Working Sessions

We passionately believe the hard problems and challenges that our industry faces can only be solved by working together, in a collaborative and open environment.

This Summit is such an event, where the community comes together, and works tirelessly on topics that they are passionate about.

As you can see from the tracks, outcomes, attendees and photos from last year’s Summit, this explosive combination of talent, challenges and enclosed location (venue and villas) creates a highly productive environment.

Where else in the world do you find 15 x Threat Modeling experts, thought-leaders and practitioners? The main authors of the OWASP Mobile testing guide working together in a room on the next version? A mix of OWASP leaders, developers, security engineers, security champions, pentesters, architects, risk experts, business analysts , heads of Security, CISOs, researchers (and many other roles) in the same room, all working together, sharing knowledge and creating tangible and usable outcomes.

The format of the Summit is based on Working Sessions, which are designed to maximise collaboration and participation. The focus and objectives of these sessions are determined by you (the onsite or remote participant), all we do is to set the stage for magic to happen!

See also the planned User Sessions

Summit Working Sessions

Here are the Working Sessions currently planned for the Summit

Title Track Description
Agile Practices for Security Teams DevSecOps Agile Practices for Security Teams
Application Security Verification Standard Owasp Projects Session on ASVS
Azure Serverless for security Serverless
CISO Ask Me Anything (AMA) CISO Session on Risk Modeling
Cell based Structures for Security Maps and Graphs Spotify compliant organizational model in security domain
Create Wardley Maps for multiple security scenarios Maps and Graphs Practical session on creating [Wardley Maps]
Creating a Security Champions network DevSecOps
Creating a Threat Library Threat Library Working Session
Creating content session OWASP MSTG Updating the content of the MSTG
Customising the Chaos Engineering Toolkit API Security Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns.
Cyber Insurance CISO Session on Cyber Insurance
Cyber Risk Modeling CISO Session on Risk Modeling
Cynefin Framework for Security Maps and Graphs Cynefin Framework for Security
Dealing with Security Findings in the Enterprise Security Automation How to deal with the security findings generated by security tools as part of CI/CD pipeline
Describe different ways of implementing TM in agile organisations Threat Model
DevSecOps Maturity Model (DSOMM) DevSecOps DevSecOps Maturity Model (DSOMM)
From Threat Modeling to DevSecOps metrics DevSecOps
GCP Serverless for security Serverless
Hacking ML Applications Machine Learning
How do we persist the information from the TM Slack channel? Threat Model How do we persist the information from the TM Slack channel?
How to scale Threat Modeling. Threat Model How to scale Threat Modeling
Integrating Security Tools in the SDL Security Automation Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL
Juice Shop Challenge Refactoring OWASP Juice Shop Refactoring the categories and difficulty ratings of the OWASP Juice Shop challenges
Juice Shop Hack'n'Code I OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code II OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code III OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code IV OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
ML for Scaling Security Analysis Machine Learning
Meet the ICO PSD2 and GDPR If you could meet the ICO, what questions would you ask
OWASP Application Security Curriculum Project Education
OWASP Collective Defence Cluster (CDC) - two years on CISO
OWASP SAMM Tooling OWASP SAMM Practical session on using the OWASP Maturity Model tool
Open Session Threat Model Threat Modeling Open Working Session
Owasp Testing Guide v5 Owasp Projects Working Sessions for Owasp Testing Guide v5
Owasp Top 5 Machine Learning risks Owasp Projects
PSD2 Security PSD2 and GDPR Security implications of the new PSD2 standard
Real world Chaos Engineering API Security An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments.
Real world ML case-studies Machine Learning
Restructure session OWASP MSTG Restructuring the contents of the MSTG
SAMM DevOps Guidance OWASP SAMM Explain the SAMM DevOps guidance
SAMM benchmarking OWASP SAMM Define objectives for the SAMM benchmarking project as part of SAMMv2
SAMMv2 Establish the Document Model OWASP SAMM Define SAMMv2 document Model
SAMMv2 Measurement Model OWASP SAMM Define SAMMv2 measurement model
SAMMv2 working session - Design OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Governance OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Implementation OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Operations OWASP SAMM multiple working sessions on the new SAMMv2
SAMMv2 working session - Verification OWASP SAMM multiple working sessions on the new SAMMv2
SOC Monitoring Visualisation Security Automation AppSec SOC Monitoring Visualisation
Scaling API Security API Security
Securing Kubernete's hosted APIs API Security
Securing Serverless applications Serverless
Securing the CI Pipeline DevSecOps Secure the CI/CD pipeline
Share your Threat Models diagrams and create a Book Threat Model
Share your playbooks and release them under Creative Commons DevSecOps Session to consolidate and publish anonymised real-word playbooks
Share your security polices and release them under CC PSD2 and GDPR Map out what these are and what is the best way to measure them
State and future of threat modeling Threat Model What is the current state of TM and where do we need to go?
Towards a unified way of describing threat models Threat Model A presentation and discussion of a new language to describe a threat model
Using Data Science for log analysis Maps and Graphs Find out ways to use Data Science for log analysis
Using Lambda functions to scale security teams Machine Learning
Using Lambda functions to scale security teams Serverless
Using Threat Models for GDPR PSD2 and GDPR Hands on user session on how to use Threat Models in GDPR mappings
Using User Story Mapping for effective communication Maps and Graphs
ZAP working session - automation OWASP ZAP Working session on ZAP automation
ZAP working session - future plans OWASP ZAP Working sessions on ZAP future plans
ZAP working session - the HUD OWASP ZAP Working session on the ZAP HUD

Pre-Summit Working Sessions

A number of Working Sessions are happening before the Summit, please see the details below and participate

Title Track Description