Owasp Cloud Security Workshop (BETA)

Track: DevSecOps
When: Mon PM-2,PM-3
Where: Maulden
Organizers Fraser Scott Fraser Scott
Participants Abhinav Sejpal Abhinav Sejpal , Adrian Winckles Adrian Winckles , Claudio Camerino Claudio Camerino , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Fabien Thalgott Fabien Thalgott , Frederic Tollens Frederic Tollens , Jim Newman Jim Newman , Jonas Vanalderweireldt Jonas Vanalderweireldt , Luis Saiz Luis Saiz , Paul Dubourg Paul Dubourg , Pedro Laguna Pedro Laguna , Sara Davis Sara Davis , Sotiraki Sima Sotiraki Sima , Stu Hirst Stu Hirst , Tanya Janca Tanya Janca , Tash Norris Tash Norris
Remote Participants Abdullah Garcia Abdullah Garcia , Abhi Raj Abhi Raj , Andrew Martin Andrew Martin , Barbara Prevel Barbara Prevel , Barbara Schachner Barbara Schachner , Ernesto Bethencourt Ernesto Bethencourt , Guy Jarvis Guy Jarvis , Harmeet Singh Harmeet Singh , Jaysen Naidoo Jaysen Naidoo , MrsYisWhy MrsYisWhy , Paul Harragan Paul Harragan , Prakash Sharma Prakash Sharma , Salma jalouqa Salma jalouqa , Sophie Tonnoir Sophie Tonnoir , Subash Subash , Sugumaran Uppili Sugumaran Uppili , Vandana Verma Vandana Verma

The OWASP Cloud Security project aims to help people secure their products and services running in the cloud by providing a set of easy to use threat and control BDD stories that pool together the expertise and experience of the development, operations, and security communities.

This working session is a beta of the project workshop that introduces the following topics:

  • Behaviour Driven Development (BDD)
  • Threat modeling
  • Using BDD for cloud security


We believe that cyber security has a fundamental role to play in protecting the digital future. We also believe that cyber security isn’t just about the technology; it’s about the people. The customer, the developer, the designer, the security engineer, and even the attacker. Not only is cyber security a never-ending process, it’s also a conversation.

This project was created to enable that conversation.

Given the challenge of protecting the digital future
And a diverse group of awesomely talented people
When we enable the conversation between people
Then they can make a real difference to the security of their services

The rise of DevOps and cloud computing has given organisations unprecedented access to feature-rich and highly-scalable elastic platforms that allow them to deliver products and services with a velocity and agility that has never been seen before. But with new capabilities come new attack vectors.

The goals of this workshop are:

  • To share knowledge about BDD, threat modeling and cloud security - attendees will be able to apply the tools and techniques they learn to their own organisation
  • To grow the project community and increase contributions to the project
  • To get feedback on the content and format of the workshop, so that future sessions deliver better value


A 2 hour workshop with the following agenda:

  • Workshop introduction
  • Introduction to Behaviour Driven Development (BDD)
  • Group story writing and discussion
  • Introduction to threat modeling
  • Group threat modeling and discussion
  • Using BDD for security
  • Group threat story writing and discussion
  • Individual threat story writing


  • A series of group and individually created BDD stories that will be released under the Creative Commons license, made up of some of the following:
    • Cloud security threat stories
    • General cyber security threat stories
    • Non-security threat stories (e.g. privacy or personal)
    • Mitigating control stories
    • General BDD examples
  • Feedback on the workshop content and workshop content updates


Register as participant

To register as participant add Owasp Cloud Security Workshop (BETA) to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions