Tracks

Here is the current (under construction) schedule for the tracks

NOTE: exact session days/times are not final and can change.

By Tracks

Monday Tuesday Wednesday Thursday Friday
Cynefin Framework
Maps and Graphs
Mobile Security
OWASP Juice Shop
OWASP Projects
PSD2 and GDPR
Serverless
Wardley Maps
Cynefin Framework
Maps and Graphs
Mobile Security
OWASP Juice Shop
OWASP SAMM
OWASP ZAP
Security Automation
Serverless
Wardley Maps
Children Game Safety
Cyber Insurance
Cynefin Framework
DevSecOps
Machine Learning
Maps and Graphs
Mobile Security
OWASP Juice Shop
OWASP Projects
OWASP SAMM
OWASP ZAP
Threat Model
Wardley Maps
CISO
Children Game Safety
Cyber Insurance
DevSecOps
Machine Learning
Mobile Security
OWASP SAMM
Threat Model
API Security
CISO
Mobile Security
OWASP Juice Shop
OWASP Projects

By Sessions

API Security

when day Fri
description Sessions focusing on API security
organizers Pending


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
Time slot over-subscribed
Scaling API Security
Securing Kubernete's hosted APIs
PM-1
13:30 - 15:00
Customising the Chaos Engineering Toolkit
Pedley room
PM-3
16:30 - 17:30
Real world Chaos Engineering
Pedley room

(back to all track's schedule)

CISO

when day Thu,Fri
description Working Sessions on topics related for CISOs and C-Level execs.
organizers Tony Richards Tony Richards , Paul Davies Paul Davies


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
OWASP Collective Defence Cluster (CDC) - two years on
Table 3
Third Party Due Diligence
PM-2
15:30 - 16:30
CISO Ask Me Anything (AMA)
PM-3
16:30 - 17:30
Cyber Risk Modeling
Portland room

(back to all track's schedule)

Children Game Safety

when day Wed,Thu
description Sessions focused on making it safer children to play games online
organizers Pending


Total sessions for this track: 8

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-1
10:00 - 10:30
Making Online Gaming Safer for Children
AM-1
10:30 - 12:30
Best practices for the security of online Gaming platforms
Wardley Map - Online Game Safety
PM-1
13:30 - 15:00
GDPR Implications for Online Games (for players, parents and platform owners)
Portland room
Risk Dashboard - Online Gaming Safety
Portland room
PM-2
15:30 - 16:30
How can OWASP and OSS help with Online Game Safety
Online Game Safety - Round Table
Portland room
PM-3
16:30 - 17:30
Maturity Model for Online Game Safety (based on SAMM)

(back to all track's schedule)

Cyber Insurance

when day Wed,Thu
description Sessions focused on Cyber Insurance
organizers Pending


Total sessions for this track: 6

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Wardley Map - Cyber Insurance
PM-1
13:30 - 15:00
Risk Dashboard - Cyber Insurance
Portland room
PM-2
15:30 - 16:30
Cyber Insurance
Portland room
How can OWASP and OSS help with Cyber Insurance
Cyber Insurance - Round Table
Portland room
PM-3
16:30 - 17:30
Maturity Model for Cyber Insurance

(back to all track's schedule)

Cynefin Framework

when day Mon,Tue,Wed
description Sessions focusing on the use of Cynefin-Framework in Security
organizers Pending


Total sessions for this track: 5

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Using Cynefin Framework making strategic security decisions
PM-1
13:30 - 15:00
Introduction to Cynefin Framework (Training Session)
Using Cynefin Framework for Security
PM-2
15:30 - 16:30
Using Cynefin Framework for Weak Signal Detection
PM-3
16:30 - 17:30
Hand's on Cynefin Framework creation (Training Session)

(back to all track's schedule)

DevSecOps

when day Wed,Thu
description Sessions focusing on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines
organizers Dominik de Smit Dominik de Smit , Francois Raynaud Francois Raynaud


Total sessions for this track: 9

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
PM-1
13:30 - 15:00
Time slot over-subscribed
Agile Practices for Security Teams
Larch room
DevSecOps Maturity Model (DSOMM)
Maulden room
Secrets Management
Maulden room
Time slot over-subscribed
From Threat Modeling to DevSecOps metrics
Maulden room
Writing security tests to confirm vulnerabilities and fixes
Pedley room
PM-2
15:30 - 16:30
DevSecOps Maturity Model (DSOMM)
Maulden room
Securing the CI Pipeline
Maulden room
PM-3
16:30 - 17:30
DevSecOps Maturity Model (DSOMM)
Maulden room
Securing the CI Pipeline
Maulden room
DS-3
18:00 - 19:00
Share your playbooks and release them under Creative Commons
Table 4
Eve-1
19:30 - 21:00
Create a Slack bot in Python
313 - DevSecCon villa
Eve-2
21:00 - 23:00
Create a Slack bot in Python
313 - DevSecCon villa
Sessions not mapped to any day or time

(back to all track's schedule)

Machine Learning

when day Wed,Thu
description Sessions focusing on Machine Learning
organizers Pending


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
Time slot over-subscribed
Hacking ML Applications
ML for Scaling Security Analysis
Real world ML case-studies
Using Lambda functions to scale security teams

(back to all track's schedule)

Maps and Graphs

when day Mon,Tue,Wed
description Sessions focusing on Maps and graphs
organizers Pending


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
Creating ELK Dashboards
Table 1
Using Data Science for log analysis
Table 3
PM-1
13:30 - 15:00
Using User Story Mapping for effective communication
Larch room
Cynefin Framework for Security
Larch room

(back to all track's schedule)

Mobile Security

when day Mon, Tue, Wed, Thu, Fri
description Sessions focusing on the OWASP MSTG project.
organizers Jeroen Willemsen Jeroen Willemsen , Carlos Holguera Carlos Holguera , Sven Schleier Sven Schleier , Jeroen Beckers


Total sessions for this track: 6

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile AppSec Verification Standard (MASVS)
Mobile Basic Security Testing and Reverse Engineering
Mobile Security Testing Guide onboarding
OWASP Mobile Security Testing Guide 101
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Creating an iOS build pipeline with security checks
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
DS-2
12:30 - 13:30
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile AppSec Verification Standard (MASVS)
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
PM-1
13:30 - 15:00
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile AppSec Verification Standard (MASVS)
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
PM-2
15:30 - 16:30
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile AppSec Verification Standard (MASVS)
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Eve-1
19:30 - 21:00
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile AppSec Verification Standard (MASVS)
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Eve-2
21:00 - 23:00
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Time slot over-subscribed
Android and iOS Security Enhancements and Crackme Apps
Mobile Basic Security Testing and Reverse Engineering
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps
Android and iOS Security Enhancements and Crackme Apps

(back to all track's schedule)

OWASP Juice Shop

when day Mon,Tue,Wed,Fri
description Sessions focusing on OWASP Juice Shop
organizers Bjoern Kimminich Bjoern Kimminich


Total sessions for this track: 9

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Juice Shop 101
Juice Shop Challenge Refactoring
DS-2
12:30 - 13:30
Juice Shop Round Table
PM-1
13:30 - 15:00
Juice Shop Contributor Onboarding
Eve-1
19:30 - 21:00
Juice Shop Hack'n'Code I
Juice Shop Hack'n'Code II
Juice Shop Hack'n'Code III
Juice Shop Hack'n'Code IV
Eve-2
21:00 - 23:00
Juice Shop Release Night

(back to all track's schedule)

OWASP Projects

when day Mon,Wed,Fri
description Sessions focusing on OWASP projects
organizers Pending


Total sessions for this track: 3

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Application Security Verification Standard
314 - Owasp Projects villa
Owasp Top 5 Machine Learning risks
Portland room
PM-2
15:30 - 16:30
Owasp Testing Guide v5
314 - Owasp Projects villa
PM-3
16:30 - 17:30
Owasp Testing Guide v5
314 - Owasp Projects villa

(back to all track's schedule)

OWASP SAMM

when day Tue,Wed,Thu
description SAMM team working together in a 5-day sprint on SAMMv2
organizers Sebastien Deleersnyder Sebastien Deleersnyder , Bart De Win Bart De Win


Total sessions for this track: 13

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
SAMMv2 working session - Governance
311 - OWASP SAMM villa
PM-1
13:30 - 15:00
SAMM Introduction
Portland room
SAMMv2 working session - Design
311 - OWASP SAMM villa
OWASP SAMM Tooling
PM-2
15:30 - 16:30
SAMM - Best Practices
Portland room
SAMMv2 working session - Implementation
311 - OWASP SAMM villa
SAMMv2 Measurement Model
311 - OWASP SAMM villa
PM-3
16:30 - 17:30
SAMM Round Table
Portland room
SAMMv2 working session - Verification
311 - OWASP SAMM villa
SAMMv2 Establish the Document Model
311 - OWASP SAMM villa
SAMM benchmarking
311 - OWASP SAMM villa
Eve-1
19:30 - 21:00
SAMM DevOps Guidance
311 - OWASP SAMM villa
SAMMv2 working session - Operations
311 - OWASP SAMM villa

(back to all track's schedule)

OWASP ZAP

when day Tue,Wed
description ZAP team working together in a 2-day sprint on-site and remote
organizers Simon Bennetts Simon Bennetts


Total sessions for this track: 6

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
ZAP working session - automation
ZAP working session - future plans
PM-1
13:30 - 15:00
ZAP working session - the HUD
Eve-1
19:30 - 21:00
Zap - How to use it (session 1)
Zap - How to use it (session 2)
Zap - How to use it (session 3)

(back to all track's schedule)

PSD2 and GDPR

when day Mon
description Sessions focusing on the new PSD2 standard and GDPR
organizers Pending


Total sessions for this track: 6

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
Time slot over-subscribed
Meet the ICO
PSD2 Security
PM-1
13:30 - 15:00
Ask me anything (AMA) on GDPR
PM-3
16:30 - 17:30
Using graphs for GDPR mappings and visualisations
DS-3
18:00 - 19:00
Share your security polices and release them under CC
Table 2
Eve-2
21:00 - 23:00
Using Threat Models for GDPR
317 - Photobox villa

(back to all track's schedule)

Product Sessions

when day
description
organizers


Total sessions for this track: 6

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday

(back to all track's schedule)

Security Automation

when day Tue
description Sessions focusing on Automation
organizers Pending


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Integrating Security Tools in the SDL
Maulden room
PM-1
13:30 - 15:00
Dealing with DevSecOps Findings
Maulden room
Creating Appsec metrics and visualisation
Maulden room
Integrating Security Tools in the SDL
Maulden room
PM-2
15:30 - 16:30
Dealing with DevSecOps Findings
Maulden room
SOC Monitoring Visualisation
Maulden room

(back to all track's schedule)

Serverless

when day Mon,Tue
description Sessions focusing on Serverless Securitys
organizers Pending


Total sessions for this track: 4

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
DS-2
12:30 - 13:30
Time slot over-subscribed
Azure Serverless for security
GCP Serverless for security
Securing Serverless applications
Using Lambda functions to scale security teams

(back to all track's schedule)

Threat Model

when day Wed,Thu
description Sessions focusing on Threat modelling
organizers Pending


Total sessions for this track: 9

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Open Session - Run over session
Kings room
State and future of threat modeling
Kings room
PM-1
13:30 - 15:00
Towards a unified way of describing threat models
Kings room
Time slot over-subscribed
Describe different ways of implementing TM in agile organisations
Kings room
How do we persist the information from the TM Slack channel?
Kings room
Share your Threat Models diagrams and create a Book
Kings room
PM-2
15:30 - 16:30
Time slot over-subscribed
Lightweight privacy threat modeling using LINDDUN
Kings room
Open Session
Kings room
How to scale Threat Modeling.
Kings room

(back to all track's schedule)

Wardley Maps

when day Mon,Tue,Wed
description Sessions focusing on the use of Wardley Maps in Security
organizers Pending


Total sessions for this track: 10

NOTE: exact session days/times are not final and can change.

Monday Tuesday Wednesday Thursday Friday
AM-1
10:30 - 12:30
Simon Session 1
Using Wardley Maps and Cynefin for Security
PM-1
13:30 - 15:00
Introduction to Wardley Maps (Training Session)
Simon Session 2
Cell based Structures for Security
Larch room
PM-2
15:30 - 16:30
Using tools to create Wardley Maps (Training Session)
Wardley Maps for Security
Simon Session 3
PM-3
16:30 - 17:30
Hand's on Wardley Maps creation (Training Session)
Using Wardley maps on SOC

(back to all track's schedule)