OWASP Ghana
OWASP Ghana
Welcome to the Ghana chapter homepage. The chapter leaders are Ash Dastmalchi and Hassan Abudu. Follow chapter news on Twitter at http://twitter.com/OWASPGhana
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter Policy. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Supporter/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Meeting Supporters
The following is the list of organisations who have generously provided us with space for OWASP Ghana chapter meetings:
Chapter Volunteers
Volunteering carries many benefits including meeting great people, learning new skills, and above all – fun! We appreciate the assistance that our volunteers provide to ensure our events run smoothly. If you would like to help out for few hours with administrative tasks on the day of events, please reach out via email or twitter. The following is the list of organisation(s) who have provided us volunteers:
Stay in Touch
Next Meeting/Event(s)
Chapter meetings are held several times a year, typically at a location provided by our current facility sponsor.
Our next meeting will be online and it will take place on Saturday, February 26, 2022 from 11 AM to 1 PM Greenwich Mean Time (GMT).
Further meeting details can be found on Meetup page. Please visit https://www.meetup.com/OWASP-Ghana-Chapter/ to view our upcoming and past meetings.
TICKETS:
This event will be free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security.
You can register to learn about our future events via the OWASP Ghana page at meetup.com
Code of Conduct:
- We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://owasp.org/www-policy/operational/events
Speaking at OWASP Ghana Chapter Events
Call For Speakers
Call For Speakers is open - if you would like to present a 15-45 minute talk on Application / Cyber Security at future OWASP Ghana Chapter events - please review and agree with the OWASP Speaker Agreement and submit your talk/presentation Ghana Leaders
Please note that you can also pair up with a colleague and present a joint talk. Please ensure that your talk is objective, stresses open source approaches, and avoids references to any commercial offerings of your company. We are looking forward to your submissions
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.
Past Events
Saturday May 28, 2022 11am-1pm
Location: Online
Attendance: 47 participants
TALKS:
-
Opportunities on OWASP Top 10 - Kwaku Sarpong Manu (kusama) (Slides PDF) (Slides PDF)
-
Finding 0days in Enterprise Web Applications - Shubham Shah (Youtube link)
SPEAKERS:
Kwaku Sarpong
- Kwaku Sarpong is a Computer Engineer with a knack for systems design and testing. Some personal interests include data analysis, software development and IoT. When not actively researching Kwaku likes to beach, listen to music and read
Shubham Shah (https://shubs.io/)
- Co-founder, security researcher. Building an attack surface management platform at Assetnote
Saturday February 26, 2022 11am-1pm
Location: Online
Attendance: 21 participants
TALKS:
-
Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico (Youtube link)
-
Pwning a shell via MSSQL DBMS - Abu Safian Blay (Slides PDF)
SPEAKERS:
Jim Manico(@manicode)
- Manicode Security (Founder, CEO) and Application Security Educator
Abu Safian Blay
- BLAY ABU SAFIAN is an Engineer with a deep background in Offensive security, Security Research, Exploit Development, Advanced Penetration Testing and Bug hunting. He is an International Trainer, Speaker and the Founder of Inveteck Global based in GHANA. He is also the formal CTF Team Lead for Black Cybersecurity Association (USA).
Saturday 14th March 2020 10am-2pm
Location: Ghana Tech Lab, Accra Digital Lab, Ring Road West, Accra.
Attendance: 62 participants
TALKS:
-
Learn and Practice InfoSec with CTF - Okai Yeboah (Slides PDF)
-
Offensive Googling - Abu Safian Blay (Slides PDF)
-
Phishing in Depth - Eric Nii Sowah Badger (Slides PDF)
-
Browser Security Headers - Emmanuel JK Gbordzor (Slides PDF)
SPEAKERS:
Okai Yeboah(@king_kloy)
- A Computer Science student at the Kwame Nkrumah University of Science and Technology who love building, breaking and researching into applications. He spends most of his free time playing CTF and hanging around IRC channels.
Abu Safian Blay
- An Electrical and Automation Engineer. Founder of Inveteck Global. Advance Penetration Tester. Defcon China 2.0 attendee
Eric Nii Sowah Badger(@ens_nii)
- Software Developer / Certified Ethical Hacker. Pen tester and ctf player on Hackthebox
Emmanuel JK Gbordzor(@egbordzor)
- Information Security Manager by day and Cyber Security student by night.
Saturday 21st September 2019 10am-2pm
Location: Ghana Tech Lab, Accra Digital Lab, Ring Road West, Accra.
Attendance: 55 participants
TALKS:
-
WAF Filter 404 Not Found - Blay Safian (Slides PDF)
-
Lighting Talk on Broken Authentication: What it means, and what you can do - Hassan Abudu (Slides PDF)
-
Wireless Security and its Discontents - Boyan Lazarevski (Slides PDF)
SPEAKERS:
Blay Safian
- An Electrical Engineering and Automation Degree holder and a certified Advance Penetration tester. Defcon China 2.0 attendee.
Boyan Lazarevski(@BoyanLazarevski)
- Boyan is a certified IT Operations Specialist with a passion for computer hardware and cybersecurity.
Hassan Abudu(@hassanabudu)
- Hassan is OWASP Ghana chapter co leader, a web developer, a teacher and a technologist in general.
CTF for Developers:
OWASP Ghana Chapter is pleased to announce the 2019 OWASP Ghana CTF Tournament for Application Developers.
CTF (Capture The Flag) is a type of computer security competition. Contestants are presented with a set of challenges and puzzles which test their creativity, technical coding (and googling) skills, and problem-solving ability. Challenges usually cover a number of categories and when solved, each yields a “flag” which is submitted to a real-time scoring service. The difficulty levels are from beginners to advanced. CTF tournaments are a great and fun way for software developers to learn a wide array of cyber security / application security skills in a safe and legal environment. Most programming languages supported. IMPORTANT: Please bring your own LAPTOP and a charger for it to this event
This CTF environment is kindly provided by Secure Code Warrior.
Saturday, 8th June 2019 10am-2pm
Location: Department of Computer Science, University of Ghana, Legon, Accra.
Attendance: 65 participants
TALKS:
- The State of Phishing Attack Vector - Isaac Kweku Acheampong (Slides PDF)
- Lighting Talk on HTTPS - Hassan Abudu (no slides)
- Smart Grid IoT Security - Kwaku Sarpong Manu (Slides PDF)
- Achilles and the Bee - Fabiola Amedo (Slides PDF)
- Anatomy of a DNS Cache Poisoning Attack - Boyan Lazarevski (Slides PDF)
SPEAKERS:
Isaac Kweku Acheampong
- Isaac is currently working as a Facilities Manager, holds BSc IT and Sec+ certified.
Kwaku Sarpong Manu(@_kwaku__)
- Kwaku is a Graduate Computer engineering student from KNUST. Avid reader, active sportsman and student politician. He’s also an student Consultant at GWCL, advising the Technology and Innovation Department.
Fabiola Amedo(@fabluzi)
- Fabiola is currently working at KPMG Ghana as an IT advisory professional.
Boyan Lazarevski(@BoyanLazarevski)
- Boyan is a certified IT Operations Specialist.
Saturday, 16th March 2019 10am-2pm
Location: Department of Computer Science, University of Ghana, Legon, Accra.
Attendance: 85 participants
TALKS:
- OWASP Introduction, Welcome and News - Ash Dastmalchi (Slides PDF)
- Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leader.
- Your web server has been hacked now what? by Archzilon Eshun-Davies (Slides PDF)
- A walk through on what to look out for after a web server has been hacked by analysing the logs and how to prevent future hacks.
- Cross-Site Scripting Attacks (XSS) by Adam Nurudini (Slides PDF)
- Intro to XSS, how it works, what it affects and how to prevent it along with a live demo.
- OWASP Juice Shop Project video presentation by Bjoern Kimminich (Youtube.com)
- A playback of recording from OWASP BeNeLux-Days 2018 giving a complete introduction to the OWASP Juice Shop including a live demonstration of the application and how to hack it.
SPEAKERS:
Adam Nurudini (@Bra__Qwesi)
- Adam Nurudini is the Lead Security Researcher @ Netwatch Technologies, project Consultant, Information Security Architects Ltd, Member, Cybersecurity Resilience Service Team and a Web Application Penetration Tester. He is also the president of the GIMPA School of Technology Students Association and Black Hat Attendee.
Archzilon Eshun-Davies (@laudarch)
- Arch is CISO and CEO of Tactical Intelligence Security(TAISE)
Bjoern Kimminich (@bkimminich)
- OWASP https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Juice Shop Project Leader, more Information about Bjoern can be found via his OWASP profile page by https://www.owasp.org/index.php/User:Bjoern_Kimminich clicking here
Saturday, 24th November 2018 2pm-5pm
Location: GIMPA School of Technology, Greenhill, Accra. (Legon Bypass)
Attendance: 120 participants
TALKS:
- OWASP Introduction, Welcome and News - Ash Dastmalchi
- Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leader.
- OWASP Risk Rating presented by OWASP Risk Rating Management - Yoseman Putra (Slides Online)
- OWASP Risk Rating Management Project is a tool projects aim to educate user who want to assessment more than one or many web application using owasp risk rating methodologies. The project page can be visited by clicking here https://www.owasp.org/index.php/OWASP_Risk_Rating_Management
- Defensive Coding - Archzilon Eshun-Davies (Slides PDF)
- A talk on defensive coding practices regardless of the language used.
- Open-Source Intelligence (OSINT) - Adam Nurudini (Slides PDF)
- A run down on what is OSINT, methods of data gathering via various resources, followed by a hands-on demo using open source tools.
- Wordpress Security - Nii Ankrah (Slides PDF)
- Wordpress Content Management Systems has gained a lot of popularity since its initial launch thanks to its user friendliness and the vast collection of plugins and themes. It is estimated 30% of the world’s website are powered by Wordpress. Like any other web application it is important you deploy and manage properly to ensure your data is safe. Sadly this has not been the case, with over 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. This talk will focus on how to deploy Wordpress safely and managing wordpress instances in a way that safeguards the application from common vulnerabilities and attacks.
SPEAKERS:
Ade Yoseman Putra (@johnleedik)
- OWASP Jakarta Indonesia Chapter Leader, more Information about Ade can be found via his OWASP profile page by https://www.owasp.org/index.php/Ade_Yoseman_Putra clicking here
Archzilon Eshun-Davies (@laudarch)
- Arch is CISO and CEO of Tactical Intelligence Security(TAISE)
Adam Nurudini (@Bra__Qwesi)
- Adam Nurudini is the Lead Security Researcher @ Netwatch Technologies, project Consultant, Information Security Architects Ltd, Member, Cybersecurity Resilience Service Team and a Web Application Penetration Tester. He is also the president of the GIMPA School of Technology Students Association.
Nii Ankrah (@niiankrah)
- Nii has transitioned into information security with special interest malware analysis and helping companies achieve a good cyber security posture His engagements over the period include performing data centre and physical security reviews for clients within various industries, vulnerability assessments, application security audits and incident response.
Saturday, 18th August 2018 2pm-5pm
Location: Kofi Annan ICT Centre, Ridge, Accra. (Next to Ministry of Communications)
Attendance: 70 participants
TALKS:
- OWASP Introduction, Welcome and News - Ash Dastmalchi & Hassan Abudu
- Welcome and a brief update on OWASP Projects & Events from the OWASP Ghana Chapter Leaders.
- Injection Attack - Hassan Abudu (Slides PDF)
- A quick primer of injection attacks including SQL injection.
- Bypassing Security Restrictions , The case of CVE-2018-5955” - Adam Nurudini (Slides PDF)
- Exploiting Server Side Template Injection with TPLMAP - Divine Tsa (Slides PDF)
- Insecure Direct Object Reference IDOR(Broken Access Control)” - Eric Biako (Slides PDF)
SPEAKERS:
Hassan Abudu(@hassanabudu)
- Hassan Abudu is OWASP Ghana chapter co-leader. A Stanford University graduate, Hassan started the Freecodecamp in Ghana teaching students via weekly sessions various aspects of Web Development. He’s also a freelance web developer and a part time artist.
Adam Nurudini (@Bra__Qwesi)
- Adam Nurudini is a web application penetration tester at Netwatch Technologies and a recent Black Hat Asia attendee.
Divine Tsa (@selormofmars)
- Divine Tsa is a cybersecurity engineer at a reputable tech company. He helps develop information security plans and policies, tests for vulnerabilities, monitors and investigates security breaches. During his 10 years experience in information technology, he has served in a variety of leadership, technical, and information security roles, including implementing the cybersecurity project in the central bank. Divine holds a bachelors degree in business administration and a post graduate diploma in IT from GIMPA.
Eric Biako
- Eric has a Bsc in IT and a CEH v9. He’s currently an Information security officer at E-connecta as well as moderator at Legal hackmen.