In addition to Working Sessions this year we are also introducing the concept of User Sessions, which will be very learning-based hands-on practically-driven sessions, so you leave with the knowledge, skills and tools you need to make immediate changes in your workplace.
We wanted to introduce User Sessions to this year’s event, as we believe that only by keeping your learning up to date and taking opportunities to try these new skills out for yourself in a safe environment, where it’s ok to fail - and fail fast - will you really be able to go back and implement the new knowledge you have acquired.
The Summit now includes these User Sessions, from working through Chaos Experiments to getting to grips with GDPR Patterns, from understanding how to use OWASP SAMM to using Pixi, we want to cover all the bases.
See also the planned Working Sessions.
Current User Sessions
| Title | Track | Description |
|---|---|---|
| A long successful career in IT (women in tech) | Keynotes | Keynote by Ante Gulam |
| A seat at the table | Keynotes | Keynote by Adam |
| A shared understanding of Success | Keynotes | Keynote by Sara Davis |
| Adding CRS3 and Pixi to CircleCI pipeline | DecSecOps | Adding OWASP ModSecurity Core Rule Set 3 and Pixi to CircleCI pipeline |
| Adding Privacy by Design in Secure Application Development | Keynotes | Keynote by Sebastien Deleersnyder |
| Ask me anything (AMA) - Meet the Experts | Misc | Ask all the burning questions you have to those in industry |
| Ask me anything (AMA) on GDPR | GDPR | Ask all the burning questions you have on GDPR |
| Create a Slack bot in Python | DevSecOps | Hands on session to show participants how to create a Slack bot in Python |
| Creating Appsec metrics and visualisation | DevSecOps | AppSec Metrics and Visualisation |
| Creating ELK Dashboards | Maps and Graphs | Practical session on creating ELK Dashboards |
| Creating Open Source Avatao exercises | Misc | |
| Creating Security exams (How to) | Security Questions | |
| Crossing the river by feeling the stones | Keynotes | Keynote by Simon Wardley |
| Diving into mobile cryptography using dynamic instrumentation with Frida | Misc | Hands-on session by Carlos Holguera |
| Gamifying Security Dashboards | Keynotes | Keynote by Ante Gulam |
| Hands on Chaos Experiments | Chaos Engineering | |
| Hands-on GDPR Patterns | GDPR | Using GDPR Patterns |
| Implementing the OWASP responsible disclosure Maturity Model | OWASP Projects | Hand-on session on creating the OWASP responsible disclosure Maturity Model |
| Informational Awareness | Keynotes | Keynote by Jonathan Hawes |
| InSecurity | Keynotes | Keynote by Jane Frankland |
| Integrating Security Tools in the SDL using OWASP DevSecOps Studio | DevSecOps | Using DevSecOps studio to learn and teach Integrating security tools in the SDL |
| JIRA - how to use it | Misc | How to use Jira for risk management, incident response and managing a team |
| OS Summit Website - how to use it | Misc | How to update the Open Security website |
| Publishing apps in a VSTS security pipeline | DecSecOps | Beginner level session on DevSecOps and publishing to the Cloud |
| Running CTF Games with OWASP Juice Shop | Owasp Projects | Running / hosting CTF games with OWASP JuiceShop |
| SAMM - Best Practices | OWASP SAMM | User session on how to use Owasp SAMM |
| SAMM Introduction | OWASP SAMM | Introduction session on SAMM for people who want to know more about the project |
| SAMM Round Table | OWASP SAMM | Round table session with SAMM users |
| secureCodeBox - How to improve your CI/CD pipeline with automated security tests | DevSecOps | Hands on session to introduce the new project secureCodeBox.io and how you could use it to improve your CI/CD pipeline with automated security tests easily. |
| Security Quiz Night (Mon) | Security Questions | |
| Security Quiz Night (Thu) | Security Questions | |
| Security Quiz Night (Tue) | Security Questions | |
| Security Quiz Night (Wed) | Security Questions | |
| SOC Value Chain using Wardley maps | Maps and Graphs | |
| Summit Onboarding | Misc | How to update the Open Security website |
| Testing iOS Apps without Jailbreak | Owasp Projects | Mobile Security Working Session |
| Thinking in Graphs | Keynotes | Keynote by Dinis Cruz |
| Track Introductions | Misc | |
| Update Treat Modeling website 1 | Threat Model | |
| Update Treat Modeling website 2 | Threat Model | |
| Update Treat Modeling website 3 | Threat Model | Threat Modeling User Session |
| Update Treat Modeling website 4 | Threat Model | Threat Modeling User Session |
| Update Treat Modeling website 5 | Threat Model | |
| Using graphs for GDPR mappings and visualisations | GDPR | Hands on sessions of mapping GDPR data to graphs |
| Using JIRA to create and execute Security Playbooks | DevSecOps | Hands on session on how to use JIRA for incident response |
| Using Neo4J to filter and review SAST findings | Maps and Graphs | |
| Using the OWASP Maturity Model tool | OWASP SAMM | Practical session on using the OWASP Maturity Model tool |
| Using Threat Models for GDPR | GDPR | Hands on user session on how to use Threat Models in GDPR mappings |
| Wardley Mapping – a practical session on how to use value chain mapping | Maps and Graphs | Practical session on how to use value chain mapping. |
| Writing a Security Budget | ||
| Writing security tests to confirm vulnerabilities and fixes | DevSecOps | Hands on session writing security tests |
| Zap - How to use it | Owasp Projects | User session to help ZAP users |