What we're about

This is the Toronto Chapter for OWASP. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

If you are interested in application security, come join us! OWASP Toronto meetings are open to EVERYONE to join for FREE.

For more information, please visit our website at https://www.owasp.org/index.php/Toronto

Upcoming events (1)

Jan 2019 Event - Back to the Future of AppSec: Developing Secure Smart Contracts

Back to the Future of Application Security: Developing Secure Smart Contracts Date/Time: January 23, 2019, 6:30 PM to 8:30 PM EST Location: Room 128, St. James Campus - Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8 Abstract: Race-conditions, re-entrancy, bad randomness, unchecked calls and integer overflows! No, we’re not coding a C++98 application and worried about the Y2K bug; it’s 2019 and welcome to the world of smart contracts! Grab some avocado toast and GAS-up for a trip onto the blockchain, because where we're going, we don't need roads. We’ll start with an introduction to smart contracts and their place in the distributed ledger technology ecosystem. We’ll delve into key vulnerabilities from the SWC (Smart Contract Weakness) registry and link them to real world impacts. We’ll identify smart contract flaws in Solidity and ultimately how to mitigate them. Ending with some key principals in building secure smart contracts and suggested tooling to augment secure smart contract development flow. All with a dash of lamenting how by forgetting the past we are doomed to repeat it. And of course, no talk would be complete without a smart contract CTF challenge, or two, for the taking. Speaker Bio: Jamie Baxter, M. Eng., OSCP, OSCE, GPEN, CISSP Principal Consultant & Founder - SRNSEC Inc. Jamie is an independent security consultant specializing in security assessments, ranging from web application and infrastructure penetration tests to red teaming exercises. Prior to independent consulting, Jamie was the Director of Cyber Security Assessments at RBC, a Senior Penetration Tester for the Department of National Defense, and a developer for over 10 years. When not on an engagement, he can be found competing in and building CTFs or exploring the world of distributed ledger technology security.

Photos (11)