By Harrie Bickle | January 1, 0001
What should we work on?
The OSS philosophy is one of participant-driven focus. So it is up to you to shape your conference to target your greatest needs. There is a whole world of ideas, let’s start sharing them, prioritising them and turning them into working sessions with clear objectives.
Working Session ideas
Agile AppSec
- Agile Practices for Security Teams
- Define Agile Security Practices
- Integrating Security into a Portfolio Kanban
- Integrating Security into a Sales Channel
- Integrating Security into an Spotify Model
- Security Champions
- Security Guild vs Security Champions
- Using Security Risks to Measure Agile Practices
- InfoSec Warranties and Guarantees
- Mobilising Business Lines for Security
- SAMM Metrics for Enterprise
- The future of privacy
- Women in Cyber
CISO
- Application Security Guide for CISO
- AppSec Article 5 Collective Defence Agreement
- AppSec for CISOs
- CISO Round Table
- CISO Survey
- Cyber Insurance
- GDRP DPO and AppSec
- Growing the AppSec Industry
DevSecOps
- AppSec SoC Monitoring Visualisation
- BDD for Cloud Security
- Docker Security
- ELK Security Dashboards
- Integrating Security Tools in SDL
- JIRA Risk Workflow
- Netflix Security Automation
- Node Security Round Table
- Real Time SAST Engine Architecture
- Review Docker Security Workshop
- Securing GitHub Integrations
- Securing Legacy Applications
- Securing the CI Pipeline
- Security Guidance and Feedback in IDE
- SRE Security Activities
- Threat Vulnerability Management
- WAF best practices
- Writing Security Tests
Education
- AppSec BSc Masters Curriculum Design
- Creating AppSec Talent
- Creating AppSec Teams
- CTFs
- Cyber Security Economics
- Hackathon Beyond OWASP Top Ten
- Recruiting AppSec Talent
- Security Book Club
- Software Defined Everything (SDx)
- Teaching Attacker Perspective to Developers
IOT
- GSMA IoT Security Guidelines
- Internet of Things Project
- Security Architecture Recommendations for IoT
- TLS for Local IoT
Juice Shop
- Juice Shop Brainstorming
- Juice Shop Coding Day
- Juice Shop Coding Night
- Juice Shop Release
Mobile Sec
- MSTG
- MSTG 01
- MSTG 02
- MSTG 03
- MSTG 04
- MSTG 05
Research
- BeyondCorp for internal Web Applications
- Future of .Net Containers
- GraphQL Security Review
- LANGSEC Language theoretic Security
- Protobuf for Data Validation Between Services
- Security Labels
- Using ML and AI to detect attacks
Playbook Sec
- AppSec Review and Pentest Playbook
- Bug Bounty Playbook
- Create Jira Workflows for Security Playbooks
- DoS Playbook
- Due Diligence Playbook
- Incident Response Playbook
- Media Handling Playbook
- Playbooks Common Format
- Playbooks vs Handbooks
- Ransomware Playbook
- Security Monitoring Playbooks
- Security Playbooks Diagrams
Other Ideas
- AppSec Job Fair
- Cross Company Hackathons
- Crowdsourcing Security Knowledge
- Hackathon Daily Sessions
- Internal Bug Bounties Programmes
- Lessons learned from public bug bounties programmes
- OWASP Bug Bounty
- OWASP Top Ten
- Responsible disclosure
- GDPR
- Java
- Node
- SAST
- SOC
- TLS