What we're about

The Open Web Application Security Project (OWASP (https://www.owasp.org/)) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

OWASP Bristol chapter typically meets on the 3rd Thursday every two months for great security-related talks and great networking. We frequently go out for post-talk drinks to socialize and understand what security is really about. Join us today!

If you would like to speak to any of our meetings - please submit your request using the Call for Presentations form (https://goo.gl/forms/cO9AYJdo7F) or contact the organiser !

Also, don't forget to follow us on Twitter - @OWASPBristol.

Become an OWASP Member TODAY (https://www.owasp.org/index.php/Individual_Member)
Support your Bristol Chapter: only 40Euros for the entire year!

Upcoming events (4)

OWASP Suffolk Fight Club - May 2022

Needs a location

No agenda, no slides, no recording, 100% unscripted.

You know the rules..

Patching and Backing-up

Needs a location

Every day we hear more and more about computers being compromised by malicious actors or malware. Ransomware is on the rise, WordPress and other CMS sites are constantly being hit as this or that plug-in is exploited. What can we as individuals or small businesses do to protect our computers, web sites and data?
In this talk we will discuss patching and backing-up shown from both the perspective of the individual / small business owner and that of a malicious actor.
From the perspective of the individual or small business we will suggest best practices around patching and backing-up. Covering both open-source and commercial solutions we will show you ways to improve your security position by keeping your software fully patched employing techniques taken from OS hardening and the splitting of backing-up into data back-ups and system imaging.
From the perspective of the malicious actor we will show you how your computers can be scanned for weaknesses and then exploited with little effort using tools such as nmap, Nikto, WPscan, MetaSploit and SearchSploit covering the ExploitDB and the lifecycle of a CVE.

This talk will cover the following:

  • Patching and backing-up strategies for the individual and small business owner
  • Employing OS hardening techniques to reduce attack vectors and to speed-up backing-up
  • Open-source and Commerical backup solutions for Windows, Linux, Mac and popular website CMS such as WordPress, Drupal and Joomla!
  • Demonstration of how malicious actors can scan your computers for known vulnerabilities and easily exploit unpatched software that you are running
  • The lifecycle of a CVE
  • Limiting the risks of Ransomware


  • OWASP updates
  • Patching and Backing-up
  • Q&A

Disclaimer: As always our events are designed to educate. Any tools and techniques demonstrated are for informative purposes only. We do not endorse their use for malicious purposes.

This talk will not be recorded.

Using OWASP Nettacker for Recon and Vulnerability Scanning

Needs a location

The Talk:
The OWASP Nettacker project was created to automate information gathering, vulnerability scanning, and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example the ability to chain different scan methods. This relatively new (Summer 2017) and a lesser-known OWASP project has generated a huge amount of interest at BlackHat Europe 2018/2019 Arsenal live demo gathering massive crowds of seasoned hackers and penetration testers eager to see this new tool in action. This talk will showcase the OWASP Nettacker project giving an overview of its features and including a live demo of the tool.

About the speaker:
Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Master’s degree in Software Engineering and a CISSP certification.


  • Welcome and OWASP updates
  • Talk: Using OWASP Nettacker for Recon and Vulnerability Scanning
  • Q&A


Needs a location

We are looking to publish on @YouTube the recordings of our meetups. If you would like to be notified when we a new video is published, please feel free to subscribe on our channel at:

Past events (45)

Log4J - Past, Present, and Future

Needs a location

Photos (105)

Find us also at