DAY will show a variety of interactive mix of activities that consistent with the objective to promote and bring awareness about Open Source Software in general:

Seminar: 9 talks related to the awareness of Open Source will be held consisting of activists, consumers, application developers or experienced specialists who also come from the Open Source industry itself.

Demonstration: as with any conference, AMDI USM OSS DAY will be holding a demonstration open to visitors who present at the event square. The demonstration is consist by activists, community and society where will provide an opportunity for visitors to know and see more closely what is open source and proprietary technology. We also promote activities in the demonstration area to enliven the program.

To register please click at here AMDI-USM (AMDI-USM OSS Day 2010)

OWASP 4th Meeting Malaysia Chapter

  • Date : 23 November 2010 Tuesday
  • Time : 2.00p.m - 5.00p.m
  • Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor


  • Agenda
2.00 : Arrival participant
2.10 : Offensive Security - Muhammad Muslim Mansor
3.40 : Web Application Firewalls: What are we really getting into? - Alex Tan
5.10 : Refreshment

OWASP 3rd Meeting Malaysia Chapter

  • Date : 19 October 2010 Tuesday
  • Time : 2.00p.m - 5.00p.m
  • Avenue : Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia, Level 7, SAPURA@MINES, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor


  • Agenda
2.00 : Arrival participant
3.00 : Opening Speech
3.05 : Brian Ritchie - Topic TBA
4.05 : Adnan Mohd Syukor - Topic TBA
5.05 : Refreshment

OWASP 2nd Meeting Malaysia Chapter

  • Date : 15 May 2010 Saturday
  • Time : 3.00p.m - 5.00p.m
  • Avenue : City University College Of Science Technology (CUCST)

City.png Map: City University

Topic :

       1) Outbound Monitoring - the Forgotten Child in Infosec (1 hour)
     2) Introduction to the new and highly lethal HTTP DDOS attack technique.(1 hour)

Registration Fee : FOC

Parking Fee : FOC (More Parking)

Registration :

Speaker : Wong Onn Chee
Background :

Wong Onn Chee : Chief Tehnology Office, Resolvo System, Singapore


Onn Chee is currently working as the Chief Technology Officer in Resolvo Systems, a leading information leakage expert in Asia. He has led numerous large-scale projects, primarily in the government and defence sectors. His areas of expertise include information leakage protection, web security and security strategy. Onn Chee is a founding member and the first Vice-President of the Information Systems Security Association (ISSA), Singapore Chapter, the largest international, not-for-profit association for security professionals. He was also a former member of the Center of Internet Security (US) which provides well-recognised security benchmarks for various systems which are commonly used by US Federal Government and private organisations. Onn Chee is also the current Singapore chapter lead of Open Web Application Security Project (OWASP) which publishes the widely respected OWASP Top 10 web vulnerabilities. Other than being a information security professional, Onn Chee is also trained in BS 7799/ISO 17799, ISO 9000 and ITIL. He is also a certified Project Management Professional (PMP) and certified PRINCE2 Practitioner. In 2007, Onn Chee was appointed as the President of International Association of Software Architect (IASA), Singapore Chapter.

For more detail please contact: Mobile : 013-2048672 Email :

OWASP 1st Official Meeting Malaysia Chapter

  • Date : 31 March 2010 Wednesday
  • Time : 2.30p.m - 5.00p.m
  • Avenue : CyberSecurity Malaysia (Sapura Building), Level 7, Jln Tasik, Mines Resort City, Seri Kembangan, Selangor
  • Agenda
2.30 : Arrival participant
3.00 : Opening Speech
3.15 : Introduction of OWASP
3.30 : Introduction of CyberSecurity Malaysia, Summary Report and Incident of Web in Malaysia
4.00 : Meeting Start - Chair Meeting : OWASP Malaysia Chapter Leader 
    :                 Comittee Members - CyberSecurity Malaysia, MySecurity Community
  • OWASP Board Of Members election.
BOM - University Representative
BOM - Government Representative
BOM - Community Representative
BOM - Security Professional Representative
BOM - Private Sector Representative
  • OWASP activities
1) Workshop
2) Events
  • Register Here : It FOC this is meeting not Workshop/Training/Seminar

OWASP Day KL 2011 (OWASP Day KL 2011) 20-21 September 2011

Government Agency






Osdcmy.jpg Tbdmy.png