This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Perth Australia

Revision as of 19:12, 19 November 2009 by Xntrik (talk | contribs) (Updated with link to Brochure)

Jump to: navigation, search

OWASP Perth, Western Australia

Welcome to the Perth, Western Australia chapter homepage. The chapter leaders are:


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

<paypal>Perth Australia</paypal>

Upcoming OWASP Events

Perth OWASP - Perth AISA Technical Day


The local OWASP boys will be whipping out their flux capacitor to fit as much information as they possibly can into a 2 hour jam-packed session on web app security testing. By providing a flyby of the OWASP Testing Guide, David and Christian aim to demonstrate and explain how to detect security vulnerabilities in your own web applications, including: Cross Site Scripting; Injection Flaws; Cross Site Request Forgery and Session Management Flaws.

Demonstrations will utilise a number of open source and freely available tools, including OWASP's own WebScarab. To provide a yoga-like flexibility to the session all materials and testing environments (an Ubuntu wrapped VMware virtual machine) will be provided to attendees, allowing you to either chase us rapidly down the rabbit hole of the OWASP Top 10, or to take your own time after the session...

The perfect way to spend a lazy Sunday afternoon.


Date: Friday 4th December, 2009
Time: From 9.15am until 4.30pm (if you stay for the entire day)
Location: Edith Cowan University, 2 Bradford Street, Mount Lawley, WA 6050
Registration: here

Previous OWASP Meetings

Web-based Malware (Sep 2009)

About the presenter

Shlomi Cohen joined IBM with the Watchfire acquisition at August 2007. Over nine years of experience in web application security in both start-ups and established companies. Emphasis in strategic selling, sales consulting, technical sales and management.

  • Leading the Security solution on the WW Rational Tiger sales team
  • Work with the customers and the local sales team to form the right security solution
  • Development of sale process for multiple products
  • Working closely with customers and the product management team in driving the products roadmaps
  • Assisting IBM’s growth in acquisition portfolio

Previous to the WW Rational Security Solution leader:

  • Managing the technical sales team for Watchfire in the Americas group of IBM
  • Watchfire Security Research team manager - A team responsible for various web application security aspects including web application vulnerability research, security product rule updates, enhanced security feature definition, security audits, customer support, marketing and sales assistance
  • AppShield Development Manager - Managed the development and QA teams for the AppShield product - a client Server Web Application Firewall

Threat Modelling in the Software Development Lifecycle (Feb 2009)

One of the most important concepts being promoted in the security industry is security in the software development lifecycle. This concept is important due to two primary factors:

  • It is generally recognised that by shifting security activities closer towards the requirements gathering stage, or the design stage, that less vulnerabilities will make their way into the production systems.
  • It is also recognised that the cost of mitigating vulnerabilities increases later in the lifecycle.

By walking through a case study I hope to demonstrate the effectiveness of addressing risk during the earlier stage of the software development lifecycle, and that these activities are not solely the responsibility of the "security guy", but all participants in a software project including the project manager, business stakeholders and software designer.

About the presenter

Christian Frichot is currently employed by Bankwest working within the Security Consulting Services team. His core responsibilities include phishing and online fraud response, security assessments, information risk assessments and other ad-hoc information security consulting. Christian hopes to spend more time in '09 focusing on education and application security, where he feels more effort needs to be applied.

-Updated 18/11/09 by Christian Frichot