Difference between revisions of "New Zealand"

From OWASP
Jump to: navigation, search
m (Locations)
 
(228 intermediate revisions by 12 users not shown)
Line 1: Line 1:
==  Welcome to the OWASP New Zealand Local Chapter  ==
+
__NOTOC__
  
Welcome to the OWASP New Zealand chapter site.
+
== OWASP New Zealand ==
  
== Participation  ==
+
Welcome to the OWASP New Zealand chapter homepage.
  
Get involved! All OWASP chapter meetings are free and open to anyone interested in application security and New Zealand is no different. We encourage members to give presentations on any OWASP related topic and to share their knowledge with the rest of the OWASP NZ chapter.  
+
The chapter leaders are [mailto:kim.carter@owasp.org Kim Carter] (Christchurch),  [mailto:kirk.jackson@owasp.org Kirk Jackson] (Wellington), and [mailto:john.dileo@owasp.org John DiLeo] (Auckland).
  
== Upcoming Event  ==
+
=== Keeping in Touch ===
  
New Zealand chapter meetings are unique and utilise the video conferencing facilities available between Auckland & Wellington provided by one of our co-sponsors. As a result meetings take place in two cities at the same time.  
+
* Chapter Mailing List (Google Groups): [mailto:new-zealand-chapter@owasp.org New-Zealand-Chapter@owasp.org] - [https://groups.google.com/a/owasp.org/forum/#!forum/new-zealand-chapter/join Join the Group]
 +
* [https://infosecnz.slack.com InfoSecNZ Workspace] on Slack - Be sure to join the #events channel for calendar notices (NOTE: By design, we do not maintain a separate Slack Workspace for the New Zealand chapter)
 +
* Follow us on [https://www.twitter.com/owaspnz Twitter] (@owaspnz)
  
Due to out of hours security restrictions, you may have to be escorted inside the buildings where the meetings are held. If there is no one at the door on your arrival, please be patient or call one of the appropriate onsite contact numbers below. 
+
Some Global OWASP Resources:
 +
* [https://groups.google.com/a/owasp.org/forum/?hl=en#!forumsearch/ Directory of OWASP's Google Groups]
 +
* [https://owasp.slack.com OWASP Workspace] on Slack
  
===When===
+
== OWASP New Zealand Chapter Board ==  
  
June 2008
+
We are always looking for additional board members to evangelise the OWASP mission, help with meetings, projects and initiatives. As we all know, it takes time/effort to run a chapter. Please contact us if you are interested in joining the NZ OWASP board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to OWASP NZ.
  
===Locations===
+
<ul>
 +
*<b>NZ Board Member (Leader - Christchurch)</b> [mailto:kim.carter@owasp.org Kim Carter] ([https://www.twitter.com/binarymist @binarymist])
 +
*<b>NZ Board Member (Leader - Auckland)</b> [mailto:john.dileo@owasp.org John DiLeo] ([https://www.twitter.com/gr4ybeard @gr4ybeard])
 +
*<b>NZ Board Member (Leader - Wellington)</b> [mailto:kirk.jackson@owasp.org Kirk Jackson] ([https://www.twitter.com/kirkj @kirkj])
 +
</ul>
 +
 
 +
<!--
 +
 
 +
== Chapter Sponsors ==
 +
 
 +
<table width="100%" border="0" cellspacing="0" cellpadding="0">
 +
  <tr>
 +
    <td><center>[http://www.security-assessment.com https://www.owasp.org/images/a/a4/Security-assessment_com.jpeg]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://www.security-assessment.com www.security-assessment.com]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://www.touchpoint.co.nz https://www.owasp.org/images/d/d8/Touchpoint.jpg]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://www.touchpoint.co.nz www.touchpoint.co.nz]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://binarymist.io https://www.owasp.org/images/4/4c/BinaryMistLimited.png]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://binarymist.io binarymist.io]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
  </tr>
 +
</table>
 +
 
 +
-->
 +
 
 +
= Upcoming Events  =
 +
 
 +
== Local Meetup Links ==
 +
 
 +
* [https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/ OWASP New Zealand Chapter-Auckland]
 +
* [https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/ OWASP New Zealand Chapter-Christchurch]
 +
* [https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/ OWASP New Zealand Chapter-Wellington]
 +
 
 +
== ''' 2020 ''' ==
 +
 
 +
[[File:NZDay 2020 web banner.jpg|x300px|frameless|link=https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2020|Conference Web Banner-2020 OWASP NZ Day]]<br>
 +
'''19 - 21 February 2020'''
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2020 OWASP New Zealand Day 2020] - University of Auckland Business School
 +
: One-day conference, with two tracks on Friday, 21 February - Registration is FREE
 +
: Training sessions (half-day, one-day, or two-day) on Wednesday and Thursday, 19 - 20 February - Registration: $325 for half-day; $625 for one-day; $1250 for two-day (plus EventBrite fees)
 +
 
 +
== ''' 2019''' ==
 +
 
 +
'''10 December 2019'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/257141559/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A7 - Cross-Site Scripting (XSS) - Led by John DiLeo
 +
: '''Presentation:''' TBC
 +
: '''Location:''' Orion Health, 181 Grafton Road, Grafton, Auckland
 +
 
 +
= Past Events =
 +
 
 +
== Past Events ==
 +
 
 +
=== 2019 ===
 +
 
 +
'''8 October 2019'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/257141543/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A6 - Security Misconfiguration  - Led by James Ting-Edwards
 +
: '''Presentation:''' What's In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
 +
: '''Venue Host:''' Simon White
 +
: '''Location:''' Middleware NZ, 104 Quay Street, CBD, Auckland
 +
<hr />
 +
<div style="background-color: black;">
 +
[[File:Logo-security_ac_nz.png|x250px|frameless|link=https://security.ac.nz|Logo for security.ac.nz event]]<br />
 +
</div>
 +
 
 +
'''24 - 25 August 2019'''
 +
 
 +
OWASP NZ is proud to invite you to our first [https://security.ac.nz https://security.ac.nz] event. Please visit the [https://security.ac.nz website] for details.
 +
: '''Registration:''' FREE
 +
: '''Location:''' Maclaurin Lecture Theatres, Victoria University of Wellington
 +
<hr />
 +
 
 +
'''13 August 2019'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/257141559/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A9 - Using Components with Known Vulnerabilities - Led by John DiLeo
 +
: '''Technical Discussion:''' Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo
 +
: '''Location:''' Orion Health, 181 Grafton Road, Grafton, Auckland
 +
<hr />
 +
 
 +
'''10 August 2019'''
  
; '''Auckland:'''
+
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/262858250/ Auckland Training Day]
: Security-Assessment.com (Datacraft New Zealand Ltd.)
+
: '''Threat Modelling: Getting from None to Done''' - John DiLeo
: Corner Victoria and Queen Street
+
: '''Registration:''' $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
: Phillip Fox Building, 7th Floor
+
: '''Location:''' Orion Health, 181 Grafton Road, Grafton, Auckland
:
+
<hr />
: '''Onsite Contact:'''   Roberto Suggi Liverani (021 928 780) - Rob Munro (021 677 785)
 
  
 +
'''11 June 2019'''
  
; '''Wellington:'''  
+
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/257141477/ Auckland Meetup]
: Security-Assessment.com (Datacraft New Zealand Ltd.)
+
: '''Top Ten Discussion:''' A5 - Broken Access Control - Led by John DiLeo
: 3rd Floor Lumley Housed
+
: '''Technical Topic:''' My Recent Adventures at OWASP Conferences - John DiLeo
: Hunter Street
+
: '''Location:''' Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland
:  
+
<hr />
: '''Onsite Contact:''' Mark Piper (021 590 598)
 
  
===Agenda===
+
'''9 April 2019'''
  
* 18h00 - 18h30: Networking / Food, Drinks <BR>
+
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/257141431/ Auckland Meetup]
* 18h30 - 19h20: TBA - Submit a talk!<BR>
+
: '''Top Ten Discussion:''' A4 - XML External Entities (XXE) - Led by John DiLeo
* 19h30 - 20h20: TBA - Submit a talk!<BR>
+
: '''Open Discussion:''' What do we want to do this year?
* 20h30 - 21h00: Wrap up.<BR>
+
: '''Location:''' Orion Health, 181 Grafton Road, Grafton, Auckland
 +
<hr />
  
=== Cost ===
+
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2019 https://www.owasp.org/images/e/e3/NZDay_2019_web_banner.jpg]<br>
 +
'''21 - 22 February 2019'''
  
As always, '''free'''!
+
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2019 OWASP New Zealand Day 2019] - University of Auckland Business School
 +
: One-day conference, with two tracks on Friday, 22 February - Registration is FREE
 +
: Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day
 +
<hr />
  
 +
=== 2018 ===
  
== Past Events ==  
+
'''11 December 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/249448666/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A2 - Broken Authentication - Led by John DiLeo
 +
: '''Technical Topic:''' Some Thoughts on Threat Modelling - John DiLeo
 +
: '''Location:''' Orion Health, [https://www.google.co.nz/maps/place/181+Grafton+Rd,+Grafton,+Auckland+1010 181 Grafton Road, Grafton, Auckland]
 +
<hr />
 +
 
 +
'''29 October 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-Wellington/events/255158934/ Wellington Meetup]
 +
: '''Presentation:''' Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
 +
: '''Video:''' [https://www.youtube.com/watch?v=lAkw24tClvQ]
 +
: '''Location:''' Wellington
 +
<hr />
 +
 
 +
'''9 October 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/255158934/ Auckland Meetup]
 +
: '''Technical Topic:''' Integrating the Weakforced Security API - Steve Shipway, SMX Email
 +
: '''Location:''' Cornerstone On-Demand, Level 1, 29 Union Street, Auckland
 +
<hr />
 +
 
 +
'''27 August 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-Wellington/events/253077472/ Wellington Meetup]
 +
: '''Presentation:''' Developer's guide to Deserialization Attack - Felix Shi
 +
: '''Video:''' [https://www.youtube.com/watch?v=Gi-Pk255Jyw]
 +
: '''Location:''' Wellington
 +
<hr />
 +
 
 +
'''14 August 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/249448651/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A3 - Sensitive Data Exposure - Led by John DiLeo
 +
: '''Presentation:''' Web Application Penetration Testing Demo - Shofe Miraz
 +
: '''Location:''' Orion Health, [https://www.google.co.nz/maps/place/181+Grafton+Rd,+Grafton,+Auckland+1010 181 Grafton Road, Grafton, Auckland]
 +
<hr />
 +
 
 +
'''12 June 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/mcvvmpyxgbnb/ Auckland Meetup]
 +
: '''Presentation:''' GDPR and New Zealand Privacy Law - James Ting-Edwards
 +
: '''Location:''' InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland
 +
<hr />
 +
 
 +
'''11 June 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-Wellington/events/250629813/ Wellington Meetup]
 +
: '''Presentation:''' What are certificates? - Matt Cotterell
 +
: '''Location:''' Wellington
 +
<hr />
 +
 
 +
'''10 April 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Auckland/events/mcvvmpyxgbnb/ Auckland Meetup]
 +
: '''Top Ten Discussion:''' A1 - Injection - Led by John DiLeo
 +
: '''Presentation:''' OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
 +
: '''Location:''' Orion Health, 181 Grafton Road, Grafton, Auckland
 +
<hr />
 +
 
 +
'''28 March 2018'''
 +
 
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/241803609/ Christchurch Meetup]
 +
;: '''CERT NZ'''
 +
;: '''Location:''' Christchurch
 +
;: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst]
 +
<hr />
 +
 
 +
; 26 Feb 2018
 +
[https://www.meetup.com/OWASP-Wellington/events/246852662/ Wellington Meetup]
 +
: '''CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram'''
 +
: '''Video:''' [https://www.youtube.com/watch?v=WhYh-eUqxIA]
 +
: '''Location:''' Wellington
 +
: '''Presented by:''' Declan Ingram
 +
<hr />
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2018 https://www.owasp.org/images/5/53/NZ_day_2018_web.jpg]<br><br>
 +
'''4 - 5 February 2018'''
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2018 OWASP New Zealand Day 2018] - University of Auckland Business School
 +
: One-day conference, with two tracks on Monday, 5 February - Registration is FREE
 +
: Training session (full-day) on Sunday, 4 February - Registration: $500
 +
<hr />
 +
 
 +
=== 2017 ===
 +
 
 +
; 2 Oct 2017
 +
[https://www.meetup.com/OWASP-Wellington/events/242968218/ Wellington Meetup]
 +
: '''Presentation:''' Same-origin policy: The core of web security
 +
: '''Video:''' [https://www.youtube.com/watch?v=5wFCRANIbdc]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Kirk Jackson
 +
<hr />
 +
 
 +
; 27 Sept 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/241328587/ Christchurch Meetup]
 +
: '''Securing your data (your business) using SQL Server 2016'''
 +
: '''Presented By:''' [https://twitter.com/shantha05 Anupama Natarajan]
 +
: '''Location:''' Christchurch
 +
: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst]
 +
<hr />
 +
 
 +
; 31 July 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/241187473/ Wellington Meetup]
 +
: '''Presentation:''' What is Cross-Site Request Forgery?
 +
: '''Video:''' [https://www.youtube.com/watch?v=G1aLGaMqnm0]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Vales Bakaitis
 +
<hr />
 +
 
 +
; 28 June 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/236349292/ Christchurch Meetup]
 +
: '''Web Developer Quiz Night'''
 +
: '''Prepared and Presented By:''' [https://twitter.com/binarymist Kim Carter]
 +
: '''Details:''' [https://binarymist.io/talk/owaspnz-chch-meetup-workshop-quiz-night/ on binarymist.io]
 +
: '''Location:''' Christchurch
 +
: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst]
 +
<hr />
 +
 
 +
; 29 May 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/239202702/ Wellington Meetup]
 +
: '''Presentation:''' Developer's Guide to Preventing XSS
 +
: '''Video:''' [https://www.youtube.com/watch?v=0J5Rpf3nNjU]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Felix Shi
 +
<hr />
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017 https://www.owasp.org/images/6/63/OWASP_NZ_Day_2017_logo.jpg]<br />
 +
'''19 - 20 April 2017'''
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017 OWASP New Zealand Day 2017] - University of Auckland Business School
 +
: One-day conference, with two tracks on Thursday, 20 April - Registration is FREE
 +
: Training sessions (half-day and full-day) on Wednesday, 19 April
 +
<hr />
 +
 
 +
; 29 March 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/236349292/ Christchurch Meetup]
 +
: '''PHP Hurts Programmers (and other tales)'''
 +
: '''Presented By:''' [https://twitter.com/spronkey Keith Humm]
 +
: '''Slides:''' [https://speakerdeck.com/spronkey/php-hurts-programmers-and-other-tales on speakerdeck]
 +
: '''Locations:''' Christchurch
 +
: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst]
 +
<hr />
 +
 
 +
; 27 Feb 2017
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/237712167/ Wellington Meetup]
 +
: '''Presentation:''' Building the ultimate login and signup
 +
: '''Video:''' [https://www.youtube.com/watch?v=E25KxLKwY-M Youtube]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Matt Cotterell
 +
<hr />
 +
 
 +
=== 2016 ===
 +
 
 +
; 29 November 2016
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/233253214/ OWASP NZ Wellington Meetup page]
 +
: '''Presentation:''' OWASP Top Ten - Developing secure web apps (PHP-flavoured)
 +
: '''Video:''' [https://www.youtube.com/watch?v=7u08zCz9viU Youtube]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Kirk Jackson
 +
: In conjunction with the [https://www.meetup.com/PHP-Usergroup-Wellington/ PHP user group Wellington]
 +
 
 +
; 10 October 2016
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/233954065/ OWASP NZ Wellington Meetup page]
 +
: '''Presentation:''' Introduction to Ruby on Rails security
 +
: '''Video:''' [https://www.youtube.com/watch?v=Hez1QYc9yo8 Youtube]
 +
: '''Locations:''' Wellington
 +
: '''Presented By:''' Tim Goddard
 +
: '''Sponsor:''' [https://www.insomniasec.com Insomnia]
 +
 
 +
; 28 September 2016
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/232611291/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation / Demo''' Applying Cold War Learnings to our Daily OPSEC
 +
: '''DeadDrop:''' (https://deaddrop.jadeworld.com/)
 +
: '''Github:''' (https://github.com/phage-nz/deaddrop)
 +
: '''Chris's Blog Post:''' (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' [https://twitter.com/phage_nz Chris Campbell]
 +
: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst] and [http://blog.binarymist.net/ BinaryMist]
 +
 
 +
; 29 August 2016
 +
[https://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/232212284/ OWASP NZ Wellington Meetup page]
 +
: '''Presentation:''' Mobile app security: Intro to the OWASP Mobile Top 10
 +
: '''Video:''' [https://www.youtube.com/watch?v=SbXO6wNvOM4 Youtube]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Mike Haworth
 +
 
 +
; 29 June 2016
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/229985413/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation / Demo''' Security Regression Testing with ZapAPI and NodeGoat
 +
: '''Teaser:''' (https://youtu.be/DrwXUOJWMoo)
 +
: '''Github:''' (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
 +
: '''Sourced From:''' Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' [https://twitter.com/binarymist Kim Carter]
 +
: '''Co-Sponsor:''' [http://www.catalyst.net.nz/ Catalyst] and [http://blog.binarymist.net/ BinaryMist]
 +
 
 +
; 27 June 2016
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/232017285/ OWASP NZ Wellington Meetup page]
 +
: '''Presentation:''' Introduction to using a web application firewall
 +
: '''Video:''' [https://www.youtube.com/watch?v=iAPFf9Iqwos Youtube]
 +
: '''Location:''' Wellington
 +
: '''Presented By:''' Graeme Neilson
 +
: '''Sponsor:''' [https://www.redshield.co RedShield]
 +
 
 +
; 30 March 2016
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/226227782/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation:''' Qubes OS Discussion (https://www.qubes-os.org)
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' Craig Rowland
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.io/ BinaryMist Limited]
 +
 
 +
;3rd and 4th of February 2016
 +
 
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2016 https://www.owasp.org/images/2/23/OWASP_NZ_Day_2016_logo.jpg]<br><br>
 +
 
 +
At the University of Auckland School of Commerce
 +
 
 +
'''Gold Sponsors:'''
 +
<table width="100%" border="0" cellspacing="0" cellpadding="0">
 +
  <tr>
 +
    <td><center>[[File:INSOMNIA.PNG|center|300px|link=http://www.insomniasec.com/]]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td><center>[[File:RedShield.png|center|300px|link=https://auraredshield.com/]]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td><center>[http://www.security-assessment.com https://www.owasp.org/images/4/41/SA_Logo_w_DD.gif]</center></td>
 +
  </tr>
 +
  <tr>
 +
    <td><center>[http://www.insomniasec.com Insomnia Security]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td><center>[https://auraredshield.com/ Aura RedShield]</center></td>
 +
    <td>&nbsp;</td>
 +
    <td>&nbsp;</td>
 +
    <td><center>[http://www.security-assessment.com www.security-assessment.com]</center></td>
 +
  </tr>
 +
</table>
 +
 
 +
=== 2015 ===
 +
 
 +
; 25 November 2015
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/225737100/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation:''' UAC, Governance and Managing the External Infosec Audit
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' Drewe Hinkley
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.io/ BinaryMist Limited]
 +
 
 +
; 30 September 2015
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/223462991/ OWASP NZ Christchurch Meetup page]
 +
: '''Two part Presentation:''' The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from [https://leanpub.com/b/holisticinfosecforwebdevelopers Kims book]
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' Salinda Lekamge and [https://twitter.com/binarymist Kim Carter]
 +
 
 +
; 24 June 2015
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/221412721/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation:''' "[http://blog.binarymist.net/presentations-publications/#does-your-cloud-solution-look-like-a-mushroom Does Your Cloud Solution Look Like a Mushroom]".
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' [https://twitter.com/binarymist Kim Carter].
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.io/ BinaryMist Limited]
 +
 
 +
; 25 March 2015
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/219456317/ OWASP NZ Christchurch Meetup page]
 +
: '''Presentation:''' Reverse Engineering, Cracking, Compromising Software Security & Mitigations
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.io/ BinaryMist Limited]
 +
 
 +
;26th and 27th of February 2015
 +
 
 +
[[File:OWASP_NZ_Day_2015_logo_small.png|400px|link=https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2015|26th and 26th February 2015 - University of Auckland Engineering Department
 +
]]
 +
 
 +
At the University of Auckland Engineering Department
 +
 
 +
=== 2014 ===
 +
 
 +
 
 +
; 26 November 2014
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/209420462/ OWASP NZ Christchurch Meetup page]
 +
: '''Workshop:''' Review SSL/TLS, demo sslstrip and mitigation techniques
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' [https://twitter.com/kevinnz Kevin Alcock], [https://twitter.com/katiposec Security Consultant] at [https://katiposec.com/ Katipo Security]
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.net/ BinaryMist Limited]
 +
 
 +
; 25 September 2014
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/198512052/ OWASP NZ Christchurch Meetup page]
 +
: '''Workshop:''' Review, Exploit and Learn from [https://bytefog.blogspot.co.nz/2015/11/lord-of-flies.html Vulnerable Web App]
 +
: '''Locations:''' Christchurch
 +
: '''Presented By:''' [https://twitter.com/t0x0_nz Chris Campbell], Security & Operations Consultant Jade
 +
: '''Co-Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data] and [http://binarymist.net/ BinaryMist Limited]
 +
 
 +
; 24 July 2014
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter-Wellington/events/193784032/ OWASP NZ Wellington Meetup page]
 +
: '''Workshop:''' Web App Security Workshop
 +
: '''Locations:''' Wellington
 +
: '''Presented By:''' Adrian Hayes
 +
: '''Sponsor:''' [http://www.dimensiondata.com/en-NZ Dimension Data]
 +
 
 +
=== 2013 ===
 +
 
 +
; 19 December 2013
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter/events/154075992/ Meetup Link Here]
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
 +
: '''Locations:''' Wellington, Auckland, Christchurch, Webcast
 +
: '''Details:''' All details are on the meetup page above
 +
: '''Presentation:''' [https://www.owasp.org/images/9/9f/Extending-Burp-with-Python.pptx Extending Burp with Python]
 +
: '''Presented By:''' Mike Haworth, Aura Information Security
 +
 
 +
;11th and 12th of September 2013
 +
 
 +
[[File:OWASP_NZ_Day_2013_logo.png|400px|link=https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013|11th and 12st September 2013 - Auckland Business School
 +
]]
 +
 
 +
At the Auckland Business School
 +
 
 +
[[OWASP New Zealand Day 2013|https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013]]
 +
 
 +
 
 +
; 22 May 2013
 +
[http://www.meetup.com/OWASP-New-Zealand-Chapter/events/115108982/ OWASP Meetup page to RSVP]
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
 +
: '''Locations:''' Wellington, Auckland, Webcast
 +
: '''Details:''' All details are on the meetup page above
 +
 
 +
 
 +
=== 2012 ===
 +
 
 +
; 31st August 2012
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 OWASP New Zealand Day 2012]
 +
: '''Co-Sponsor:''' [http://www.auckland.ac.nz/ The University of Auckland], [http://www.security-assessment.com Security-Assessment.com], [http://www.aurainfosec.com Aura Information Security], [http://www.insomniasec.com Insomnia Security], [http://www.lateralsecurity.com Lateral Security], [http://www.webdrive.co.nz Web Drive]
 +
: '''Location:''' Auckland
 +
: '''Event site:''' [[OWASP_New_Zealand_Day_2012|OWASP New Zealand Day 2012]]
 +
 
 +
; 8th May 2012
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' [https://www.owasp.org/images/e/e0/Owasp2012-MarkPiper.pdf An Overview and introduction to modern day BeEF]
 +
: '''Presented By:''' Mark Piper, Insomnia Security
 +
 
 +
 
 +
; 28th February 2012
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' [https://www.owasp.org/images/2/27/OWASP_Top_10-7_to_10-aj.pdf Introduction to the OWASP Top Ten - Part 3]
 +
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' [https://www.owasp.org/images/0/08/OWASP-Mistaken_Identity-Password_Reset-nickf.pdf Mistaken Identity: How Not To Build A Password Reset Process]
 +
: '''Presented By:''' Nick Freeman, Senior Security Consultant (Security-Assessment.com)
 +
 
 +
 
 +
=== 2011 ===
 +
 
 +
 
 +
<!-- 2011 -->
 +
; 6th December 2011
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com] and [http://www.touchpoint.co.nz Touchpoint]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' [https://www.owasp.org/images/6/6d/OWASP_NZ-DEC2011-OWASP_Top_10-4_to_6.pdf Introduction to the OWASP Top Ten - Part 2]
 +
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' [https://www.owasp.org/images/1/15/OWASP_NZ-DEC2011-Hardened_Hosting.pdf Hardened Hosting]
 +
: '''Presented By:''' Quintin Russ, Technical Director (SiteHost)
 +
 
 +
 
 +
; 20th September 2011
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' [https://www.owasp.org/images/c/cf/OWASP_NZ_SEP2011_TOP-10_1-of-3.pdf Introduction to the OWASP Top Ten - Part 1]
 +
: '''Presented By:''' Nick Freeman, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' [https://www.owasp.org/images/3/31/OWASP_NZ_SEP2011_Clickjacking-for-shells_PDF-version.pdf Clickjacking for Shells]
 +
: '''Presented By:''' Andrew Horton, Security Consultant (Security-Assessment.com)
 +
 
 +
 
 +
; 7th July 2011
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011 https://www.owasp.org/images/0/05/OWASP_NZ_Day_2011_Logo.png]
 +
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.auckland.ac.nz/ The University of Auckland]
 +
: '''Location:''' Auckland
 +
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011#tab=Speakers Download]
 +
: '''Event site:''' [[OWASP_New_Zealand_Day_2011|OWASP New Zealand Day 2011]]
 +
 
 +
 
 +
; 2nd March 2011
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' Crazy Insecure Web Apps Google Didn't Tell You About..
 +
: '''Presented By:''' Adrian Hayes, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' [http://www.owasp.org/images/5/5e/2011-03-02-OWASP.pdf I know what you did last summer: The latest from the world of web hacks]
 +
: '''Presented By:''' Kirk Jackson, Security Consultant (Aura Software Security)
 +
 
 +
=== 2010 ===
 +
 
 +
; 15th July 2010
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2010 http://www.owasp.org/images/a/a7/Owasp_nz_day_2010.jpg]
 +
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.lateralsecurity.com Lateral Security], [http://www.auckland.ac.nz/ The University of Auckland]
 +
: '''Location:''' Auckland
 +
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2010#tab=Presentations Download]
 +
: '''Event site:''' [[OWASP_New_Zealand_Day_2010|OWASP New Zealand Day 2010]]
 +
 
 +
; 4th March 2010
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' MS-SQL Injections.
 +
: '''Presented By:''' Scott Bell, Security Consultant (Security-Assessment.com)
 +
 
 +
=== '''2009''' ===
 +
 
 +
<!-- 2009 -->
 +
 
 +
; 10th November 2009
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' Testing AMF/Flex.
 +
: '''Presented By:''' Nick Freeman, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' "Shared Ownership", from a web security perspective.
 +
: '''Presented By:''' Quintin Russ, Technical Director (Site Host)
 +
 
 +
 
 +
; 13th July 2009
 +
[https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009 https://www.owasp.org/images/8/85/Owasp_nz_logo.jpg]
 +
: '''Co-Sponsor:''' [http://www.security-assessment.com Security-Assessment.com], [http://www.lateralsecurity.com Lateral Security], [http://www.auckland.ac.nz/ The University of Auckland]
 +
: '''Location:''' Auckland
 +
: '''Presentations:''' [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Download]
 +
: '''Event site:''' [[OWASP_New_Zealand_Day_2009|OWASP New Zealand Day 2009]]
 +
 
 +
 
 +
; 19th March 2009
 +
: '''Co-Sponsor:''' [http://www.vodafone.co.nz Vodafone New Zealand] and [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' "[http://www.owasp.org/index.php/Image:ActiveXploitation_In_2009.pptx ActiveXploitation in 2009]"
 +
: '''Presented By:''' Paul Craig, Principal Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' "[http://www.owasp.org/index.php/Image:OWASP_Mar09_Reversing_JavaScript.zip Reversing JavaScript]"
 +
: '''Presented By:''' Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)
 +
 
 +
=== '''2008''' ===
  
<table><tr><th width="50%">2008</th><th>2007</th></tr><tr valign="top"><td>
 
 
<!-- 2008 -->
 
<!-- 2008 -->
 +
; 5th November 2008
 +
: '''Co-Sponsor:''' [http://www.vodafone.co.nz Vodafone New Zealand] and [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Common_Application_Flaws.ppt Common Application Flaws]"
 +
: '''Presented By:''' Brett Moore, Network Intrusion Specialist (Insomnia Security)
 +
: '''Presentation:''' "In your Browser, Jackin your Clicks"
 +
: '''Presented By:''' Beau Butler, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' "Opera Stored Cross Site Scripting"
 +
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
 +
 +
 +
; 3rd September 2008
 +
: '''Co-Sponsor:''' [http://www.microsoft.com/en/nz/default.aspx Microsoft] and [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Browser_security.ppt Browser Security]"
 +
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
 +
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Time_Based_SQL_Injections.ppt Time based blind SQL Injections]"
 +
: '''Presented By:''' Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)
 +
 +
 +
; 25th June 2008
 +
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 +
: '''Locations:''' Wellington, Auckland
 +
: '''Presentation:''' "Fuzz the Web"
 +
: '''Presented By:''' Dean Jerkovich, Security Analyst (ASB)
 +
: '''Presentation:''' "Hacking The World With Flash Part #2: The Results"
 +
: '''Presented By:''' Paul Crag, Principal Security Consultant (Security-Assessment.com)
 +
 +
 
; 29th April 2008
 
; 29th April 2008
 
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 
: '''Co-Sponsor:''' [http://security-assessment.com Security-Assessment.com]
 
: '''Locations:''' Wellington, Auckland
 
: '''Locations:''' Wellington, Auckland
: '''Presentation:''' "Hacking The World With Flash"
+
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Hacking_The_World_With_Flash.ppt Hacking The World With Flash]"
 
: '''Presented By:''' Paul Craig, Principal Security Consultant (Security-Assessment.com)
 
: '''Presented By:''' Paul Craig, Principal Security Consultant (Security-Assessment.com)
 
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Web_spam_techniques.ppt Web Spam Techniques] - also available in [http://malerisch.net/docs/web_spam_techniques/web_spam_techniques.html HTML] format"
 
: '''Presentation:''' "[https://www.owasp.org/index.php/Image:Web_spam_techniques.ppt Web Spam Techniques] - also available in [http://malerisch.net/docs/web_spam_techniques/web_spam_techniques.html HTML] format"
Line 64: Line 645:
 
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
 
: '''Presented By:''' Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
  
</td><td>
+
 
<!-- /2008 -->
+
=== '''2007''' ===
 +
 
 
<!-- 2007 -->
 
<!-- 2007 -->
 
; 5th December 2007
 
; 5th December 2007
Line 90: Line 672:
 
: '''Locations:''' Auckland
 
: '''Locations:''' Auckland
  
 +
= Activities =
  
 +
== Activities ==
  
</td></tr></table>
+
OWASP New Zealand members actively participate in various OWASP activities. The following are some highlights of activities undertaken by OWASP NZ members:
  
== Activities ==  
+
=== 2019 ===
  
OWASP New Zealand members actively participate in various OWASP activities. The following are some recent activities undertaken by OWASP NZ members:
+
* John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the [https://security.org.nz/about-nzsa/nzisf/ NZISF] in Auckland
 +
* John DiLeo attended the [https://open-security-summit.org/ Open Security Summit], June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
 +
* John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at [https://telaviv.appsecglobal.org/ Global AppSec-Tel Aviv] in May 2019
 +
* John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019
  
* Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
+
=== 2018 ===
* Rob Munro has been appointed as OWASP Evangelist
+
* John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the [https://2018.open-security-summit.org/ Open Security Summit] in the UK, in June 2018
* We now have two sponsors: [http://www.vedaadvantage.com Veda Advantage] and [http://www.security-assessment.com Security-Assessment.com]
+
* John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
* Teleconference between Auckland and Wellington has been setup
+
* John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
 +
* John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
 +
* Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
 +
* Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018
  
== OWASP NZ Members ==  
+
=== Older ===
  
We are always looking for additional board members to evangelise the OWASP mission help with meetings, projects and initiatives as we all know it takes time/effort to run a chapter. Please contact us if you are interested to join the NZ OWASP board member or for any queries related to OWASP NZ.
+
* Kim Carter ran a [http://www.meetup.com/owaspnycmetro/events/228716474/ workshop] at the NYC chapter
 
+
* Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
<ul>
+
* Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
*<b>NZ Board Member (Leader)</b> [mailto:robertosl(at)owasp.org Roberto Suggi Liverani] 021 928 780
+
* Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
*<b>NZ Board Member (Leader)</b> [mailto:antonio.spera(at)gmail.com Antonio Spera] 021 681 021
+
* Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
*<b>NZ Board Member (Evangelist)</b> [mailto:rob(at)robmunro.com Rob Munro] 021 677 785
+
* Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
</ul>
+
* Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
 +
* Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
 +
* OWASP NZ Day 2009 - [http://www.owasp.org/index.php/OWASP_New_Zealand_Day_2009#tab=Presentations Presentations online]
 +
* Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
 +
* Brett Moore will be speaking at [http://www.owasp.org/index.php/OWASP_AU_Conference_2009 OWASP AU Conference] about "Vulnerabilities In Action".
 +
* Roberto Suggi Liverani contributed to the [http://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide v3].
 +
* Mark Piper took his "On the job browser exploitation" talk to the [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference OWASP_Australia_AppSec_2008_Conference].
 +
* Rob Munro has been appointed as OWASP Evangelist
 +
* OWASP NZ has audio/video conference capability between Auckland and Wellington
  
 +
<headertabs></headertabs>
  
<u>The chapter mailing address is:</u><br>
+
[[Category:OWASP Chapter]]
NZ OWASP <br>
 
17 Woodberry Drive<br>
 
Dannemora, Auckland 2016 <br>
 
<br>
 

Latest revision as of 17:34, 23 October 2019


OWASP New Zealand

Welcome to the OWASP New Zealand chapter homepage.

The chapter leaders are Kim Carter (Christchurch), Kirk Jackson (Wellington), and John DiLeo (Auckland).

Keeping in Touch

Some Global OWASP Resources:

OWASP New Zealand Chapter Board

We are always looking for additional board members to evangelise the OWASP mission, help with meetings, projects and initiatives. As we all know, it takes time/effort to run a chapter. Please contact us if you are interested in joining the NZ OWASP board, would like to volunteer to help out or create a new Meetup/event, or for any queries related to OWASP NZ.


Local Meetup Links

2020

Conference Web Banner-2020 OWASP NZ Day
19 - 21 February 2020

OWASP New Zealand Day 2020 - University of Auckland Business School

One-day conference, with two tracks on Friday, 21 February - Registration is FREE
Training sessions (half-day, one-day, or two-day) on Wednesday and Thursday, 19 - 20 February - Registration: $325 for half-day; $625 for one-day; $1250 for two-day (plus EventBrite fees)

2019

10 December 2019

Auckland Meetup

Top Ten Discussion: A7 - Cross-Site Scripting (XSS) - Led by John DiLeo
Presentation: TBC
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

Past Events

2019

8 October 2019

Auckland Meetup

Top Ten Discussion: A6 - Security Misconfiguration - Led by James Ting-Edwards
Presentation: What's In a Name? Law of Agency and Domain Name Registrations - Judy Ting-Edwards
Venue Host: Simon White
Location: Middleware NZ, 104 Quay Street, CBD, Auckland

Logo for security.ac.nz event

24 - 25 August 2019

OWASP NZ is proud to invite you to our first https://security.ac.nz event. Please visit the website for details.

Registration: FREE
Location: Maclaurin Lecture Theatres, Victoria University of Wellington

13 August 2019

Auckland Meetup

Top Ten Discussion: A9 - Using Components with Known Vulnerabilities - Led by John DiLeo
Technical Discussion: Addressing Vulnerable Components with OWASP Projects and Tools - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

10 August 2019

Auckland Training Day

Threat Modelling: Getting from None to Done - John DiLeo
Registration: $125.00 (plus EventBrite fees), inclusive of morning and afternoon tea, lunch, and class materials
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

11 June 2019

Auckland Meetup

Top Ten Discussion: A5 - Broken Access Control - Led by John DiLeo
Technical Topic: My Recent Adventures at OWASP Conferences - John DiLeo
Location: Robert Walters, Level 9, 22 Fanshawe Street, CBD, Auckland

9 April 2019

Auckland Meetup

Top Ten Discussion: A4 - XML External Entities (XXE) - Led by John DiLeo
Open Discussion: What do we want to do this year?
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

NZDay_2019_web_banner.jpg
21 - 22 February 2019

OWASP New Zealand Day 2019 - University of Auckland Business School

One-day conference, with two tracks on Friday, 22 February - Registration is FREE
Training sessions (half-day or full-day) on Thursday, 21 February - Registration: $500 for full-day; $250 for half-day

2018

11 December 2018

Auckland Meetup

Top Ten Discussion: A2 - Broken Authentication - Led by John DiLeo
Technical Topic: Some Thoughts on Threat Modelling - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

29 October 2018

Wellington Meetup

Presentation: Make the Cyber Safer with Multi-factor Authentication - Kevin Thomas
Video: [1]
Location: Wellington

9 October 2018

Auckland Meetup

Technical Topic: Integrating the Weakforced Security API - Steve Shipway, SMX Email
Location: Cornerstone On-Demand, Level 1, 29 Union Street, Auckland

27 August 2018

Wellington Meetup

Presentation: Developer's guide to Deserialization Attack - Felix Shi
Video: [2]
Location: Wellington

14 August 2018

Auckland Meetup

Top Ten Discussion: A3 - Sensitive Data Exposure - Led by John DiLeo
Presentation: Web Application Penetration Testing Demo - Shofe Miraz
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

12 June 2018

Auckland Meetup

Presentation: GDPR and New Zealand Privacy Law - James Ting-Edwards
Location: InternetNZ, 62 Victoria Street West, Auckland CBD, Auckland

11 June 2018

Wellington Meetup

Presentation: What are certificates? - Matt Cotterell
Location: Wellington

10 April 2018

Auckland Meetup

Top Ten Discussion: A1 - Injection - Led by John DiLeo
Presentation: OWASP Software Assurance Maturity Model (SAMM) - John DiLeo
Location: Orion Health, 181 Grafton Road, Grafton, Auckland

28 March 2018

Christchurch Meetup

CERT NZ
Location: Christchurch
Co-Sponsor: Catalyst

26 Feb 2018

Wellington Meetup

CERT NZ - Who are we? How are websites getting hacked in real life? with Declan Ingram
Video: [3]
Location: Wellington
Presented by: Declan Ingram

NZ_day_2018_web.jpg

4 - 5 February 2018

OWASP New Zealand Day 2018 - University of Auckland Business School

One-day conference, with two tracks on Monday, 5 February - Registration is FREE
Training session (full-day) on Sunday, 4 February - Registration: $500

2017

2 Oct 2017

Wellington Meetup

Presentation: Same-origin policy: The core of web security
Video: [4]
Location: Wellington
Presented By: Kirk Jackson

27 Sept 2017

Christchurch Meetup

Securing your data (your business) using SQL Server 2016
Presented By: Anupama Natarajan
Location: Christchurch
Co-Sponsor: Catalyst

31 July 2017

Wellington Meetup

Presentation: What is Cross-Site Request Forgery?
Video: [5]
Location: Wellington
Presented By: Vales Bakaitis

28 June 2017

Christchurch Meetup

Web Developer Quiz Night
Prepared and Presented By: Kim Carter
Details: on binarymist.io
Location: Christchurch
Co-Sponsor: Catalyst

29 May 2017

Wellington Meetup

Presentation: Developer's Guide to Preventing XSS
Video: [6]
Location: Wellington
Presented By: Felix Shi

OWASP_NZ_Day_2017_logo.jpg
19 - 20 April 2017

OWASP New Zealand Day 2017 - University of Auckland Business School

One-day conference, with two tracks on Thursday, 20 April - Registration is FREE
Training sessions (half-day and full-day) on Wednesday, 19 April

29 March 2017

Christchurch Meetup

PHP Hurts Programmers (and other tales)
Presented By: Keith Humm
Slides: on speakerdeck
Locations: Christchurch
Co-Sponsor: Catalyst

27 Feb 2017

Wellington Meetup

Presentation: Building the ultimate login and signup
Video: Youtube
Location: Wellington
Presented By: Matt Cotterell

2016

29 November 2016

OWASP NZ Wellington Meetup page

Presentation: OWASP Top Ten - Developing secure web apps (PHP-flavoured)
Video: Youtube
Location: Wellington
Presented By: Kirk Jackson
In conjunction with the PHP user group Wellington
10 October 2016

OWASP NZ Wellington Meetup page

Presentation: Introduction to Ruby on Rails security
Video: Youtube
Locations: Wellington
Presented By: Tim Goddard
Sponsor: Insomnia
28 September 2016

OWASP NZ Christchurch Meetup page

Presentation / Demo Applying Cold War Learnings to our Daily OPSEC
DeadDrop: (https://deaddrop.jadeworld.com/)
Github: (https://github.com/phage-nz/deaddrop)
Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
Locations: Christchurch
Presented By: Chris Campbell
Co-Sponsor: Catalyst and BinaryMist
29 August 2016

OWASP NZ Wellington Meetup page

Presentation: Mobile app security: Intro to the OWASP Mobile Top 10
Video: Youtube
Location: Wellington
Presented By: Mike Haworth
29 June 2016

OWASP NZ Christchurch Meetup page

Presentation / Demo Security Regression Testing with ZapAPI and NodeGoat
Teaser: (https://youtu.be/DrwXUOJWMoo)
Github: (https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API)
Sourced From: Kims Book (https://leanpub.com/holistic-infosec-for-web-developers/read#process-agile-development-and-practices-security-regression-testing)
Locations: Christchurch
Presented By: Kim Carter
Co-Sponsor: Catalyst and BinaryMist
27 June 2016

OWASP NZ Wellington Meetup page

Presentation: Introduction to using a web application firewall
Video: Youtube
Location: Wellington
Presented By: Graeme Neilson
Sponsor: RedShield
30 March 2016

OWASP NZ Christchurch Meetup page

Presentation: Qubes OS Discussion (https://www.qubes-os.org)
Locations: Christchurch
Presented By: Craig Rowland
Co-Sponsor: Dimension Data and BinaryMist Limited
3rd and 4th of February 2016

OWASP_NZ_Day_2016_logo.jpg

At the University of Auckland School of Commerce

Gold Sponsors:

INSOMNIA.PNG
   
RedShield.png
   
SA_Logo_w_DD.gif
Insomnia Security
   
Aura RedShield
   
www.security-assessment.com

2015

25 November 2015

OWASP NZ Christchurch Meetup page

Presentation: UAC, Governance and Managing the External Infosec Audit
Locations: Christchurch
Presented By: Drewe Hinkley
Co-Sponsor: Dimension Data and BinaryMist Limited
30 September 2015

OWASP NZ Christchurch Meetup page

Two part Presentation: The Exploited and the Exploiters - Case Study of a Real Cyber Hack and Live Demo's from Kims book
Locations: Christchurch
Presented By: Salinda Lekamge and Kim Carter
24 June 2015

OWASP NZ Christchurch Meetup page

Presentation: "Does Your Cloud Solution Look Like a Mushroom".
Locations: Christchurch
Presented By: Kim Carter.
Co-Sponsor: Dimension Data and BinaryMist Limited
25 March 2015

OWASP NZ Christchurch Meetup page

Presentation: Reverse Engineering, Cracking, Compromising Software Security & Mitigations
Locations: Christchurch
Presented By: Rob Gilmour, Senior Software Engineer, Technical Support, JADE Software Corporation Ltd.
Co-Sponsor: Dimension Data and BinaryMist Limited
26th and 27th of February 2015

26th and 26th February 2015 - University of Auckland Engineering Department

At the University of Auckland Engineering Department

2014

26 November 2014

OWASP NZ Christchurch Meetup page

Workshop: Review SSL/TLS, demo sslstrip and mitigation techniques
Locations: Christchurch
Presented By: Kevin Alcock, Security Consultant at Katipo Security
Co-Sponsor: Dimension Data and BinaryMist Limited
25 September 2014

OWASP NZ Christchurch Meetup page

Workshop: Review, Exploit and Learn from Vulnerable Web App
Locations: Christchurch
Presented By: Chris Campbell, Security & Operations Consultant Jade
Co-Sponsor: Dimension Data and BinaryMist Limited
24 July 2014

OWASP NZ Wellington Meetup page

Workshop: Web App Security Workshop
Locations: Wellington
Presented By: Adrian Hayes
Sponsor: Dimension Data

2013

19 December 2013

Meetup Link Here

Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland, Christchurch, Webcast
Details: All details are on the meetup page above
Presentation: Extending Burp with Python
Presented By: Mike Haworth, Aura Information Security
11th and 12th of September 2013

11th and 12st September 2013 - Auckland Business School

At the Auckland Business School

https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013


22 May 2013

OWASP Meetup page to RSVP

Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland, Webcast
Details: All details are on the meetup page above


2012

31st August 2012

OWASP New Zealand Day 2012

Co-Sponsor: The University of Auckland, Security-Assessment.com, Aura Information Security, Insomnia Security, Lateral Security, Web Drive
Location: Auckland
Event site: OWASP New Zealand Day 2012
8th May 2012
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: An Overview and introduction to modern day BeEF
Presented By: Mark Piper, Insomnia Security


28th February 2012
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 3
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: Mistaken Identity: How Not To Build A Password Reset Process
Presented By: Nick Freeman, Senior Security Consultant (Security-Assessment.com)


2011

6th December 2011
Co-Sponsor: Security-Assessment.com and Touchpoint
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 2
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: Hardened Hosting
Presented By: Quintin Russ, Technical Director (SiteHost)


20th September 2011
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Introduction to the OWASP Top Ten - Part 1
Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
Presentation: Clickjacking for Shells
Presented By: Andrew Horton, Security Consultant (Security-Assessment.com)


7th July 2011

OWASP_NZ_Day_2011_Logo.png

Co-Sponsor: Security-Assessment.com, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2011


2nd March 2011
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Crazy Insecure Web Apps Google Didn't Tell You About..
Presented By: Adrian Hayes, Security Consultant (Security-Assessment.com)
Presentation: I know what you did last summer: The latest from the world of web hacks
Presented By: Kirk Jackson, Security Consultant (Aura Software Security)

2010

15th July 2010

Owasp_nz_day_2010.jpg

Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2010
4th March 2010
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: MS-SQL Injections.
Presented By: Scott Bell, Security Consultant (Security-Assessment.com)

2009

10th November 2009
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: Testing AMF/Flex.
Presented By: Nick Freeman, Security Consultant (Security-Assessment.com)
Presentation: "Shared Ownership", from a web security perspective.
Presented By: Quintin Russ, Technical Director (Site Host)


13th July 2009

Owasp_nz_logo.jpg

Co-Sponsor: Security-Assessment.com, Lateral Security, The University of Auckland
Location: Auckland
Presentations: Download
Event site: OWASP New Zealand Day 2009


19th March 2009
Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "ActiveXploitation in 2009"
Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
Presentation: "Reversing JavaScript"
Presented By: Roberto Suggi Liverani, Senior Security Consultant (Security-Assessment.com)

2008

5th November 2008
Co-Sponsor: Vodafone New Zealand and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Common Application Flaws"
Presented By: Brett Moore, Network Intrusion Specialist (Insomnia Security)
Presentation: "In your Browser, Jackin your Clicks"
Presented By: Beau Butler, Security Consultant (Security-Assessment.com)
Presentation: "Opera Stored Cross Site Scripting"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)


3rd September 2008
Co-Sponsor: Microsoft and Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Browser Security"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
Presentation: "Time based blind SQL Injections"
Presented By: Muhaimin Dzulfakar, Security Consultant (Security-Assessment.com)


25th June 2008
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Fuzz the Web"
Presented By: Dean Jerkovich, Security Analyst (ASB)
Presentation: "Hacking The World With Flash Part #2: The Results"
Presented By: Paul Crag, Principal Security Consultant (Security-Assessment.com)


29th April 2008
Co-Sponsor: Security-Assessment.com
Locations: Wellington, Auckland
Presentation: "Hacking The World With Flash"
Presented By: Paul Craig, Principal Security Consultant (Security-Assessment.com)
Presentation: "Web Spam Techniques - also available in HTML format"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-Assessment.com)
21st February 2008
Co-Sponsor: Veda Advantage
Locations: Auckland
Presentation: "Xpath Injection - An Overview"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)


2007

5th December 2007
Co-Sponsor: Veda Advantage
Locations: Auckland
Presentation: "Ajax Security"
Presented By: Roberto Suggi Liverani, Security Consultant (Security-assessment.com)
Presentation: "On the job browser exploitation"
Presented By: Mark Piper, Senior Security Consultant (Security-assessment.com)
22nd May 2007
Co-Sponsor: Veda Advantage
Press Release: VedaAdvantage.com
Locations: Auckland
Presentation: "OWASP in New Zealand"
Presented By: Roberto Suggi Liverani / Antonio Spera
April 2007
Co-Sponsor: Veda Advantage
Locations: Auckland
January 2007
Co-Sponsor: Veda Advantage
Locations: Auckland

Activities

OWASP New Zealand members actively participate in various OWASP activities. The following are some highlights of activities undertaken by OWASP NZ members:

2019

  • John DiLeo presented an overview of the OWASP SAMM Project and tools at the June 2019 meeting of the NZISF in Auckland
  • John DiLeo attended the Open Security Summit, June 2019 in the UK, co-hosting a session on the Application Security Curriculum Project
  • John DiLeo presented an update on the OWASP SAMM Project during the Project Showcase at Global AppSec-Tel Aviv in May 2019
  • John DiLeo became co-leader of the OWASP Application Security Curriculum Project in March 2019

2018

  • John DiLeo joined the OWASP Software Assurance Maturity Model (SAMM) project team, and attended the Open Security Summit in the UK, in June 2018
  • John DiLeo signed on as Chair of the OWASP New Zealand Day conference, in June 2018
  • John DiLeo restarted the Auckland-area Meetup, which first met on 10 April 2018. The Meetup takes place on the second Tuesdays of April, June, August, October, and December
  • John DiLeo stepped up as Auckland-area Chapter Leader, and was confirmed by the OWASP Foundation, in April 2018
  • Dion Bramley, John DiLeo, and Christian Probst signed on Chapter volunteers, at OWASP New Zealand Day 2018
  • Denis Andzakovic resigned from his position as OWASP New Zealand Chapter Leader, at OWASP NZ Day 2018

Older

  • Kim Carter ran a workshop at the NYC chapter
  • Kirk Jackson stepped up to replace Adrian Hayes for Wellington from New Zealand day 2016 onwards.
  • Denis Andzakovic stepped up to replace Nick Freeman for Auckland in March 2014
  • Kim Carter came on board to lead Christchurch from New Zealand Day 2013 onwards.
  • Nick Freeman and Scott Bell have been appointed as the new leaders of the new OWASP New Zealand Chapter
  • Roberto Suggi Liverani has resigned from his position as OWASP New Zealand Chapter Leader
  • Roberto Suggi Liverani will be speaking at OWASP AppSec Asia 2009 conference
  • Roberto Suggi Liverani and Nick Freeman will be speaking at Defcon 17
  • OWASP NZ Day 2009 - Presentations online
  • Roberto Suggi Liverani and Nick Freeman will be speaking at EUSecWest 09
  • Brett Moore will be speaking at OWASP AU Conference about "Vulnerabilities In Action".
  • Roberto Suggi Liverani contributed to the OWASP Testing Guide v3.
  • Mark Piper took his "On the job browser exploitation" talk to the OWASP_Australia_AppSec_2008_Conference.
  • Rob Munro has been appointed as OWASP Evangelist
  • OWASP NZ has audio/video conference capability between Auckland and Wellington