Summit Schedule

Here is the current (under contruction) summit Schedule. The summit will run June 4-8, 2018.

Note that we are still mapping a number of sessions and tracks, so if you need a particular session to occur on a particular day, now is the time to make sure it is on the right place.

By Tracks

Monday Tuesday Wednesday Thursday Friday
Chaos Engineering
GDPR
Owasp SAMM
Security Quiz
Threat Model
CISO
DevSecOps
GDPR
Owasp SAMM
Security Quiz
Threat Model
DevSecOps
GDPR
Owasp SAMM
Security Quiz
Threat Model
CISO
DevSecOps
GDPR
Owasp SAMM
Security Quiz
Threat Model
Security Quiz
Threat Model

By Sessions

CISO

when day Tue,Thu
description Working Sessions for CISOs
organizers Tony Richards


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Cell based Structures for Security
Recruiting AppSec Talent
PM-1
13:30 - 15:00
Integrating Security into an Spotify Model
OWASP Collective Defence Cluster (CDC)
Want to become an CISO?
Vulnerability Intelligence Working Group
Wardley Mapping – a practical session on how to use value chain mapping
PM-2
15:30 - 16:30
Cyber Insurance
CISO roundtable
Eve-1
19:30 - 21:00
Cyber Risk Modeling
Sessions not mapped to an day and time

(back to all track's schedule)

Chaos Engineering

when day Mon
description Sessions focusing on Chaos Engineering
organizers Russ Miles


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Creating a Steady-State Hypothesis
PM-1
13:30 - 15:00
Customising the Chaos Toolkit
PM-2
15:30 - 16:30
Hands on Chaos Experiments
PM-3
16:30 - 17:30
Real world Chaos Engineering
Sessions not mapped to an day and time

(back to all track's schedule)

DevSecOps

when day Tue Wed Thu
description Sessions focusing on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines
organizers Imran Mohammed A , Francois Raynaud


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Securing GitHub Integrations
Securing the CI Pipeline
Integrating Security Tools in the SDL
WebAuthn - Getting started workshop
PM-1
13:30 - 15:00
Agile Practices for Security Teams
Integrating Security Tools in the SDL using OWASP DevSecOps Studio
OWASP Defect Dojo
Creating Appsec metrics and visualisation
Securing the CI Pipeline
DevSecOps Maturity Model (DSOMM)
Integrating Security Tools in the SDL
PM-2
15:30 - 16:30
Owasp Cloud Security Workshop (BETA)
OWASP Defect Dojo
AppSec SOC Monitoring Visualisation
DevSecOps Maturity Model (DSOMM)
PM-3
16:30 - 17:30
Owasp Cloud Security Workshop (BETA)
Defining a Security Champion
OWASP Defect Dojo
Security Crowdsourcing
AppSec SOC Monitoring Visualisation
DevSecOps Maturity Model (DSOMM)
Web Application Honeypot
Eve-1
19:30 - 21:00
Incident handling with DarkTrace
Dependency management using Snyk
Integrate securityheaders.com in CI pipeline
JIRA Risk Workflow
Eve-2
21:00 - 23:00
Writing Akamai rules
Writing Checkmarx SAST rules
Using The Hive for Incident Response
Using Veracode SAST Engine
Sessions not mapped to an day and time

(back to all track's schedule)

GDPR

when day Mon,Tue,Wed,Thu
description From GDPR Appropriate Security Controls to Real world GDPR practices, this is where the real GDPR security experts will be
organizers Tony Richards , Dinis Cruz


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Creating a standard for GDPR patterns
Gamification of GDPR compliance
Meet the ICO
PM-1
13:30 - 15:00
GDPR Compliance what does it mean?
Hands-on GDPR Patterns
DPO how to become one
PM-2
15:30 - 16:30
European GDPR variations
Using graphs for GDPR mappings and visualisations
DPO what to expect
Eve-1
19:30 - 21:00
Using Threat Models for GDPR
Eve-2
21:00 - 23:00
GDPR Appropriate Security Controls
Sessions not mapped to an day and time

(back to all track's schedule)

Misc

when day
description Misc Sessions on multiple topics
organizers


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Update MSTG with changes in Android 8 (Oreo)
Application Security Verification Standard
Update MSTG with changes in iOS 11
Creation of Security Buttons
Juice Shop Coding Day
PM-1
13:30 - 15:00
Ask me anything (AMA) - Meet the Experts
Creating Open Source Avatao exercises
Jira (how to use it)
MSc Appication Security
Project Management
Running CTF Games with OWASP Juice Shop
Update MSTG with changes in Android 8 (Oreo)
Getting more women in Cyber-security
Update MSTG with changes in iOS 11
Juice Shop Coding Day
Owasp Securetea tools project
Using JIRA for incident response
PM-2
15:30 - 16:30
Creating Open Source Avatao exercises
Update MSTG with changes in Android 8 (Oreo)
Update MSTG with changes in iOS 11
Juice Shop Coding Day
Owasp Testing Guide v5
Using JIRA for incident response
PM-3
16:30 - 17:30
Lessons learned from public bug bounties programmes
Update MSTG with changes in Android 8 (Oreo)
Juice Shop Brainstorming
Update MSTG with changes in iOS 11
Juice Shop Coding Day
Owasp Testing Guide v5
Using JIRA for incident response
Eve-1
19:30 - 21:00
Cloud brokerage - authentication and authorisation
Reboot Owasp Books Project
Incident Response - simulations
Security Playbooks
Sessions not mapped to an day and time

(back to all track's schedule)

Owasp SAMM

when day Mon,Tue,Wed,Thu
description Register for this track to join a group working together in a 5-day sprint on SAMMv2
organizers


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
SAMM2 Kickoff
SAMMv2 working session - Governance
SAMMv2 working session - Verification
SAMM Project Meeting
PM-1
13:30 - 15:00
OwaspSAMM - Best Practices
SAMMv2 Measurement Model
SAMMv2 working session - Implementation
SAMMv2 Establish the Document Model
PM-2
15:30 - 16:30
SAMM Introduction
SAMM benchmarking
Eve-1
19:30 - 21:00
SAMM DevSecOps Version
Sessions not mapped to an day and time

(back to all track's schedule)

Security Quiz

when day Mon,Tue,Wed,Thu,Fri
description
organizers


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Security Quiz team briefing
Review quiz answers from Mon
Security Ethics Checklist
Create Docker Security Quiz
Review quiz answers from Tue
Review quiz answers from Wed
Review quiz answers from Thu
PM-1
13:30 - 15:00
Transform OWASP Exam into Quiz
Create Security Ethics Checklist Quiz
Create PHP Security Quiz
Create Security Economics Quiz
Creating Security Quizzes
Consolidate and process all Security Quiz data
PM-2
15:30 - 16:30
Create Owasp Top 10 Quiz
Create AWS Security Quiz
Create NodeJS Security Quiz
Create Owasp AWS Security Quiz
Consolidate and process all Security Quiz data
PM-3
16:30 - 17:30
Create .Net Security Quiz
Create Java Security Quiz
Create Perl Security Quiz
Prepare friday Quiz session
Present Security Quiz Data
Eve-1
19:30 - 21:00
Security Quiz Night (Mon)
Security Quiz Night (Tue)
Security Quiz Night (Wed)
Security Quiz Night (Thu)
Sessions not mapped to an day and time

(back to all track's schedule)

Threat Model

when day Mon,Tue,Wed,Thu,Fri
description With Working Sessions such as Attack chains as TM technique and Threat Model cheat sheets
organizers


Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Describe different ways of implementing TM in agile organisations
Threat model cheat sheets
IoT Threat Modeling Cheat Sheet
PM-1
13:30 - 15:00
API Threat Modeling Cheat Sheet
Docker and Kubernetes Threat Modeling Cheat Sheet
PM-2
15:30 - 16:30
Attack chains as TM technique
How to Threat Model Features with Questionnaires
How to scale Threat Modeling.
PM-3
16:30 - 17:30
Back to the future with Threat Modeling
Federated Login with Social Platforms Threat Modeling Cheat Sheet
Threat Model training through Gamification
Eve-1
19:30 - 21:00
Using a Rules Engine and Risk Patterns with IriusRisk
Update Threat Modeling pages on owasp web site
Eve-2
21:00 - 23:00
Update Threat Modeling pages on owasp web site
Sessions not mapped to an day and time

(back to all track's schedule)