AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Back To Schedule
Monday, June 23 • 09:00 - 13:00
Training room 3 - CISO training: Managing Web & Application Security - OWASP for senior managers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. How to use and leverage OWASP and other common best practices to improve your security programs and organization. The workshop will also discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation. The author has extensive experience of managing his own secure development organization as well as advising to improve a number of global secure development organisations and processes.


  • OWASP Top-10 and OWASP projects - how to use within your organisation

  • Risk management and threat modelling methods (OWASP risk analysis, ISO-27005,...)

  • Benchmarking & Maturity Models

  • Security Strategy

  • Organisational Design and managing change for global information security programs

  • SDLC

  • Training: OWASP Secure Coding Practices - Quick Reference Guide, Development Guide, Training tools for developers

  • Measuring & Verification: ASVS (Application Security Verification Standard) Project, Code Review Guide, Testing Guide

  • Development & Operation: Libraries and Frameworks (ESAPI (Enterprise Security API), AppSensor, ...), Threat assessments using OWASP Cornucopia

All discussion and issues raised by participants at the workshop will be under the confidentiality under the Chatham House Rule (http://en.wikipedia.org/wiki/Chatham_House_Rule).

Attendee takeaways and key learning objectives

  • how to effectively build and run a global information security function

  • strengthening web and application security using OWASP projects

  • improving web & application security for organisations from green-field level to very sophisticated security organisations 

avatar for Tobias Gondrom

Tobias Gondrom

Global Board Member, OWASP
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and former chairman until December 2015. And until April 2015, he was leading a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and... Read More →

Monday June 23, 2014 09:00 - 13:00 BST

Attendees (1)