OWASP Kathmandu

owasp kathmandu

Greetings

Namaste and welcome to the OWASP Kathmandu group from the beautiful country Nepal.
OWASP Kathmandu local chapter is a community of aspirants and enthusiasts in the Information Security domain to help improve application security, build a robust community, interact through various events and meetups, and represent the Nepalese infosec community globally.

OWASP Kathmandu community is committed to educating people about application security awareness and challenges.We strongly believe in improving software security and work tirelessly to make the world safer. We need to work together as a community to achieve this goal. Application security is a broad term encompassing many areas, including secure coding practices, code review, threat modeling, security testing, cryptography, and network security. Each of these areas is a topic on its own, but they all fall under the application security category. While there are many different factions within the application security community, there are two main groups of people who want to improve the security of applications: Developers and Security Professionals. Each group brings different skills and expertise to the table, and they must work collaboratively where we as a community will educate, practice, and spread the word! Our core goal is to advance application security and share information about the latest research and best practices in this field.

Participation

Everyone is welcome and encouraged to participate in Local Chapters, Events, Online Groups and Community Page Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Next Meeting/Event

Local Chapter Sponsors

Eminence Ways Softwarica SecurityPal TechKraft Cedargate Technologies Vairav Technology GRCPN

We are extremely grateful for the support of our sponsors for the OWASP Kathmandu Local Chapter meetup. We thank Eminence Ways, a pioneer and finest cybersecurity firm in Nepal, for providing more than support to make this event successful. Additionally, we are grateful to Softwarica College, SecurityPal SOCC, TechKraft Inc, Cedar Gate Technologies and Vairav Technology. Without their help, we would not have been able to host the event. It is a pleasure to have their support and we thank them for supporting us.

Community Partners

THREAT CON

Capture The Flag (CTF) Sponsors

Burp Bounty Silent Push Wappalyzer cyberwarfare hacksec

Acknowledgements:

  1. Yogesh Ojha(@arthabihin) from Citrana Creatives for logo and sticker design.
  2. Niraj Shrestha from Eminence Ways for logo design.

Previous Events

Name Date Venue Participants Speakers
Meetup-0x01 3 Sep, 2022 Eminence Ways 46 Kailash Bohara, Smaran Chand , Nirmal Thapa, Nicky Singh, Santosh Bhandari
Meetup-0x02 14 Jan, 2023 Softwarica College 117 Veshraj Ghimire, Smaran Chand , Ayushman Thapa Magar, Subarna Adhikari, Mahesh C. Regmi, Sushmita Poudel, Atul Gautam
Meetup-0x03 22 Apr, 2023 SecurityPal 234 Shishir Subedi, Nabeen Tiwari, Pratik Paudel, Ravi Mandal, Samir Gautam, Aaditya Khati, Bibek Dhakal
Meetup-0x04 08 Jul, 2023 TechKraft Inc. 135 Samip Pokharel, Punit Jajodia, Saugat Pokharel, Sweeti Chauhan, Arbind Shakya
Meetup-0x05 07 Oct, 2023 Cedar Gate Services Nepal 127 Suraj Ghimire, Prason Pandey, Sushil Phuyal, Nirmal Dahal, Sahil Ojha
Meetup-0x06 01 Jun, 2024 Vairav Tech 263 Amrit Aryal, Jeewan Bhatta, Sushil Phuyal, Sangay Lama/Subekshya Pradhan,Veshraj Ghimire
Meetup-0x07 26 April, 2025 SecurityPal 221 Bishal Shrestha/Nirmal Thapa, Atul Gautam, Santosh Kumar Neupane, Shreenkhala Bhattarai, Gaurab Silwal, Samir Gautam/Drabid Subedi

Talk Titles

0x01

  1. Present and future of infosec in Nepal
  2. Tools for Web Security Testing
  3. Recon like a Pro
  4. Bugcrowd August XSS challenge
  5. ATO by chaining multiple vulnerabilities.

0x02

  1. Reversing N-days, A primer
  2. Securing your infrastructure on AWS
  3. In-Depth Overview of Improper Access Control
  4. Introduction to Web3 Security
  5. Securing your website: Implementing CSP
  6. Nucci Tool
  7. Security in AI & ML

0x03

  1. AppSec and Defence Simplified
  2. Haylxon Tool
  3. GRC Information Security Management
  4. Handling Sensitive Data in the Service Industry
  5. When Security Meets Compliance
  6. Defensive Security Strategies for Modern Applications
  7. IOS Security Testing Made Simple

0x04

  1. The Art of Evasion and Detection
  2. How to sell cybersecurity to finance
  3. Abusing device login flow to steal access tokens of Facebook Users
  4. Password Power: Strengthening Organisational Security
  5. Container Security Unveiled: Understanding and Tackling OWASP Docker Top 10

0x05

  1. Soft Security: GRC
  2. Vulnerable APIs: When dumbness turns dangerous
  3. Bypassing the Facebook preview system
  4. Introduction to hardware hacking, where to begin
  5. Diving into Azure Service vulnerabilities

0x06

  1. LLM Hacking With Prompt Injection
  2. Pentesting Jenkins: Securing Your CI/CD Pipelines
  3. Pioneering Security Testing and Validations
  4. Operation: Red Rose

0x07

  1. Breaching the perimeter: Our Most Impactful Bug Bounty Findings
  2. Exploiting Holes with No Leaks
  3. Data Breach Aftermath: Policies that Failed to Protect
  4. From Packet to Proof: Reconstructing a SIP Call for Digital Evidence
  5. From Container to Control
  6. AI and Its Effect on Security and Society

CTF Winners and Writeups

Name Winners Writeup Link
Meetup-0x01 Mahesh Regmi, Bishal Shrestha Solution
Meetup-0x02 Veshraj Ghimire, Srijan Adhikari Solution
Meetup-0x03 Veshraj Ghimire, Srijan Adhikari Solution
Meetup-0x04 Mahesh Regmi and team Solution
Meetup-0x07 Grishma Acharya, Jenish Shahi, Gajendra Mahato Solution
Watch Star