What we're about

The Wellington OWASP chapter is targeted to you! We aim to have web security topics that will be understood by the wider web and development community in Wellington, to help you understand the issues surrounding security in the internet age, and give you advice and tips on how to make your applications more secure.

This meetup isn't just for security specialists or hackers - and is open to everyone to attend.

We are technology agnostic, as web security concepts translate across development and front-end stacks. We won't hard-sell any particular vendor products or services.

Previous talks are recorded and available on the Past Meetups below, and linked from the OWASP NZ wiki page. (https://www.owasp.org/index.php/New_Zealand)

If you're interested in other security events in Wellington, this page is for you! (https://www.meetup.com/OWASP-Wellington/pages/23870317/Wellington_Security_Meetups_and_Groups/)

Upcoming events (1)

"Breaking Into Infosec" & "Keeping secrets secret"

Needs a location

Come along to our next OWASP Wellington Meetup, there will be pizza, people, and presentations!

Arrive from 5:30pm, and we'll start around 5:45pm. Dave is a first time speaker, which is AWESOME! Olly is a super knowledgeable & friendly local infosec pro.

Given the removal of COVID Traffic Lights we're making masks optional, and bringing back pizza and fizz! Please only attend if you are well, and please only RSVP if you're coming so that we order the right amount of food & drink.

❤️This event is kindly hosted by the good people at RedShield.❤️

Talk 1: Breaking Into Infosec

Working in Infosec is a fascinating and rewarding career like no other. However, despite news stating there is a shortage of skills in the industry, competition is high and gaining the skills and experience to succeed is challenging. This talk covers not only technical demonstrations which explore penetration testing of web applications, but questions the idea of red-teaming altogether. Follow along Dave's global journey about breaking into the infosec industry, with insights from taking down Russian criminals with the RIPE NCC, chasing a security internship at Google, and the countless challenges and considerations before finally landing a job as Security Consultant.

Dave Reeves works as a penetration tester at Aura Information Security, based out of Wellington, NZ. He has used computers from an early age, has professional experience in industrial systems and robotics, knowledge in software engineering, cloud, machine learning, digital forensics, and has studied Mandarin Chinese for more than 10 years.

Talk 2: Keeping secrets secret

Having worked with a range of teams and organisations, from serverless startups, to big banks, to scientific organisations - I know there’s no one-size-fits-all approach to secrets management. I also know there are so many code bases out there with API Keys hard coded into them (I know, I’ve found my fair share!).

In this talk I lay out the fundamentals of good secrets management, identity and access management and the building blocks for workload identity. I’ll introduce some open-source tools and resources that will help enable teams to improve their secrets management with minimal time and effort. I’ll answer the question of how do you move from committing keys to source control, to modern secrets management (e.g. HashiCorp Vault) in small, meaningful, approachable steps.

Olly is a Cloud Native Security Engineer at Control Plane. He helps teams improve the security and automation of their Platforms and Pipelines.


Past events (29)

Photos (5)