Skip to content

OWASP AppSec Conference NZ

Nathansoftware had the opportunity to attend the OWASP NZ Day conference this week. Conference bio:

“We are proud to present the 13th OWASP New Zealand Day conference, to be held at the Auckland University of Technology (AUT) City Campus on Thursday and Friday, July 6th and 7th, 2023. OWASP New Zealand Day is a two-day conference dedicated to web and application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications. The conference is presented by the OWASP New Zealand Chapter and organised by AppSec New Zealand Incorporated.

There will be two presentation streams throughout the conference. The first stream will include introductory talks on application and information security topics, as well as on policy, compliance, and risk management. The second stream will primarily address deeper technical topics. Talks featuring OWASP projects and tools are particularly encouraged, as are talks by members of under-represented communities.”


Over 20 sessions hosted by industry professionals across a huge variety of organisations within NZ and globally.


Wide ranging topics focusing on DevOps, development pipelines, privacy and even blockchain security.


Specific CVEs, exploits and methodologies were shared at the conference to up-skill and provide technical growth.

Spotlight on Blockchain

Our focus session from the conference was an excellent talk by Stephen Morgan entitled “The Many Sins of Web3”.

“This may shock you, but…did you know that many of the assertions made by blockchain advocates weren’t entirely accurate?!? Let us cherry pick the worst security offenses from a retired cryptocurrency early adopter.

Whether it is the future of finance or a technological Wolpertinger, blockchain and its dependencies sure made a splash in the last few years. Amongst the many promises were how secure the technology was, but what is “security” in the context of cryptocurrencies and what can we learn from the sector as developers and security practitioners in fiat-land? If this thing is so secure, then why is my bridge wiped, and all my apes gone? This talk will explore both the obvious (self-custody, immutability, pseudo-anonymity) and less obvious (UX, programming language design) issues with blockchain broadly from a technological angle, without all the societal posturing and misappropriation of client funds.”