OWASP Ottawa

🎤 Call for Speakers: OWASP Ottawa Monthly Meetups 🎤

OWASP Ottawa is actively looking for speakers to present at our monthly meetups, and we warmly encourage first-time and beginner speakers to apply. Our chapter typically meets on the third Wednesday of each month.

If you’re passionate about cybersecurity and enjoy sharing knowledge, we’d love to hear from you.

📌 What speakers should know:
• OWASP Ottawa is a vendor-neutral, open-source community focused on improving software security.
• We are also open to speakers who wish to present cybersecurity-focused talks that are not related to software security.
• However, all talks must be strictly non-commercial.
• Presentations should focus on education, research, open-source tools, or community benefit.
• Talks must not be used to promote products, services, or sales activities.
Company or tool references are allowed only when needed for technical context, not endorsement.

🕰️ Talk formats:
15, 30, or 50 minutes - your choice.

If you’ve been thinking about speaking but weren’t sure where to start, OWASP Ottawa is a supportive and inclusive place to share your ideas.

Apply using the Google Form linked in this post. We’re excited to hear your ideas and help amplify voices across the cybersecurity community!

Google Form: https://docs.google.com/forms/d/e/1FAIpQLSe4W7iFl8bNQKZmBFQINGbMufktebe-hJ-4z-QjelzRGrWdwQ/viewform?pli=1

#OWASP #Ottawa #Cybersecurity #CallForSpeakers #InfoSec #AppSec #Community #PublicSpeaking

OWASP Ottawa February 2026 Meetup - Featuring Fennix! 🚨

#OWASP #Ottawa is excited to announce our February 2026 meetup featuring Fennix (a.k.a Chris Shepherd) present their talk “E-Waste? In This Economy?: Building a testing lab at home on the cheap”.

Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117

⏰ Time:
Wednesday February 18th
6:00 PM EST - Arrival & networking
6:30 PM EST - Technical Talk

https://github.com/OWASP-Ottawa/chapter-guide/blob/main/Nextevent/tab_nextevent.md

#homelab #appsec

🎤 Call for Speakers: OWASP Ottawa Monthly Meetups 🎤

OWASP Ottawa is actively looking for speakers to present at our monthly meetups, and we warmly encourage first-time and beginner speakers to apply. Our chapter typically meets on the third Wednesday of each month.

If you’re passionate about cybersecurity and enjoy sharing knowledge, we’d love to hear from you.

📌 What speakers should know:
• OWASP Ottawa is a vendor-neutral, open-source community focused on improving software security.
• We are also open to speakers who wish to present cybersecurity-focussed talks that are not related to software security.
• However, all talks must be strictly non-commercial.
• Presentations should focus on education, research, open-source tools, or community benefit.
• Talks must not be used to promote products, services, or sales activities.
Company or tool references are allowed only when needed for technical context, not endorsement.

🕰️ Talk formats:
15, 30, or 50 minutes - your choice.

If you’ve been thinking about speaking but weren’t sure where to start, OWASP Ottawa is a supportive and inclusive place to share your ideas.

Apply using the Google Form linked in this post. We’re excited to hear your ideas and help amplify voices across the cybersecurity community!

Google Form: https://docs.google.com/forms/d/e/1FAIpQLSe4W7iFl8bNQKZmBFQINGbMufktebe-hJ-4z-QjelzRGrWdwQ/viewform

#OWASP #Ottawa #Cybersecurity #CallForSpeakers #InfoSec #AppSec #Community #PublicSpeaking

Thank you to Vincent Dragnea for an excellent presentation at our first #OWASP #Ottawa meetup of 2026.

Also thank you to uOttawa | Faculty of Engineering | Faculté de génie for the amazing venue and Software Secured for the pizza.

#appsec #infosec

#OWASP #Ottawa would like to acknowledge the gracious support from Software Secured for our January Meetup. Their support for the Ottawa Security community through our chapter brings helps us all to skill up.

www.softwaresecured.com

#AppSec #infosec #aisec

Reminder this Wednesday.

🚨 OWASP Ottawa January Meetup – Featuring Vincent Dragnea! 🚨

#OWASP #Ottawa is excited to announce that we are hosting our first monthly meetup of the year! We’re thrilled to welcome Vincent Dragnea to our in-person meetup at the University of Ottawa on January 21, 2026.

RSVP at:

meetup.com/owasp-ottawa/events/312793912

📅 Date: January 21, 2026
⏰ Time: 6:00 PM EST – Arrival, networking & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
🎙️ Talk: "SameSite...or not? Bypassing SameSite cookie protections in browsers"

SameSite cookies are often relied upon too heavily to prevent cross-site request forgery, yet, due to browser implementations, these cookies can be included in unexpected requests. This talk demonstrates novel techniques to attach SameSite=Strict cookies to GET requests originating from another site, including a Google Chrome vulnerability (CVE-2025-8581) discovered while researching these methods. This material aims to help researchers identify insecure behaviors, as well as teach developers how to avoid them.

📺 Can’t make it in person? Watch live on the YouTube channel at youtube.com/@OWASP_Ottawa

🚨 OWASP Ottawa January Meetup – Featuring Vincent Dragnea! 🚨

#OWASP #Ottawa is excited to announce that we are hosting our first monthly meetup of the year! We’re thrilled to welcome Vincent Dragnea to our in-person meetup at the University of Ottawa on January 21, 2026.

RSVP at:

https://www.meetup.com/owasp-ottawa/events/312793912/

📅 Date: January 21, 2026
⏰ Time: 6:00 PM EST – Arrival, networking & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
🎙️ Talk: "SameSite...or not? Bypassing SameSite cookie protections in browsers"

SameSite cookies are often relied upon too heavily to prevent cross-site request forgery, yet, due to browser implementations, these cookies can be included in unexpected requests. This talk demonstrates novel techniques to attach SameSite=Strict cookies to GET requests originating from another site, including a Google Chrome vulnerability (CVE-2025-8581) discovered while researching these methods. This material aims to help researchers identify insecure behaviors, as well as teach developers how to avoid them.

📺 Can’t make it in person? Watch live on the YouTube channel at @OWASP_Ottawa@www.youtube.com

🚨OWASP Ottawa November Meetup – Featuring René Walendy!🚨

We’re thrilled to welcome René Walendy to our next in-person meetup at the University of Ottawa on November 12, 2025.

📅 Date: November 12, 2025
⏰ Time: 6:00 PM EST – Arrival, networking & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 564
🎙️ Talk: “Your Trusted Hardware Isn't - Why Silicon belongs in the Threat Model”

Modern security stacks assume that hardware is honest: CPUs execute the correct instructions, random number generators are truly random, and "secure enclaves" are actually secure. But none of these assumptions are guaranteed.

This talk explores hardware Trojans: malicious modifications buried in silicon that can leak secrets, weaken cryptography, or silently bypass your best defenses. We’ll follow a concrete example -- sabotaging a CPU's true random number generator -- and see how a few altered transistors can undermine TLS, disk encryption, and authentication without leaving software-visible evidence.

📺 Can’t make it in person? Watch live on the YouTube channel at @OWASP_Ottawa@www.youtube.com

🔗 RSVP here: https://www.meetup.com/owasp-ottawa/events/311779321/

Don’t miss this chance to hear from a PhD researcher (and hardware hacker), and grab some pizza 🍕.

#OWASP #Ottawa #Cybersecurity #HardwareHacking #InfoSec #ThreatModeling

On Saturday, October 18th, 2025, OWASP Ottawa conducted the "Pentest 101" workshop.

The workshop was delivered by Chris Shepherd, an important member of our volunteer team, and led 38 attendees through the lifecycle of a web application penetration test. Chris covered reconnaissance (gathering information about our target web application), testing security controls using browser and dev tools only (testing for SQL Injection), and then using ZAP proxy to intercept and replay requests to perform attacks such as XSS and SSRF. Chris also walked attendees through how to prepare a professional write-up for these findings so that technical and non-technical people can understand the details and impact of these findings.

OWASP Ottawa would like to officially thank our workshop sponsors for supporting this event (in no-particular order):
1. @uottawa@mastodon.social Faculty of Engineering and the uOttawa-IBM Cyber range for providing the required infrastructure to host the event.
2. @owasp@infosec.exchange for providing the OWASP Juice Shop application used as the targeted web application and SWAG
3. Packetlabs for providing pizza and SWAG
4. DeviousPlan for providing beverages

Lastly, OWASP Ottawa would like to thank all the attendees for attending this workshop and the volunteers who dedicated their time to make this workshop a success.

If you would like for OWASP Ottawa to organize more such workshops, please leave a comment below indicating what workshops you would like us to organize.

#owasp #ottawa #appsec #pentest #Cybersecurity

This past week, OWASP Ottawa had the pleasure of hosting @SheHacksPurple@infosec.exchange who's presentation titled " Secure Code Is Critical Infrastructure" gave us insights into her journey lobbying for the Canadian Government to implement a secure coding policy. During her talk, Tanya discussed her efforts to reach out to the elected officials and agencies like CRA to implement her (free) secure coding policy.

Thank you, Tanya for an amazing presentation, and we look forward to more talks from you in the future!

Missed this session? You can catch the recorded version of this talk on our YouTube channel.

📹 : https://www.youtube.com/watch?v=ckC5TGGCE9w

#owasp #ottawa #Cybersecurity

Last night, OWASP Ottawa had the pleasure of hosting Robert Babaev for his insightful talk, titled "(Finally) Sufficient Logging and Monitoring - MCP Edition".

Attendees learned about the importance of sufficient logging and monitoring in web applications, and the problems insufficient monitoring and logging can lead to.

Thank you, Robert Babaev for this amazing talk, and we look forward to more talks from you in the future.

Missed this talk? Check out the recorded version of this talk on our YouTube channel, along with plenty of our past talks!

📹 : https://www.youtube.com/watch?v=tza_3tzOvjE

#owasp #ottawa #Cybersecurity #appsec

📢 OWASP Ottawa September Meetup – Logging, Monitoring & MCP Security 📢

Join us in person at the University of Ottawa on September 17, 2025, for our next technical deep dive into one of the most overlooked yet critical aspects of cybersecurity: observability.

📅 Date: September 17, 2025
⏰ Time: 6:00 PM EST – Arrival, networking & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
🎙️ Talk: “Finally! Sufficient Logging and Monitoring (MCP Edition)”
👨‍💻 Speaker: Robert Babaev

Observability is often neglected, yet it’s a cornerstone of effective security. Robert will explore:
🔹 Centralized logging, metrics, and tracing
🔹 Building a lightweight SIEM
🔹 Practical tips & tricks for developers
🔹 Why strong monitoring matters in the age of AI & MCP

📺 Can’t join in person? You can catch the livestream on our YouTube channel at @OWASP_Ottawa@www.youtube.com

🔗 RSVP here: https://www.meetup.com/owasp-ottawa/events/310972006/

Come for the learning, stay for the community (and pizza!). 🍕

#OWASP #Ottawa #Cybersecurity #AppSec #Logging #Monitoring #Observability #MCP #InfoSec #Networking

Adam kicks off a full house for #OWASP #Ottawa August meetup.

📢 OWASP Ottawa August 2025 Meetup 📢

OWASP Ottawa is back from our summer break! Join us in person at the University of Ottawa for our next OWASP Ottawa meetup on August 20, 2025, where we’ll dive into not one, but two timely and impactful talks at the intersection of cybersecurity, AI, and real-world application security.

📅 Date: August 20, 2025
⏰ Time: 6:00 PM EST – Arrival, setup & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117

🎙️ Talk 1: "Doing More with Less: An Adaptive, Label-Efficient Approach to Fraud Detection from Day One" with Bahar Afshar
👥 Speaker: Bahar Afshar, Master’s in Computer Science candidate with specialization in AI at University of Ottawa
Discover an innovative approach on how to detect financial fraud using adaptive, label-efficient AI approaches, even when labeled, fraudulent data is scarce. A must-see for those in finance, security, and AI research.

🎙️ Talk 2: "Beyond APIs: MCP Security for AI Integrations" with Harsh Makwana
👥 Speaker: Harsh Makwana, M.Eng, Aplication Security Consultant at Software Secured
Model Context Protocol (MCP) is becoming the standard for LLM integration with external tools, but this increasingly fast adoption rate is coming at the cost of missed security challenges. Learn the security strategies necessary to build hardened AI agents.

📺 Can’t join in person? We’ll livestream on YouTube on our channel: @OWASP_Ottawa@www.youtube.com

🔗 RSVP now: https://www.meetup.com/owasp-ottawa/events/310273515/

Come learn, network, and grab some pizza 🍕 with Ottawa’s cybersecurity community!
.
.
.
.
.
.
.
.
#OWASP #Ottawa #Cybersecurity #InfoSec #Networking #AI #AISecurity #FraudDetection #MachineLearning