Working Sessions

We passionately believe the hard problems and challenges that our industry faces can only be solved by working together, in a collaborative and open environment.

This Summit is such an event, where the community comes together, and works tirelessly on topics that they are passionate about.

As you can see from the tracks, outcomes, attendees and photos from last year’s Summit, this explosive combination of talent, challenges and enclosed location (venue and villas) creates a highly productive environment.

Where else in the world do you find 15 x Threat Modeling experts, thought-leaders and practitioners? The main authors of the OWASP Mobile testing guide working together in a room on the next version? A mix of OWASP leaders, developers, security engineers, security champions, pentesters, architects, risk experts, business analysts , heads of Security, CISOs, researchers (and many other roles) in the same room, all working together, sharing knowledge and creating tangible and usable outcomes.

The format of the Summit is based on Working Sessions, which are designed to maximise collaboration and participation. The focus and objectives of these sessions are determined by you (the onsite or remote participant), all we do is to set the stage for magic to happen!

See also the planned User Sessions

Summit Working Sessions

Here are the Working Sessions currently planned for the Summit

Title Track Description
API Threat Modeling Cheat Sheet Threat Model API Threat Modeling Cheat Sheet
AWS Lambda Security How to secure Lambda functions
Adding security to VSTS pipeline DevSecOps DevSecOps: adding security testing, review and configurations to a VSTS pipeline
Agile Practices for Security Teams DevSecOps Agile Practices for Security Teams
AppSec SOC Monitoring Visualisation DevSecOps AppSec SOC Monitoring Visualisation
Application Security Verification Standard Misc Session on ASVS
Ask me anything (AMA) - Meet the Experts Misc Ask all the burning questions you have to those in industry
Attack chains as TM technique Threat Model Threat Modeling Working Session
Automation of MASVS with BDD Misc Mobile Security Working Session
Back to the future with Threat Modeling Threat Model Back to the future with Threat Modeling
CISO roundtable CISO Session on Risk Modeling
Cell based Structures for Security CISO Spotify compliant organizational model in security domain
Cloud brokerage - authentication and authorisation Misc Playbooks are workflows and prescriptive instructions on how to handle specific Security activities or incidents
Consolidate and process all Security Quiz data Security Quiz
Create .Net Security Quiz Security Quiz
Create AWS Security Quiz Security Quiz
Create Docker Security Quiz Security Quiz
Create Java Security Quiz Security Quiz
Create NodeJS Security Quiz Security Quiz
Create Owasp AWS Security Quiz Security Quiz
Create Owasp Top 10 Quiz Security Quiz
Create PHP Security Quiz Security Quiz
Create Perl Security Quiz Security Quiz
Create Security Economics Quiz Security Quiz
Create Security Ethics Checklist Quiz Security Quiz
Creating a Steady-State Hypothesis Chaos Engineering Exploring the Chaos Toolkit's stead-state hypothesis and how one can be designed and constructed for DevSecOps concerns.
Creating a standard for GDPR patterns GDPR Working Session on reviewing and agreeing on a set of GDPR patterns
Creation of Security Buttons Misc Agile Practices for Security Teams
Customising the Chaos Toolkit Chaos Engineering Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns.
Cyber Insurance CISO Session on Cyber Insurance
Cyber Risk Modeling CISO Session on Risk Modeling
DPO how to become one GDPR What is the best way to become an DPO (Data Protection Officer)
DPO what to expect GDPR What should be expected of DPOs (Data Protection Officers)
Define a Risk Pattern format Threat Model Define a structure for defining re-usable risk patterns
Defining a Security Champion DevSecOps
Describe different ways of implementing TM in agile organisations Threat Model
DevSecOps Maturity Model (DSOMM) DevSecOps DevSecOps Maturity Model (DSOMM)
Docker and Kubernetes Threat Modeling Cheat Sheet Threat Model Docker and Kubernetes Threat Modeling Cheat Sheet
European GDPR variations GDPR Mapping out the multiple differences across the EU
Federated Login with Social Platforms Threat Modeling Cheat Sheet Threat Model Federated Login with Social Platforms Threat Modeling Cheat Sheet
GDPR Appropriate Security Controls GDPR Map out what these are and what is the best way to measure them
GDPR Compliance what does it mean? GDPR Now that GDPR is in force, what does GDPR Compliance mean and how to measure it
Gamification of GDPR compliance GDPR How to create positive feedback loops between the multiple teams aiming for GDPR Compliance
Getting more women in Cyber-security Misc Why is there a persistent gap when it comes to gender balance in security? How can we as security professionals ensure there is a fair chance and representation for all?
How to Threat Model Features with Questionnaires Threat Model How to Threat Model Features with Questionnaires
How to scale Threat Modeling. Threat Model How to scale Threat Modeling
Incident Response - simulations Misc Incident response simulations and role play scenarios
Integrating Security Tools in the SDL DevSecOps Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL
Integrating Security into an Spotify Model CISO Best practice cheat sheet for integrating Agile Security into the Spotify model
IoT Threat Modeling Cheat Sheet Threat Model IoT Threat Modeling Cheat Sheet
JIRA Risk Workflow DevSecOps This Working Session should result in an improved JIRA Risk Workflow
Jira (how to use it) Misc How to use Jira for risk management, incident response and managing a team
Juice Shop Brainstorming Misc Brainstorming and designing new hacking challenges and other features for OWASP Juice Shop and its CTF-extension.
Juice Shop Coding Day Misc Hands-on coding session series to implement new challenges and other features in OWASP Juice Shop and its CTF-extension project.
Lessons learned from public bug bounties programmes Misc List of top 10 lessons from bug bounty experts and guidelines on improving bug bounty programmes
MSc Appication Security Misc a core set of learning objectives for MSc level Application Security curricula (through online survey)
Meet the ICO GDPR If you could meet the ICO, what questions would you ask
OWASP Collective Defence Cluster (CDC) CISO
OWASP Defect Dojo DevSecOps Working Sessions for Owasp Defect Dojo
Owasp Cloud Security Workshop (BETA) DevSecOps A beta session of the OWASP Cloud Security Workshop (not to be scheduled on the Tuesday)
Owasp Securetea tools project Misc owasp small iot tools project https://www.owasp.org/index.php/OWASP_SecureTea_Project
Owasp Testing Guide v5 Misc Working Sessions for Owasp Testing Guide v5
Pixi Roadmap and Enhancement DecSecOps
Prepare friday Quiz session Security Quiz
Present Security Quiz Data Security Quiz
Project Management Misc The press release concept of project management
Real world Chaos Engineering Chaos Engineering An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments.
Reboot Owasp Books Project Misc
Recruiting AppSec Talent CISO
Review quiz answers from Mon Security Quiz
Review quiz answers from Thu Security Quiz
Review quiz answers from Tue Security Quiz
Review quiz answers from Wed Security Quiz
SAMM DevSecOps Version Owasp SAMM Create a totally new SAMM DevSecOps version
SAMM Project Meeting Owasp SAMM Project meeting to review the status and update the plan for SAMM2
SAMM benchmarking Owasp SAMM Define objectives for the SAMM benchmarking project as part of SAMMv2
SAMM2 Kickoff Owasp SAMM Kickoff session for the summit
SAMMv2 Establish the Document Model Owasp SAMM Define SAMMv2 document Model
SAMMv2 Measurement Model Owasp SAMM Define SAMMv2 measurement model
SAMMv2 working session - Design Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Governance Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Implementation Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Operations Owasp SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Verification Owasp SAMM multiple working sessions on the new SAMMv2
Securing GitHub Integrations DevSecOps How to secure Github Integrations
Securing the CI Pipeline DevSecOps Secure the CI/CD pipeline
Security Crowdsourcing DevSecOps Working Sessions for Security Crowdsourcing
Security Ethics Checklist Security Quiz
Security Playbooks Misc Playbooks are workflows and prescriptive instructions on how to handle specific Security activities or incidents.
Security Quiz team briefing Security Quiz
Threat Model training through Gamification Threat Model Threat Model training through Gamification
Threat model cheat sheets Threat Model Threat Modeling Working Session
Transform OWASP Exam into Quiz Security Quiz
Update MSTG with changes in Android 8 (Oreo) Misc Mobile Security Working Session
Update MSTG with changes in iOS 11 Misc Mobile Security Working Session
Using JIRA for incident response Misc DevSecOps Maturity Model (DSOMM)
Vulnerability Intelligence Working Group CISO Working session with OWASP leaders, MITRE, NIST, and other agencies
Want to become an CISO? CISO Working Session for CISOs
Web Application Honeypot DevSecOps
WebAuthn - Getting started workshop DevSecOps

Pre-Summit Working Sessions

A number of Working Sessions are happening before the Summit, please see the details below and participate

Title Track Description