Sessions List

Sessions List

Here are the Keynotes currently planned for the Summit

Title Type Track Description
Lessons from the Legion keynote Sessions focusing on the strategic challenges facing security practioners
OWASP Juice Shop (Keynote) keynote Bjoern will introduce to us the OWASP Juice Shop, probably the most modern and sophisticated insecure web application
OWASP SAMM v2 keynote Update on the new version 2.0 of SAMM
OWASP ZAP Heads Up Display (HUD) keynote Demonstration of the new OWASP ZAP Heads Up Display (HUD) by Simon
Security Data Science keynote Expect Graphs, and Jypiter notebooks ...
The Cynefin framework keynote Dave presenting the Cynefin framework, a conceptual framework used to aid decision-making
The Mobile Security Testing Guide (MSTG) keynote The MSTG team is working hard on the new release of the Mobile Security Testing Guide (MSTG) during this summit.
The OWASP Top Ten Proactive Controls 2018 keynote Jim will cover the OWASP Top Ten Proactive Controls 2018, a list of security techniques that should be included in every software development project
Wardley maps keynote Simon presenting Wardley maps, and the use of topographical intelligence in business strategy

Here are the Sessions currently planned for the Summit

Title Type Track Description
Agile Practices for Security Teams working-session DevSecOps Agile Practices for Security Teams
Android and iOS Security Enhancements and Crackme Apps (Fri) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Mon Eve) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Mon) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Thu Eve) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Thu) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Tue) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Wed Eve) working-session OWASP MSTG Updating the content of the MSTG
Android and iOS Security Enhancements and Crackme Apps (Wed) working-session OWASP MSTG Updating the content of the MSTG
Application Security Verification Standard working-session OWASP Projects Session on ASVS
Cell based Structures for Security working-session Wardley Maps Cell based Structures for Security - Small autonomous security teams and the use of Pioneers, Settlers and Town Planners (PST)
Creating a Security Champions network working-session DevSecOps
Creating a Threat Library working-session Threat Library Working Session
Creating a generic diagram of a threat model working-session Threat Model Creating a generic diagram of a threat model
Creating an iOS build pipeline with security checks working-session OWASP MSTG Brainstorming for a iOS pipeline with security checks
Customising the Chaos Engineering Toolkit working-session Misc Practical Guide to Extending the Chaos Toolkit for DevSecOps concerns.
Cyber Risk Modeling working-session Misc Session on Risk Modeling
Dealing with DevSecOps Findings working-session DevSecOps How to deal with the security findings in an appsec pipeline and drive continuous improvement of the testing policies
DevSecOps Maturity Model (DSOMM) working-session DevSecOps DevSecOps Maturity Model (DSOMM)
Emotional/Multiple Intelligence working-session Misc
From Threat Modeling to DevSecOps metrics working-session DevSecOps
Hand's on Wardley Maps creation working-session Wardley Maps Want to have a go at creating your own Wardley maps? This training session will give you hands on experience in creating maps for multiple scenarios, with experienced practitioners on hand to guide and help you.
How do Cyber Professionals protect themselves working-session
How do we persist the information from the TM Slack channel? working-session Threat Model How do we persist the information from the TM Slack channel?
Incremental Threat Modeling working-session Threat Model How to scale Threat Modeling
Integrating Security Tools in the SDL working-session DevSecOps Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL
Introduction to Wardley Maps working-session Wardley Maps New to Wardley maps? This session is for you
Jira Schemas working-session
Juice Shop Challenge Refactoring working-session OWASP Juice Shop Refactoring the categories and difficulty ratings of the OWASP Juice Shop challenges
Juice Shop Hack'n'Code (Mon) working-session OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code (Tue) working-session OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Hack'n'Code (Wed) working-session OWASP Juice Shop Coding for and hacking of the OWASP Juice Shop
Juice Shop Release Night working-session OWASP Juice Shop Go-live of new OWASP Juice Shop release
Jupyter Training (#1) working-session Onboarding and Training Training Jupyter (1st session)
Jupyter Training (#2) working-session Onboarding and Training Training Jupyter (2nd session)
Jupyter Training (#3) working-session Onboarding and Training Training Jupyter (3rd session)
Lightweight privacy threat modeling using LINDDUN working-session Threat Model Lightweight privacy threat modeling using LINDDUN
Lightweight privacy threat modeling using LINDDUN Part II working-session Threat Model Lightweight privacy threat modeling using LINDDUN Part II
Mapping OWASP DevSecOps Maturity Model to SAMMv2 working-session OWASP SAMM multiple working sessions on the new SAMMv2
Mapping boot camp working-session Wardley Maps Wardely Mapping boot camp - Zero to Mapping Hero - By Simon Wardley
Mobile AppSec Verification Standard (MASVS) working-session OWASP MSTG Work on the open issues of the MASVS
Mobile AppSec Verification Standard (MASVS) (Evening) working-session OWASP MSTG Work on the open issues of the MASVS
Mobile Basic Security Testing and Reverse Engineering (Evening Session) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Mon Evening) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Mon) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Thu) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Tue Evening) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Tue) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
Mobile Basic Security Testing and Reverse Engineering (Wed) working-session OWASP MSTG Work on the Mobile Basic Security Testing and Reverse Engineering topics with focus on restructuring the contents of the MSTG
OSS BOT and Argumentation Models working-session
OWASP Application Security Curriculum Project working-session OWASP Projects Kick-off session for the new AppSec Curriculum Project, to discuss goals, deliverables, roadmap, etc.
OWASP HoneyPot working-session OWASP Projects Session on OWASP Honeypot
OWASP Media Project working-session OWASP Projects Update project docs and plan the next phase of OWASP Media Project
OWASP SAMM Training (#1) working-session Onboarding and Training Training OWASP SAMM (1st session)
OWASP SAMM Training (#2) working-session Onboarding and Training Training OWASP SAMM (2nd session)
OWASP SAMM Training (#3) working-session Onboarding and Training Training OWASP SAMM (3rd session)
OWASP community-docs working-session Misc Documents related to community outreach promoting OWASP content
Protecting JuiceShop with AWS WAF working-session
Real world Chaos Engineering working-session Misc An exploration and working session to characterise, explore and implement real-world DevSecOps chaos experiments.
SAMM - Agile guidance working-session OWASP SAMM Discussing the support for Agile development based on SAMM v2
SAMM - Alignment with Threat Modeling working-session OWASP SAMM Aligning the SAMM model with the Threat Modeling project.
SAMM - Alignment with other OWASP projects (Fri) working-session OWASP SAMM Aligning the model with other OWASP projects.
SAMM - Alignment with other OWASP projects (Thu) working-session OWASP SAMM Aligning the model with other OWASP projects.
SAMM - Alignment with other OWASP projects (Wed) working-session OWASP SAMM Aligning the model with other OWASP projects.
SAMM - Any Other Business working-session OWASP SAMM Spare session to cover any other topics
SAMM - DevOps guidance working-session OWASP SAMM Discussing the support for DevOps development based on SAMM v2
SAMM - Editing agreements and parallel editing working-session OWASP SAMM Parallel editing session to improve the content of the current model
SAMM - Measurement model (Mon EV) working-session OWASP SAMM Discussion on the new measurement model for the SAMM v2 project
SAMM - Measurement model (Mon PM) working-session OWASP SAMM Discussion on the new measurement model for the SAMM v2 project
SAMM - Model Challenges (Tue) working-session OWASP SAMM Discussing outstanding model challenges
SAMM - Model Challenges (Wed) working-session OWASP SAMM Discussing outstanding model challenges
SAMM - Model discussions (Tue) working-session OWASP SAMM Parallel editing session to improve the content of the current model
SAMM - Model discussions (Wed) working-session OWASP SAMM Parallel editing session to improve the content of the current model
SAMM - Outreach program (Mon) working-session OWASP SAMM Discussing the outreach for the OWASP SAMM project
SAMM - Outreach program (Tue) working-session OWASP SAMM Discussing the outreach for the OWASP SAMM project
SAMM - Outreach wrap-up working-session OWASP SAMM Deciding on the objectives and plans for outreach for the OWASP SAMM project
SAMM - Parallel editing (Thu AM) working-session OWASP SAMM Discussion on the different SAMM documents and content editing.
SAMM - Parallel editing (Thu PM) working-session OWASP SAMM Discussion on the different SAMM documents and content editing.
SAMM - Parallel editing (Tue) working-session OWASP SAMM Parallel editing session to improve the content of the current model
SAMM - Parallel editing (Wed PM) working-session OWASP SAMM Parallel editing session to improve the content of the current model
SAMM - Planning and Roadmap working-session OWASP SAMM Spare session to cover any other topics
SAMM - SAMM benchmarking and tooling working-session OWASP SAMM Discussion on data collection and bench marking
SAMM - SAMM documents and parallel editing (Wed AM) working-session OWASP SAMM Discussion on the different SAMM documents and content editing.
SAMM - Tooling working-session OWASP SAMM Discussion on the tools that we're making available for SAMM
SAMMv2 - Threat Modeling working-session Threat Model Discuss the SAMM threat modeling practice together with the SAMM team
Scaling API Security working-session Misc
Schedule & Outcomes (#1) working-session Onboarding and Training OSS Onboarding - Schedule Outcomes (1st session)
Schedule & Outcomes (#2) working-session Onboarding and Training OSS Onboarding - Schedule Outcomes (2nd session)
Schedule & Outcomes (#3) working-session Onboarding and Training OSS Onboarding - Schedule Outcomes (3rd session)
Secrets Management working-session DevSecOps Secrets Management in a DevSecOps world
Securing Kubernete's hosted APIs working-session Misc
Securing the CI Pipeline working-session DevSecOps Secure the CI/CD pipeline
Security Challenges - An Introduction working-session Misc Introduction and overview
Security Challenges - Analyse others working-session Misc What strategies are already in use?
Security Challenges - Analysis, Analogies working-session Misc Next step, analyse cyber security in very general terms
Security Challenges - Collate others' strategies and assumptions working-session Misc Collate results from Wednesday.
Security Challenges - Next step working-session Misc Is this viable? Where do we go?
State and future of threat modeling working-session Threat Model What is the current state of TM and where do we need to go?
TM maturity working-session Threat Model How do we measure the maturity of TM
TM track introduction working-session Threat Model Introduction of the TM track and way of working for this week
Threat Model Cookbook Project (Part 1) working-session Threat Model Kick off of the OWASP Threat Model Cookbook Project
Threat Model Cookbook Project (Part 2) working-session Threat Model Let's add some threat models to the project!
Threat Modeling Training (#1) working-session Onboarding and Training Training Threat Modeling (1st session)
Threat Modeling Training (#2) working-session Onboarding and Training Training Threat Modeling (2nd session)
Threat Modeling Training (#3) working-session Onboarding and Training Training Threat Modeling (3rd session)
Threat Modeling Training (Thu) working-session Onboarding and Training Training Threat Modeling (1st session)
Threat pattern libraries working-session Threat Model Starting the threat model threat model library project
Towards a unified way of describing threat models working-session Threat Model A presentation and discussion of a new language to describe a threat model
Track closure working-session Threat Model Track closure
Using Cynefin Framework making strategic security decisions working-session Misc Session on how to use Cynefin Framework making strategic security decisions
Wardley Mapping - Climatic Patterns and Using Doctrine working-session Wardley Maps Wardley Mapping, Understanding Climatic Patterns and Using Doctrine
Wardley Mapping - Coordinating functions within a PST organisation working-session Wardley Maps Coordinating functions within a PST organisation
Wardley Maps Training (#1) working-session Onboarding and Training New to Wardley maps? This session is for you
Wardley Maps Training (#2) working-session Onboarding and Training New to Wardley maps? This session is for you
Wardley Maps Training (#3) working-session Onboarding and Training New to Wardley maps? This session is for you
Welcome & Content (#1) working-session Onboarding and Training OSS Onboarding - Welcome and Content (1st session)
Welcome & Content (#2) working-session Onboarding and Training OSS Onboarding - Welcome and Content (2nd session)
Welcome & Content (#3) working-session Onboarding and Training OSS Onboarding - Welcome and Content (3rd session)
ZAP working session - automation working-session OWASP Projects Working session on ZAP automation
ZAP working session - future plans working-session OWASP Projects Working sessions on ZAP future plans
ZAP working session - the HUD working-session OWASP Projects Working session on the ZAP HUD
Ask me anything (AMA) on GDPR user-session Misc Ask all the burning questions you have on GDPR
Creating Appsec metrics and visualisation user-session DevSecOps AppSec Metrics and Visualisation
Introduction to Cynefin Framework user-session Misc New to Cynefin Framework? This session is for you
Juice Shop 101 user-session OWASP Juice Shop OWASP Juice Shop introduction for newbies
Juice Shop Contributor Onboarding user-session OWASP Juice Shop OWASP Juice Shop introduction for new contributors
Mobile Security Testing Guide onboarding user-session OWASP MSTG MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed)
Mobile Security Testing Guide onboarding (Session 2) user-session OWASP MSTG MSTG introduction for new contributors (Two sessions available - PM-1 on Mon, AM-1 on Wed)
OWASP Mobile Security Testing Guide 101 user-session OWASP MSTG MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed)
OWASP Mobile Security Testing Guide 101 (Session 2) user-session OWASP MSTG MSTG introduction for newbies (Two sessions available - PM-1 on Mon, AM-1 on Wed)
SAMM user session - Introduction user-session OWASP SAMM one of the 2 user sessions on the SAMM project
SAMM user session - Round-table user-session OWASP SAMM one of the 2 user sessions on the SAMM project
Talking security risk to business - practical games to learn through failure user-session Wardley Maps
Third Party Due Diligence user-session Misc Session on problem and solution discussion
Using Wardley Maps and Cynefin for Security user-session Wardley Maps An introduction to the Cynefin Framework, and its intersection with Wardley Maps, for Security
Using Wardley Maps on SOC user-session Wardley Maps
WAFs - Understanding and measuring how they behave user-session DevSecOps
Wardley Maps for Security user-session Wardley Maps Practical session on using Wardley Maps for Security
Writing security tests to confirm vulnerabilities and fixes user-session DevSecOps Hands on session writing security tests

Pre-Summit Working Sessions

A number of Working Sessions are happening before the Summit, please see the details below and participate

Title Type Track Description