Sessions List
Here are the Keynotes currently planned for the Summit
| Title | Type | Track | Description |
|---|---|---|---|
| Lessons from the Legion | keynote | Sessions focusing on the strategic challenges facing security practioners | |
| OWASP Juice Shop (Keynote) | keynote | Bjoern will introduce to us the OWASP Juice Shop, probably the most modern and sophisticated insecure web application | |
| OWASP SAMM v2 | keynote | Update on the new version 2.0 of SAMM | |
| OWASP ZAP Heads Up Display (HUD) | keynote | Demonstration of the new OWASP ZAP Heads Up Display (HUD) by Simon | |
| Security Data Science | keynote | Expect Graphs, and Jypiter notebooks ... | |
| The Cynefin framework | keynote | Dave presenting the Cynefin framework, a conceptual framework used to aid decision-making | |
| The Mobile Security Testing Guide (MSTG) | keynote | The MSTG team is working hard on the new release of the Mobile Security Testing Guide (MSTG) during this summit. | |
| The OWASP Top Ten Proactive Controls 2018 | keynote | Jim will cover the OWASP Top Ten Proactive Controls 2018, a list of security techniques that should be included in every software development project | |
| Wardley maps | keynote | Simon presenting Wardley maps, and the use of topographical intelligence in business strategy |
Here are the Sessions currently planned for the Summit
| Title | Type | Track | Description |
|---|---|---|---|
| Agile Practices for Security Teams | working-session | DevSecOps | Agile Practices for Security Teams |
| Android and iOS Security Enhancements and Crackme Apps (Fri) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Mon Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Mon) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Thu Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Thu) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Tue) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Wed Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Android and iOS Security Enhancements and Crackme Apps (Wed) | working-session | OWASP MSTG | Updating the content of the MSTG |
| Application Security Verification Standard | working-session | OWASP Projects | Session on ASVS |
| Cell based Structures for Security | working-session | Wardley Maps | Cell based Structures for Security - Small autonomous security teams and the use of Pioneers, Settlers and Town Planners (PST) |
| Creating a generic diagram of a threat model | working-session | Threat Model | Creating a generic diagram of a threat model |
| Creating a Security Champions network | working-session | DevSecOps | |
| Creating a Threat Library | working-session | Threat Library Working Session | |
| Creating an iOS build pipeline with security checks | working-session | OWASP MSTG | Brainstorming for a iOS pipeline with security checks |
| Customising the Chaos Engineering Toolkit | working-session | Misc | Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns. |
| Cyber Risk Modeling | working-session | Misc | Session on Risk Modeling |
| Dealing with DevSecOps Findings | working-session | DevSecOps | How to deal with the security findings in an appsec pipeline and drive continuous improvement of the testing policies |
| DevSecOps Maturity Model (DSOMM) | working-session | DevSecOps | DevSecOps Maturity Model (DSOMM) |
| Emotional/Multiple Intelligence | working-session | Misc | |
| From Threat Modeling to DevSecOps metrics | working-session | DevSecOps | |
| Hand's on Wardley Maps creation | working-session | Wardley Maps | Want to have a go at creating your own Wardley maps? This training session will give you hands on experience in creating maps for multiple scenarios, with experienced practitioners on hand to guide and help you. |
| How do Cyber Professionals protect themselves | working-session | ||
| How do we persist the information from the TM Slack channel? | working-session | Threat Model | How do we persist the information from the TM Slack channel? |
| Incremental Threat Modeling | working-session | Threat Model | How to scale Threat Modeling |
| Integrating Security Tools in the SDL | working-session | DevSecOps | Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL |
| Introduction to Wardley Maps | working-session | Wardley Maps | New to Wardley maps? This session is for you |
| Jira Schemas | working-session | ||
| Juice Shop Challenge Refactoring | working-session | OWASP Juice Shop | Refactoring the categories and difficulty ratings of the OWASP Juice Shop challenges |
| Juice Shop Hack'n'Code (Mon) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
| Juice Shop Hack'n'Code (Tue) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
| Juice Shop Hack'n'Code (Wed) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
| Juice Shop Release Night | working-session | OWASP Juice Shop | Go-live of new OWASP Juice Shop release |
| Jupyter Training (#1) | working-session | Onboarding and Training | Training Jupyter (1st session) |
| Jupyter Training (#2) | working-session | Onboarding and Training | Training Jupyter (2nd session) |
| Jupyter Training (#3) | working-session | Onboarding and Training | Training Jupyter (3rd session) |
| Lightweight privacy threat modeling using LINDDUN | working-session | Threat Model | Lightweight privacy threat modeling using LINDDUN |
| Lightweight privacy threat modeling using LINDDUN Part II | working-session | Threat Model | Lightweight privacy threat modeling using LINDDUN Part II |
| Mapping boot camp | working-session | Wardley Maps | Wardely Mapping boot camp - Zero to Mapping Hero - By Simon Wardley |
| Mapping OWASP DevSecOps Maturity Model to SAMMv2 | working-session | OWASP SAMM | multiple working sessions on the new SAMMv2 |
| Mobile AppSec Verification Standard (MASVS) | working-session | OWASP MSTG | Work on the open issues of the MASVS |
| Mobile AppSec Verification Standard (MASVS) (Evening) | working-session | OWASP MSTG | Work on the open issues of the MASVS |
| Mobile Basic Security Testing and Reverse Engineering (Evening Session) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Mon Evening) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Mon) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Thu) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Tue Evening) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Tue) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| Mobile Basic Security Testing and Reverse Engineering (Wed) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
| OSS BOT and Argumentation Models | working-session | ||
| OWASP Application Security Curriculum Project | working-session | OWASP Projects | Kick-off session for the new AppSec Curriculum Project, to discuss goals, deliverables, roadmap, etc. |
| OWASP community-docs | working-session | Misc | Documents related to community outreach promoting OWASP content |
| OWASP HoneyPot | working-session | OWASP Projects | Session on OWASP Honeypot |
| OWASP Media Project | working-session | OWASP Projects | Update project docs and plan the next phase of OWASP Media Project |
| OWASP SAMM Training (#1) | working-session | Onboarding and Training | Training OWASP SAMM (1st session) |
| OWASP SAMM Training (#2) | working-session | Onboarding and Training | Training OWASP SAMM (2nd session) |
| OWASP SAMM Training (#3) | working-session | Onboarding and Training | Training OWASP SAMM (3rd session) |
| Protecting JuiceShop with AWS WAF | working-session | ||
| Real world Chaos Engineering | working-session | Misc | An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments. |
| SAMM - Agile guidance | working-session | OWASP SAMM | Discussing the support for Agile development based on SAMM v2 |
| SAMM - Alignment with other OWASP projects (Fri) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
| SAMM - Alignment with other OWASP projects (Thu) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
| SAMM - Alignment with other OWASP projects (Wed) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
| SAMM - Alignment with Threat Modeling | working-session | OWASP SAMM | Aligning the SAMM model with the Threat Modeling project. |
| SAMM - Any Other Business | working-session | OWASP SAMM | Spare session to cover any other topics |
| SAMM - DevOps guidance | working-session | OWASP SAMM | Discussing the support for DevOps development based on SAMM v2 |
| SAMM - Editing agreements and parallel editing | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
| SAMM - Measurement model (Mon EV) | working-session | OWASP SAMM | Discussion on the new measurement model for the SAMM v2 project |
| SAMM - Measurement model (Mon PM) | working-session | OWASP SAMM | Discussion on the new measurement model for the SAMM v2 project |
| SAMM - Model Challenges (Tue) | working-session | OWASP SAMM | Discussing outstanding model challenges |
| SAMM - Model Challenges (Wed) | working-session | OWASP SAMM | Discussing outstanding model challenges |
| SAMM - Model discussions (Tue) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
| SAMM - Model discussions (Wed) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
| SAMM - Outreach program (Mon) | working-session | OWASP SAMM | Discussing the outreach for the OWASP SAMM project |
| SAMM - Outreach program (Tue) | working-session | OWASP SAMM | Discussing the outreach for the OWASP SAMM project |
| SAMM - Outreach wrap-up | working-session | OWASP SAMM | Deciding on the objectives and plans for outreach for the OWASP SAMM project |
| SAMM - Parallel editing (Thu AM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
| SAMM - Parallel editing (Thu PM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
| SAMM - Parallel editing (Tue) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
| SAMM - Parallel editing (Wed PM) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
| SAMM - Planning and Roadmap | working-session | OWASP SAMM | Spare session to cover any other topics |
| SAMM - SAMM benchmarking and tooling | working-session | OWASP SAMM | Discussion on data collection and bench marking |
| SAMM - SAMM documents and parallel editing (Wed AM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
| SAMM - Tooling | working-session | OWASP SAMM | Discussion on the tools that we're making available for SAMM |
| SAMMv2 - Threat Modeling | working-session | Threat Model | Discuss the SAMM threat modeling practice together with the SAMM team |
| Scaling API Security | working-session | Misc | |
| Schedule & Outcomes (#1) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (1st session) |
| Schedule & Outcomes (#2) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (2nd session) |
| Schedule & Outcomes (#3) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (3rd session) |
| Secrets Management | working-session | DevSecOps | Secrets Management in a DevSecOps world |
| Securing Kubernete's hosted APIs | working-session | Misc | |
| Securing the CI Pipeline | working-session | DevSecOps | Secure the CI/CD pipeline |
| Security Challenges - An Introduction | working-session | Misc | Introduction and overview |
| Security Challenges - Analyse others | working-session | Misc | What strategies are already in use? |
| Security Challenges - Analysis, Analogies | working-session | Misc | Next step, analyse cyber security in very general terms |
| Security Challenges - Collate others' strategies and assumptions | working-session | Misc | Collate results from Wednesday. |
| Security Challenges - Next step | working-session | Misc | Is this viable? Where do we go? |
| State and future of threat modeling | working-session | Threat Model | What is the current state of TM and where do we need to go? |
| Threat Model Cookbook Project (Part 1) | working-session | Threat Model | Kick off of the OWASP Threat Model Cookbook Project |
| Threat Model Cookbook Project (Part 2) | working-session | Threat Model | Let's add some threat models to the project! |
| Threat Modeling Training (#1) | working-session | Onboarding and Training | Training Threat Modeling (1st session) |
| Threat Modeling Training (#2) | working-session | Onboarding and Training | Training Threat Modeling (2nd session) |
| Threat Modeling Training (#3) | working-session | Onboarding and Training | Training Threat Modeling (3rd session) |
| Threat Modeling Training (Thu) | working-session | Onboarding and Training | Training Threat Modeling (1st session) |
| Threat pattern libraries | working-session | Threat Model | Starting the threat model threat model library project |
| TM maturity | working-session | Threat Model | How do we measure the maturity of TM |
| TM track introduction | working-session | Threat Model | Introduction of the TM track and way of working for this week |
| Towards a unified way of describing threat models | working-session | Threat Model | A presentation and discussion of a new language to describe a threat model |
| Track closure | working-session | Threat Model | Track closure |
| Using Cynefin Framework making strategic security decisions | working-session | Misc | Session on how to use Cynefin Framework making strategic security decisions |
| Wardley Mapping - Climatic Patterns and Using Doctrine | working-session | Wardley Maps | Wardley Mapping, Understanding Climatic Patterns and Using Doctrine |
| Wardley Mapping - Coordinating functions within a PST organisation | working-session | Wardley Maps | Coordinating functions within a PST organisation |
| Wardley Maps Training (#1) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
| Wardley Maps Training (#2) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
| Wardley Maps Training (#3) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
| Welcome & Content (#1) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (1st session) |
| Welcome & Content (#2) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (2nd session) |
| Welcome & Content (#3) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (3rd session) |
| ZAP working session - automation | working-session | OWASP Projects | Working session on ZAP automation |
| ZAP working session - future plans | working-session | OWASP Projects | Working sessions on ZAP future plans |
| ZAP working session - the HUD | working-session | OWASP Projects | Working session on the ZAP HUD |
| Ask me anything (AMA) on GDPR | user-session | Misc | Ask all the burning questions you have on GDPR |
| Creating Appsec metrics and visualisation | user-session | DevSecOps | AppSec Metrics and Visualisation |
| Introduction to Cynefin Framework | user-session | Misc | New to Cynefin Framework? This session is for you |
| Juice Shop 101 | user-session | OWASP Juice Shop | OWASP Juice Shop introduction for newbies |
| Juice Shop Contributor Onboarding | user-session | OWASP Juice Shop | OWASP Juice Shop introduction for new contributors |
| Mobile Security Testing Guide onboarding | user-session | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| Mobile Security Testing Guide onboarding (Session 2) | user-session | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| OWASP Mobile Security Testing Guide 101 | user-session | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| OWASP Mobile Security Testing Guide 101 (Session 2) | user-session | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
| SAMM user session - Introduction | user-session | OWASP SAMM | one of the 2 user sessions on the SAMM project |
| SAMM user session - Round-table | user-session | OWASP SAMM | one of the 2 user sessions on the SAMM project |
| Talking security risk to business - practical games to learn through failure | user-session | Wardley Maps | |
| Third Party Due Diligence | user-session | Misc | Session on problem and solution discussion |
| Using Wardley Maps and Cynefin for Security | user-session | Wardley Maps | An introduction to the Cynefin Framework, and its intersection with Wardley Maps, for Security |
| Using Wardley Maps on SOC | user-session | Wardley Maps | |
| WAFs - Understanding and measuring how they behave | user-session | DevSecOps | |
| Wardley Maps for Security | user-session | Wardley Maps | Practical session on using Wardley Maps for Security |
| Writing security tests to confirm vulnerabilities and fixes | user-session | DevSecOps | Hands on session writing security tests |
Pre-Summit Working Sessions
A number of Working Sessions are happening before the Summit, please see the details below and participate
| Title | Type | Track | Description |
|---|