OWASP AppSec Day

AppSec Day is Australia’s only conference dedicated entirely to building and deploying secure web and mobile applications, covering DevSecOps practices for fast Agile software delivery environments. We aim to provide a welcoming environment for developers, testers, devops engineers and security professionals. To improve their knowledge, skills and to network with other like minded professionals.


In 2017 we sold 300 tickets to AppSec Day, with a successful event and positive feedback we expanded our venue and for AppSec Day 2018, doubled in size with a sold out crowd of 650 software developers, testers, devops engineers, students and security professionals, interested in learning about building secure web and mobile applications, covering DevSecOps practices for Agile software delivery environments. The feedback from our 15+ sponsors has been positive year after year, with our major sponsor The CommonWealth Bank being with us from the start, supporting us as we grow and helping us succeed in our mission of providing security awareness to as many technology and security professionals as possible. For AppSec Day 2019 we are anticipating similar growth, with over 900 delegates expected. To accommodate this growth, we have locked in a professional conference venue, that will allow us to expand into the future, but continue to provide a welcoming and professional experience for all our delegates, supporters and sponsors.

OWASP Foundation

Open Web Application Security Project (OWASP) is an open-source, not for profit association. Providing free, vendor-neutral and practical application security guidelines such as the OWASP Top 10. OWASP is the de facto standard-setting body for web application security. OWASP has a strong open and global community with over 45,000 participants, and more than 125 organisational and academic supporters. With 200 local chapters across 6 continents in 117 countries.

The Team

The OWASP Melbourne chapter is a not-for-profit, volunteer run group with a focus on educating technology and security professionals on building secure products, including software security and DevSecOps practices. We cater to beginners and advanced members alike. Our presentations are designed for people in the technology industry. Developers, DevOps engineers, testers, security advisors, penetration testers and application security enthusiasts. Our events are aimed at providing relevant, practical and actionable knowledge, that translates to stronger security and robust software.

Julian Berton

Conference Founder & Lead

Julian is a Principal Security Engineer at SEEK, volunteer and founder of OWASP AppSec Day (appsecday.io) conference, chapter lead of the OWASP Melbourne chapter and sits on the Paper Review Board for BSides Melbourne and DevSecCon. He also gives talks and publishes blogs to educate security and technology professionals. A few recent presentations have been at DevOps Talks, DevSecCon, OWASP Melbourne, TConf & NDC Sydney.

Daniel Ting

Conference Staff

Currently a Security Architect & Penetration Tester at Hivint, Co-organiser of OWASP AppSec Day, Melbourne, & SecTalks Melbourne.

Path Shah

Conference Staff

Ashish Rajan

Conference Volunteer

Ashish Rajan is an experienced cybersecurity executive and a public speaker with a passion for making security more visible and a business enabler in organisations. Currently a Practice Director of Security & Identity for a 300+ employee startup reporting to the CTO. Responsible for protecting for all data and systems security, protecting records of sensitive, personally identifiable information and corporate intellectual property. Trusted advisor to CEOs, Boards of Directors, executive committees, CTOs and CISOs. Valued for thought leadership, technical acumen, and business-positive approach to managing risks to information. Over ten years of experience leading high-performing technical and non-technical teams. Strong track record of attracting and developing top talent to succeed in security roles.

Nivedita Seewoosunkur

Conference Volunteer

Nive is a security consultant at Shea Information Security, specialising in penetration testing and running social engineering phishing campaigns. She also co-organises haXX, a group dedicated to teaching technical security skills to women who wish to break into the security field. Nive also assists with the ethical hacking module for the masters in cyber security programme at RMIT.

Pamela O'Shea

Review Board Lead

Dr. Pamela O'Shea is Director of Shea Information Security, providing security consulting, training and penetration testing services to clients. Pamela is an industry lecturer at the Royal Melbourne Institute of Technology (RMIT) master's programme in cyber security. Pamela also spends time at SEEK Australia doing application security with her favourite team! She also runs the haXX group to provide technical security classroom training and mentorship to women keen to break into the technical security field. Outside of consulting, teaching and research, Pamela plays with radio and satellite communications and runs the Melbourne CyberSpectrum meetup on Software Defined Radio (SDR).

Louis Nyffenegger

Review Board Member

Louis is a security engineer from Melbourne, Australia. He's the founder of PentesterLab: a platform to learn web security.

Zac Sims

Review Board Member

Zac Sims is currently a Security Engineer at SEEK focusing on application and cloud security, automating security controls and compliance, working on SEEKs bug bounty program, mentoring developers, and implementing secure-by-default options for developers. Prior to working as a Security Engineer, Zac has had extensive experience working as a Developer and Software Architect in native and web technologies. He is passionate about promoting a positive security culture that makes building and adopting security principles a natural part of the development lifecycle. Zac is also committed to working on a range of open-source and security projects in his spare time.

Jeff Thomas

Review Board Member

Jeff is a Security Engineer with over a decade of experience in IT and information security. He leverages his web application and development expertise to identify new and exciting ways to exploit application and logic flaws. He presented at AppSecDay 2018 on finding and exploiting flaws in an enterprise CMS. Past security research includes remote hacking of drones. He also holds multiple information security certifications including OSCE, OSCP, OSWP, and CISSP.

Matt Jones

Review Board Member

Matt is a Partner at elttam, and specialises in low-level source code review and threat management and secure development advisory consulting to leading technology companies.