This is not a conference with unidirectional presentations. Using the same model as the past two OWASP Summits in Portugal, this 5-day event will be a high-energy experience, during which attendees get the chance to work and collaborate intensively. Every thoroughly prepared working session is geared towards a specific application security challenge and will be focused on actionable outcomes.
With participants flying from all over the world and from major security/development teams, service/product providers and research organizations, this is the place to be to learn and collaborate with industry peers (and even competitors).
The event is split over the following tracks, each focusing on a specific set of challenges:
- Threat Modeling - This is one of the strongest tracks, with most of the core Threat Modeling talent in the world joining forces and collaborating
- OwaspSAMM - This is another track where we have the main contributors and users of this Owasp project participating at the Summit
- DevSecOps - This track has been generating quite a buzz among participants, since it is addressing real pain points and problems that companies face today
- Education - Always strong in OWASP, this track ranges from University master degree to how to create the next generation of AppSec professionals
- Mobile Security - Another track where the key Owasp leaders of Mobile-related Owasp projects are participating
- CISO - This track reaches a wide audience of CISOs and covers a wide range of CISO-related topics
- Research - This track covers really important and interesting research topics (it's important to look at the future and work on the next generation of Application Security)
- Agile AppSec - This is a track driven by a couple participants who really care about Agile and want to find better ways to integrate it with AppSec practices
- Security Crowdsourcing - This is a track that is focused on scaling AppSec activities via internal and external crowdsourcing
- Owasp Project's Summit - Last but not least, this track has 31x Working Sessions directly related to an Owasp Project (with most having the Project Leader participating)
Owasp Summit's Schedules are different from normal conferences, since they are focused on maximizing the Participant's time and Working Sessions they want to be actively involved. The current Schedule is under development and will be released in the next weeks.
Here are some of the Working Sessions that will be worked on at the Summit:
- Application Security BSc/Masters Curriculum Design , Creating AppSec Teams
- Threat Modeling Cheat Sheet
- Software Defined Everything (SDx)
- Using ML and AI to detect Attacks
- Agile Practices for Security Teams , Integrating Security into a Portfolio Kanban , Using Security Risks to Measure Agile Practices
- Scaling Static Analysis Reviews and Deployments , NextGen Security Scanners
- GDPR and DPO AppSec implications, Cyber Insurance , InfoSec Warranties and Guarantees
- Mobile Security Testing Guide (MSTG)
- Implications of Owasp Top 10 2017, Data behind Owasp Top 10 2017
- Juice Shop , NodeGoat , Testing Guide v5 , Application Security Guide for CISO , OWASP Risk Rating Management Project
- Crowdsourcing Security Knowledge , Responsible Disclosure
A key factor of the Owasp Summit's high level productivity and collaboration is the Lodge/Villa accommodation model, where participants will stay, and be literally involved in AppSec/Security conversations and debates from morning till dusk (a number of daily and evening Working Sessions will occur in the Lodges)
Some companies are bringing larger teams to the Summit (with a dedicated Lodge/Villa) where they can double-up as team-building, strategic planning and offsite events.
The Owasp Summit is going to be the largest concentration of AppSec and Security talent focused on solving problems in 2017.
The question is: Will you be there?