Working Sessions

We passionately believe the hard problems and challenges that our industry faces can only be solved by working together, in a collaborative and open environment.

This Summit is such an event, where the community comes together, and works tirelessly on topics that they are passionate about.

As you can see from the tracks, outcomes, attendees and photos from last year’s Summit, this explosive combination of talent, challenges and enclosed location (venue and villas) creates a highly productive environment.

Where else in the world do you find 15 x Threat Modeling experts, thought-leaders and practitioners? The main authors of the OWASP Mobile testing guide working together in a room on the next version? A mix of OWASP leaders, developers, security engineers, security champions, pentesters, architects, risk experts, business analysts , heads of Security, CISOs, researchers (and many other roles) in the same room, all working together, sharing knowledge and creating tangible and usable outcomes.

The format of the Summit is based on Working Sessions, which are designed to maximise collaboration and participation. The focus and objectives of these sessions are determined by you (the onsite or remote participant), all we do is to set the stage for magic to happen!

See also the planned User Sessions

Summit Working Sessions

Here are the Working Sessions currently planned for the Summit

Title Track Description
API Threat Modeling Cheat Sheet Threat Model API Threat Modeling Cheat Sheet
Agile Practices for Security Teams DevSecOps Agile Practices for Security Teams
Application Security Verification Standard Owasp Projects Session on ASVS
Attack chains as TM technique Threat Model Threat Modeling Working Session
Azure Serverless for security Serverless
CISO Ask Me Anything (AMA) CISO Session on Risk Modeling
Cell based Structures for Security Maps and Graphs Spotify compliant organizational model in security domain
Create Wardley Maps for multiple security scenarios Maps and Graphs Practical session on creating [Wardley Maps]
Creating a Security Champions network DevSecOps
Creating content session OWASP Mobile Security Testing Guide Updating the content of the MSTG
Customising the Chaos Engineering Toolkit API Security Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns.
Cyber Insurance CISO Session on Cyber Insurance
Cyber Risk Modeling CISO Session on Risk Modeling
Cynefin Framework for Security Maps and Graphs Cynefin Framework for Security
Describe different ways of implementing TM in agile organisations Threat Model
DevSecOps Maturity Model (DSOMM) DevSecOps DevSecOps Maturity Model (DSOMM)
From Threat Modeling to DevSecOps metrics DevSecOps
GCP Serverless for security Serverless
Hacking ML Applications Machine Learning
How to scale Threat Modeling. Threat Model How to scale Threat Modeling
Integrating Security Tools in the SDL Security Automation Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL
Juice Shop Difficulty Calibration OWASP Juice Shop Calibrating the difficulty rating of the OWASP Juice Shop challenges
Juice Shop Hack'n'Code I OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code II OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code III OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code IV OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
ML for Scaling Security Analysis Machine Learning
Meet the ICO PSD2 and GDPR If you could meet the ICO, what questions would you ask
OWASP Collective Defence Cluster (CDC) - two years on CISO
Owasp Testing Guide v5 Owasp Projects Working Sessions for Owasp Testing Guide v5
Owasp Top 5 Machine Learning risks Owasp Projects
PSD2 Security PSD2 and GDPR Security implications of the new PSD2 standard
Real world Chaos Engineering API Security An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments.
Real world ML case-studies Machine Learning
Restructure session OWASP Mobile Security Testing Guide Restructuring the contents of the MSTG
SAMM DevSecOps Version OWASP SAMM Create a totally new SAMM DevSecOps version
SAMM benchmarking OWASP SAMM Define objectives for the SAMM benchmarking project as part of SAMMv2
SAMMv2 Establish the Document Model OWASP SAMM Define SAMMv2 document Model
SAMMv2 Measurement Model OWASP SAMM Define SAMMv2 measurement model
SAMMv2 working session - Design OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Governance OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Implementation OWASP SAMM multiple working sessions on the new SAMMv2
SOC Monitoring Visualisation Security Automation AppSec SOC Monitoring Visualisation
Scaling API Security API Security
Securing Kubernete's hosted APIs API Security
Securing Serverless applications Serverless
Securing the CI Pipeline DevSecOps Secure the CI/CD pipeline
Share your Threat Models diagrams and create a Book Threat Model
Share your playbooks and release them under Creative Commons DevSecOps Session to consolidate and publish anonymised real-word playbooks
Share your security polices and release them under CC PSD2 and GDPR Map out what these are and what is the best way to measure them
Using Data Science for log analysis Maps and Graphs Find out ways to use Data Science for log analysis
Using Lambda functions to scale security teams Machine Learning
Using Lambda functions to scale security teams Serverless
Using Threat Models for GDPR PSD2 and GDPR Hands on user session on how to use Threat Models in GDPR mappings
Using User Story Mapping for effective communication Maps and Graphs

Pre-Summit Working Sessions

A number of Working Sessions are happening before the Summit, please see the details below and participate

Title Track Description