Tracks

Here are the current Tracks (with multiple Working Sessions)

Working Sessions for CISOs

Schedule

See this page for the current schedule

Working Sessions 9

Here are the working sessions that are currently being planned for this track.

Title Track Description
CISO roundtable CISO Session on Risk Modeling
Cell based Structures for Security CISO Spotify compliant organizational model in …
Cyber Insurance CISO Session on Cyber Insurance
Cyber Risk Modeling CISO Session on Risk Modeling
Integrating Security into an Spotify Model CISO Best practice cheat sheet for integrating …
OWASP Collective Defence Cluster (CDC) CISO
Recruiting AppSec Talent CISO
Vulnerability Intelligence Working Group CISO Working session with OWASP leaders, MITRE, …
Want to become an CISO? CISO Working Session for CISOs

User Sessions 1

Here are the users sessions that are currently being planned for this track.

Title Track Description
Wardley Mapping – a practical session on how to use value chain mapping CISO Practical session on how to use value chain …

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

This track is focused on Chaos Engineering

Schedule

See this page for the current schedule

Working Sessions 3

Here are the working sessions that are currently being planned for this track.

Title Track Description
Creating a Steady-State Hypothesis Chaos Engineering Exploring the Chaos Toolkit's stead-state …
Customising the Chaos Toolkit Chaos Engineering Practical Guide to Extending the Chaos …
Real world Chaos Engineering Chaos Engineering An exploration and working session to …

User Sessions 1

Here are the users sessions that are currently being planned for this track.

Title Track Description
Hands on Chaos Experiments Chaos Engineering

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

This track is focused on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines.

Schedule

See this page for the current schedule

Working Sessions 13

Here are the working sessions that are currently being planned for this track.

Title Track Description
Adding security to VSTS pipeline DevSecOps DevSecOps: adding security testing, review …
Agile Practices for Security Teams DevSecOps Agile Practices for Security Teams
AppSec SOC Monitoring Visualisation DevSecOps AppSec SOC Monitoring Visualisation
Defining a Security Champion DevSecOps
DevSecOps Maturity Model (DSOMM) DevSecOps DevSecOps Maturity Model (DSOMM)
Integrating Security Tools in the SDL DevSecOps Integrate security tools as part of CI/CD …
OWASP Defect Dojo DevSecOps Working Sessions for Owasp Defect Dojo
Owasp Cloud Security Workshop (BETA) DevSecOps A beta session of the OWASP Cloud Security …
Securing GitHub Integrations DevSecOps How to secure Github Integrations
Securing the CI Pipeline DevSecOps Secure the CI/CD pipeline
Security Crowdsourcing DevSecOps Working Sessions for Security Crowdsourcing
Web Application Honeypot DevSecOps
WebAuthn - Getting started workshop DevSecOps

User Sessions 2

Here are the users sessions that are currently being planned for this track.

Title Track Description
Creating Appsec metrics and visualisation DevSecOps AppSec Metrics and Visualisation
Integrating Security Tools in the SDL using OWASP DevSecOps Studio DevSecOps Using DevSecOps studio to learn and teach …

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

Summary

GDPR related sessions

Schedule

See this page for the current schedule

Working Sessions 8

Here are the working sessions that are currently being planned for this track.

Title Track Description
Creating a standard for GDPR patterns GDPR Working Session on reviewing and agreeing on …
DPO how to become one GDPR What is the best way to become an DPO (Data …
DPO what to expect GDPR What should be expected of DPOs (Data …
European GDPR variations GDPR Mapping out the multiple differences across …
GDPR Appropriate Security Controls GDPR Map out what these are and what is the best …
GDPR Compliance what does it mean? GDPR Now that GDPR is in force, what does GDPR …
Gamification of GDPR compliance GDPR How to create positive feedback loops between …
Meet the ICO GDPR If you could meet the ICO, what questions …

User Sessions 3

Here are the users sessions that are currently being planned for this track.

Title Track Description
Hands-on GDPR Patterns GDPR Using GDPR Patterns
Using Threat Models for GDPR GDPR Hands on user session on how to use Threat …
Using graphs for GDPR mappings and visualisations GDPR Hands on sessions of mapping GDPR data to …

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

Misc Sessions on multiple topics

Schedule

See this page for the current schedule

Working Sessions 20

Here are the working sessions that are currently being planned for this track.

Title Track Description
Application Security Verification Standard Misc Session on ASVS
Ask me anything (AMA) - Meet the Experts Misc Ask all the burning questions you have to …
Automation of MASVS with BDD Misc Mobile Security Working Session
Cloud brokerage - authentication and authorisation Misc Playbooks are workflows and prescriptive …
Creation of Security Buttons Misc Agile Practices for Security Teams
Getting more women in Cyber-security Misc Why is there a persistent gap when it comes …
Incident Response - simulations Misc Incident response simulations and role play …
Jira (how to use it) Misc How to use Jira for risk management, incident …
Juice Shop Brainstorming Misc Brainstorming and designing new hacking …
Juice Shop Coding Day Misc Hands-on coding session series to implement …
Lessons learned from public bug bounties programmes Misc List of top 10 lessons from bug bounty …
MSc Appication Security Misc a core set of learning objectives for MSc …
Owasp Securetea tools project Misc owasp small iot tools project …
Owasp Testing Guide v5 Misc Working Sessions for Owasp Testing Guide v5
Project Management Misc The press release concept of project …
Reboot Owasp Books Project Misc
Security Playbooks Misc Playbooks are workflows and prescriptive …
Update MSTG with changes in Android 8 (Oreo) Misc Mobile Security Working Session
Update MSTG with changes in iOS 11 Misc Mobile Security Working Session
Using JIRA for incident response Misc DevSecOps Maturity Model (DSOMM)

User Sessions 2

Here are the users sessions that are currently being planned for this track.

Title Track Description
Creating Open Source Avatao exercises Misc
Running CTF Games with OWASP Juice Shop Misc Running / hosting CTF games with OWASP …

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

Several OWASP SAMM Working-Sessions will form part of the OWASP summit.

The SAMM Summit is not a regular conference with speaking slots, but a summit where the participants work together in a 5-day sprint on SAMMv2. If you are interested in contributing to this, you are most welcome (knowledge of SAMM or other secure development methodology experience is a prerequisite).

This is an excellent opportunity to influence the direction of SAMM and exchange experiences with your peers.

Schedule

See this page for the current schedule

Working Sessions 11

Here are the working sessions that are currently being planned for this track.

Title Track Description
SAMM DevSecOps Version Owasp SAMM Create a totally new SAMM DevSecOps version
SAMM Project Meeting Owasp SAMM Project meeting to review the status and …
SAMM benchmarking Owasp SAMM Define objectives for the SAMM benchmarking …
SAMM2 Kickoff Owasp SAMM Kickoff session for the summit
SAMMv2 Establish the Document Model Owasp SAMM Define SAMMv2 document Model
SAMMv2 Measurement Model Owasp SAMM Define SAMMv2 measurement model
SAMMv2 working session - Design Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Governance Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Implementation Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Operations Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Verification Owasp SAMM multiple working sessions on the new SAMMv2

User Sessions 3

Here are the users sessions that are currently being planned for this track.

Title Track Description
OwaspSAMM - Best Practices Owasp SAMM User session on how to use Owasp SAMM
SAMM Introduction Owasp SAMM Round table session with SAMM users
SAMM Introduction Owasp SAMM Introduction session on SAMM for people who …

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

Track focused on creating Security Quizzes

Schedule

See this page for the current schedule

Working Sessions 21

Here are the working sessions that are currently being planned for this track.

User Sessions 5

Here are the users sessions that are currently being planned for this track.

Title Track Description
Creating Security Quizzes Security Quiz
Security Quiz Night (Mon) Security Quiz
Security Quiz Night (Thu) Security Quiz
Security Quiz Night (Tue) Security Quiz
Security Quiz Night (Wed) Security Quiz

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata

Summary

Work on multiple Threat Modeling topics and improve existing materials.

Schedule

See this page for the current schedule

Working Sessions 12

Here are the working sessions that are currently being planned for this track.

Title Track Description
API Threat Modeling Cheat Sheet Threat Model API Threat Modeling Cheat Sheet
Attack chains as TM technique Threat Model Threat Modeling Working Session
Back to the future with Threat Modeling Threat Model Back to the future with Threat Modeling
Define a Risk Pattern format Threat Model Define a structure for defining re-usable …
Describe different ways of implementing TM in agile organisations Threat Model
Docker and Kubernetes Threat Modeling Cheat Sheet Threat Model Docker and Kubernetes Threat Modeling Cheat …
Federated Login with Social Platforms Threat Modeling Cheat Sheet Threat Model Federated Login with Social Platforms Threat …
How to Threat Model Features with Questionnaires Threat Model How to Threat Model Features with …
How to scale Threat Modeling. Threat Model How to scale Threat Modeling
IoT Threat Modeling Cheat Sheet Threat Model IoT Threat Modeling Cheat Sheet
Threat Model training through Gamification Threat Model Threat Model training through Gamification
Threat model cheat sheets Threat Model Threat Modeling Working Session

User Sessions 1

Here are the users sessions that are currently being planned for this track.

Title Track Description
Update Threat Modeling pages on owasp web site Threat Model Threat Modeling User Session

Please Help

If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.

Metadata