| Track: | DevSecOps |
|---|---|
| When: | Mon PM-2,PM-3 |
| Where: | Maulden |
| Organizers | Fraser Scott Fraser Scott |
| Participants | Abhinav Sejpal Abhinav Sejpal , Adrian Winckles Adrian Winckles , Claudio Camerino Claudio Camerino , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Fabien Thalgott Fabien Thalgott , Frederic Tollens Frederic Tollens , Jim Newman Jim Newman , Jonas Vanalderweireldt Jonas Vanalderweireldt , Luis Saiz Luis Saiz , Paul Dubourg Paul Dubourg , Pedro Laguna Pedro Laguna , Sara Davis Sara Davis , Sotiraki Sima Sotiraki Sima , Stu Hirst Stu Hirst , Tanya Janca Tanya Janca , Tash Norris Tash Norris |
| Remote Participants | Abdullah Garcia Abdullah Garcia , Abhi Raj Abhi Raj , Andrew Martin Andrew Martin , Barbara Prevel Barbara Prevel , Barbara Schachner Barbara Schachner , Ernesto Bethencourt Ernesto Bethencourt , Guy Jarvis Guy Jarvis , Harmeet Singh Harmeet Singh , Jaysen Naidoo Jaysen Naidoo , MrsYisWhy MrsYisWhy , Paul Harragan Paul Harragan , Prakash Sharma Prakash Sharma , Salma jalouqa Salma jalouqa , Sophie Tonnoir Sophie Tonnoir , Subash Subash , Sugumaran Uppili Sugumaran Uppili , Vandana Verma Vandana Verma |
The OWASP Cloud Security project aims to help people secure their products and services running in the cloud by providing a set of easy to use threat and control BDD stories that pool together the expertise and experience of the development, operations, and security communities.
This working session is a beta of the project workshop that introduces the following topics:
- Behaviour Driven Development (BDD)
- Threat modeling
- Using BDD for cloud security
WHY
We believe that cyber security has a fundamental role to play in protecting the digital future. We also believe that cyber security isn’t just about the technology; it’s about the people. The customer, the developer, the designer, the security engineer, and even the attacker. Not only is cyber security a never-ending process, it’s also a conversation.
This project was created to enable that conversation.
Given the challenge of protecting the digital future
And a diverse group of awesomely talented people
When we enable the conversation between people
Then they can make a real difference to the security of their services
The rise of DevOps and cloud computing has given organisations unprecedented access to feature-rich and highly-scalable elastic platforms that allow them to deliver products and services with a velocity and agility that has never been seen before. But with new capabilities come new attack vectors.
The goals of this workshop are:
- To share knowledge about BDD, threat modeling and cloud security - attendees will be able to apply the tools and techniques they learn to their own organisation
- To grow the project community and increase contributions to the project
- To get feedback on the content and format of the workshop, so that future sessions deliver better value
What
A 2 hour workshop with the following agenda:
- Workshop introduction
- Introduction to Behaviour Driven Development (BDD)
- Group story writing and discussion
- Introduction to threat modeling
- Group threat modeling and discussion
- Using BDD for security
- Group threat story writing and discussion
- Individual threat story writing
Outcomes
- A series of group and individually created BDD stories that will be released under the Creative Commons license, made up of some of the following:
- Cloud security threat stories
- General cyber security threat stories
- Non-security threat stories (e.g. privacy or personal)
- Mitigating control stories
- General BDD examples
- Feedback on the workshop content and workshop content updates
References
Register as participant
To register as participant add Owasp Cloud Security Workshop (BETA) to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions