Sessions List
Here are the Keynotes currently planned for the Summit
Title | Type | Track | Description |
---|---|---|---|
Lessons from the Legion | keynote | Sessions focusing on the strategic challenges facing security practioners | |
OWASP Juice Shop (Keynote) | keynote | Bjoern will introduce to us the OWASP Juice Shop, probably the most modern and sophisticated insecure web application | |
OWASP SAMM v2 | keynote | Update on the new version 2.0 of SAMM | |
OWASP ZAP Heads Up Display (HUD) | keynote | Demonstration of the new OWASP ZAP Heads Up Display (HUD) by Simon | |
Security Data Science | keynote | Expect Graphs, and Jypiter notebooks ... | |
The Cynefin framework | keynote | Dave presenting the Cynefin framework, a conceptual framework used to aid decision-making | |
The Mobile Security Testing Guide (MSTG) | keynote | The MSTG team is working hard on the new release of the Mobile Security Testing Guide (MSTG) during this summit. | |
The OWASP Top Ten Proactive Controls 2018 | keynote | Jim will cover the OWASP Top Ten Proactive Controls 2018, a list of security techniques that should be included in every software development project | |
Wardley maps | keynote | Simon presenting Wardley maps, and the use of topographical intelligence in business strategy |
Here are the Sessions currently planned for the Summit
Title | Type | Track | Description |
---|---|---|---|
Agile Practices for Security Teams | working-session | DevSecOps | Agile Practices for Security Teams |
Android and iOS Security Enhancements and Crackme Apps (Fri) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Mon Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Mon) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Thu Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Thu) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Tue) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Wed Eve) | working-session | OWASP MSTG | Updating the content of the MSTG |
Android and iOS Security Enhancements and Crackme Apps (Wed) | working-session | OWASP MSTG | Updating the content of the MSTG |
Application Security Verification Standard | working-session | OWASP Projects | Session on ASVS |
Cell based Structures for Security | working-session | Wardley Maps | Cell based Structures for Security - Small autonomous security teams and the use of Pioneers, Settlers and Town Planners (PST) |
Creating a generic diagram of a threat model | working-session | Threat Model | Creating a generic diagram of a threat model |
Creating a Security Champions network | working-session | DevSecOps | |
Creating a Threat Library | working-session | Threat Library Working Session | |
Creating an iOS build pipeline with security checks | working-session | OWASP MSTG | Brainstorming for a iOS pipeline with security checks |
Customising the Chaos Engineering Toolkit | working-session | Misc | Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns. |
Cyber Risk Modeling | working-session | Misc | Session on Risk Modeling |
Dealing with DevSecOps Findings | working-session | DevSecOps | How to deal with the security findings in an appsec pipeline and drive continuous improvement of the testing policies |
DevSecOps Maturity Model (DSOMM) | working-session | DevSecOps | DevSecOps Maturity Model (DSOMM) |
Emotional/Multiple Intelligence | working-session | Misc | |
From Threat Modeling to DevSecOps metrics | working-session | DevSecOps | |
Hand's on Wardley Maps creation | working-session | Wardley Maps | Want to have a go at creating your own Wardley maps? This training session will give you hands on experience in creating maps for multiple scenarios, with experienced practitioners on hand to guide and help you. |
How do Cyber Professionals protect themselves | working-session | ||
How do we persist the information from the TM Slack channel? | working-session | Threat Model | How do we persist the information from the TM Slack channel? |
Incremental Threat Modeling | working-session | Threat Model | How to scale Threat Modeling |
Integrating Security Tools in the SDL | working-session | DevSecOps | Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL |
Introduction to Wardley Maps | working-session | Wardley Maps | New to Wardley maps? This session is for you |
Jira Schemas | working-session | ||
Juice Shop Challenge Refactoring | working-session | OWASP Juice Shop | Refactoring the categories and difficulty ratings of the OWASP Juice Shop challenges |
Juice Shop Hack'n'Code (Mon) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
Juice Shop Hack'n'Code (Tue) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
Juice Shop Hack'n'Code (Wed) | working-session | OWASP Juice Shop | Coding for and hacking of the OWASP Juice Shop |
Juice Shop Release Night | working-session | OWASP Juice Shop | Go-live of new OWASP Juice Shop release |
Jupyter Training (#1) | working-session | Onboarding and Training | Training Jupyter (1st session) |
Jupyter Training (#2) | working-session | Onboarding and Training | Training Jupyter (2nd session) |
Jupyter Training (#3) | working-session | Onboarding and Training | Training Jupyter (3rd session) |
Lightweight privacy threat modeling using LINDDUN | working-session | Threat Model | Lightweight privacy threat modeling using LINDDUN |
Lightweight privacy threat modeling using LINDDUN Part II | working-session | Threat Model | Lightweight privacy threat modeling using LINDDUN Part II |
Mapping boot camp | working-session | Wardley Maps | Wardely Mapping boot camp - Zero to Mapping Hero - By Simon Wardley |
Mapping OWASP DevSecOps Maturity Model to SAMMv2 | working-session | OWASP SAMM | multiple working sessions on the new SAMMv2 |
Mobile AppSec Verification Standard (MASVS) | working-session | OWASP MSTG | Work on the open issues of the MASVS |
Mobile AppSec Verification Standard (MASVS) (Evening) | working-session | OWASP MSTG | Work on the open issues of the MASVS |
Mobile Basic Security Testing and Reverse Engineering (Evening Session) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Mon Evening) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Mon) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Thu) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Tue Evening) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Tue) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
Mobile Basic Security Testing and Reverse Engineering (Wed) | working-session | OWASP MSTG | Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG |
OSS BOT and Argumentation Models | working-session | ||
OWASP Application Security Curriculum Project | working-session | OWASP Projects | Kick-off session for the new AppSec Curriculum Project, to discuss goals, deliverables, roadmap, etc. |
OWASP community-docs | working-session | Misc | Documents related to community outreach promoting OWASP content |
OWASP HoneyPot | working-session | OWASP Projects | Session on OWASP Honeypot |
OWASP Media Project | working-session | OWASP Projects | Update project docs and plan the next phase of OWASP Media Project |
OWASP SAMM Training (#1) | working-session | Onboarding and Training | Training OWASP SAMM (1st session) |
OWASP SAMM Training (#2) | working-session | Onboarding and Training | Training OWASP SAMM (2nd session) |
OWASP SAMM Training (#3) | working-session | Onboarding and Training | Training OWASP SAMM (3rd session) |
Protecting JuiceShop with AWS WAF | working-session | ||
Real world Chaos Engineering | working-session | Misc | An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments. |
SAMM - Agile guidance | working-session | OWASP SAMM | Discussing the support for Agile development based on SAMM v2 |
SAMM - Alignment with other OWASP projects (Fri) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
SAMM - Alignment with other OWASP projects (Thu) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
SAMM - Alignment with other OWASP projects (Wed) | working-session | OWASP SAMM | Aligning the model with other OWASP projects. |
SAMM - Alignment with Threat Modeling | working-session | OWASP SAMM | Aligning the SAMM model with the Threat Modeling project. |
SAMM - Any Other Business | working-session | OWASP SAMM | Spare session to cover any other topics |
SAMM - DevOps guidance | working-session | OWASP SAMM | Discussing the support for DevOps development based on SAMM v2 |
SAMM - Editing agreements and parallel editing | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
SAMM - Measurement model (Mon EV) | working-session | OWASP SAMM | Discussion on the new measurement model for the SAMM v2 project |
SAMM - Measurement model (Mon PM) | working-session | OWASP SAMM | Discussion on the new measurement model for the SAMM v2 project |
SAMM - Model Challenges (Tue) | working-session | OWASP SAMM | Discussing outstanding model challenges |
SAMM - Model Challenges (Wed) | working-session | OWASP SAMM | Discussing outstanding model challenges |
SAMM - Model discussions (Tue) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
SAMM - Model discussions (Wed) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
SAMM - Outreach program (Mon) | working-session | OWASP SAMM | Discussing the outreach for the OWASP SAMM project |
SAMM - Outreach program (Tue) | working-session | OWASP SAMM | Discussing the outreach for the OWASP SAMM project |
SAMM - Outreach wrap-up | working-session | OWASP SAMM | Deciding on the objectives and plans for outreach for the OWASP SAMM project |
SAMM - Parallel editing (Thu AM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
SAMM - Parallel editing (Thu PM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
SAMM - Parallel editing (Tue) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
SAMM - Parallel editing (Wed PM) | working-session | OWASP SAMM | Parallel editing session to improve the content of the current model |
SAMM - Planning and Roadmap | working-session | OWASP SAMM | Spare session to cover any other topics |
SAMM - SAMM benchmarking and tooling | working-session | OWASP SAMM | Discussion on data collection and bench marking |
SAMM - SAMM documents and parallel editing (Wed AM) | working-session | OWASP SAMM | Discussion on the different SAMM documents and content editing. |
SAMM - Tooling | working-session | OWASP SAMM | Discussion on the tools that we're making available for SAMM |
SAMMv2 - Threat Modeling | working-session | Threat Model | Discuss the SAMM threat modeling practice together with the SAMM team |
Scaling API Security | working-session | Misc | |
Schedule & Outcomes (#1) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (1st session) |
Schedule & Outcomes (#2) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (2nd session) |
Schedule & Outcomes (#3) | working-session | Onboarding and Training | OSS Onboarding - Schedule Outcomes (3rd session) |
Secrets Management | working-session | DevSecOps | Secrets Management in a DevSecOps world |
Securing Kubernete's hosted APIs | working-session | Misc | |
Securing the CI Pipeline | working-session | DevSecOps | Secure the CI/CD pipeline |
Security Challenges - An Introduction | working-session | Misc | Introduction and overview |
Security Challenges - Analyse others | working-session | Misc | What strategies are already in use? |
Security Challenges - Analysis, Analogies | working-session | Misc | Next step, analyse cyber security in very general terms |
Security Challenges - Collate others' strategies and assumptions | working-session | Misc | Collate results from Wednesday. |
Security Challenges - Next step | working-session | Misc | Is this viable? Where do we go? |
State and future of threat modeling | working-session | Threat Model | What is the current state of TM and where do we need to go? |
Threat Model Cookbook Project (Part 1) | working-session | Threat Model | Kick off of the OWASP Threat Model Cookbook Project |
Threat Model Cookbook Project (Part 2) | working-session | Threat Model | Let's add some threat models to the project! |
Threat Modeling Training (#1) | working-session | Onboarding and Training | Training Threat Modeling (1st session) |
Threat Modeling Training (#2) | working-session | Onboarding and Training | Training Threat Modeling (2nd session) |
Threat Modeling Training (#3) | working-session | Onboarding and Training | Training Threat Modeling (3rd session) |
Threat Modeling Training (Thu) | working-session | Onboarding and Training | Training Threat Modeling (1st session) |
Threat pattern libraries | working-session | Threat Model | Starting the threat model threat model library project |
TM maturity | working-session | Threat Model | How do we measure the maturity of TM |
TM track introduction | working-session | Threat Model | Introduction of the TM track and way of working for this week |
Towards a unified way of describing threat models | working-session | Threat Model | A presentation and discussion of a new language to describe a threat model |
Track closure | working-session | Threat Model | Track closure |
Using Cynefin Framework making strategic security decisions | working-session | Misc | Session on how to use Cynefin Framework making strategic security decisions |
Wardley Mapping - Climatic Patterns and Using Doctrine | working-session | Wardley Maps | Wardley Mapping, Understanding Climatic Patterns and Using Doctrine |
Wardley Mapping - Coordinating functions within a PST organisation | working-session | Wardley Maps | Coordinating functions within a PST organisation |
Wardley Maps Training (#1) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
Wardley Maps Training (#2) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
Wardley Maps Training (#3) | working-session | Onboarding and Training | New to Wardley maps? This session is for you |
Welcome & Content (#1) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (1st session) |
Welcome & Content (#2) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (2nd session) |
Welcome & Content (#3) | working-session | Onboarding and Training | OSS Onboarding - Welcome and Content (3rd session) |
ZAP working session - automation | working-session | OWASP Projects | Working session on ZAP automation |
ZAP working session - future plans | working-session | OWASP Projects | Working sessions on ZAP future plans |
ZAP working session - the HUD | working-session | OWASP Projects | Working session on the ZAP HUD |
Ask me anything (AMA) on GDPR | user-session | Misc | Ask all the burning questions you have on GDPR |
Creating Appsec metrics and visualisation | user-session | DevSecOps | AppSec Metrics and Visualisation |
Introduction to Cynefin Framework | user-session | Misc | New to Cynefin Framework? This session is for you |
Juice Shop 101 | user-session | OWASP Juice Shop | OWASP Juice Shop introduction for newbies |
Juice Shop Contributor Onboarding | user-session | OWASP Juice Shop | OWASP Juice Shop introduction for new contributors |
Mobile Security Testing Guide onboarding | user-session | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
Mobile Security Testing Guide onboarding (Session 2) | user-session | OWASP MSTG | MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
OWASP Mobile Security Testing Guide 101 | user-session | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
OWASP Mobile Security Testing Guide 101 (Session 2) | user-session | OWASP MSTG | MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed) |
SAMM user session - Introduction | user-session | OWASP SAMM | one of the 2 user sessions on the SAMM project |
SAMM user session - Round-table | user-session | OWASP SAMM | one of the 2 user sessions on the SAMM project |
Talking security risk to business - practical games to learn through failure | user-session | Wardley Maps | |
Third Party Due Diligence | user-session | Misc | Session on problem and solution discussion |
Using Wardley Maps and Cynefin for Security | user-session | Wardley Maps | An introduction to the Cynefin Framework, and its intersection with Wardley Maps, for Security |
Using Wardley Maps on SOC | user-session | Wardley Maps | |
WAFs - Understanding and measuring how they behave | user-session | DevSecOps | |
Wardley Maps for Security | user-session | Wardley Maps | Practical session on using Wardley Maps for Security |
Writing security tests to confirm vulnerabilities and fixes | user-session | DevSecOps | Hands on session writing security tests |
Pre-Summit Working Sessions
A number of Working Sessions are happening before the Summit, please see the details below and participate
Title | Type | Track | Description |
---|