Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
View analytic
Monday, June 23 • 14:00 - 18:00
Training room 3 - CISO training: Managing Web & Application Security - OWASP for senior managers

Sign up or log in to save this to your schedule and see who's attending!

Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. How to use and leverage OWASP and other common best practices to improve your security programs and organization. The workshop will also discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation. The author has extensive experience of managing his own secure development organization as well as advising to improve a number of global secure development organisations and processes.

Topics:


  • OWASP Top-10 and OWASP projects - how to use within your organisation

  • Risk management and threat modelling methods (OWASP risk analysis, ISO-27005,...)

  • Benchmarking & Maturity Models

  • Security Strategy

  • Organisational Design and managing change for global information security programs

  • SDLC

  • Training: OWASP Secure Coding Practices - Quick Reference Guide, Development Guide, Training tools for developers

  • Measuring & Verification: ASVS (Application Security Verification Standard) Project, Code Review Guide, Testing Guide

  • Development & Operation: Libraries and Frameworks (ESAPI (Enterprise Security API), AppSensor, ...), Threat assessments using OWASP Cornucopia


All discussion and issues raised by participants at the workshop will be under the confidentiality under the Chatham House Rule (http://en.wikipedia.org/wiki/Chatham_House_Rule).

Attendee takeaways and key learning objectives


  • how to effectively build and run a global information security function

  • strengthening web and application security using OWASP projects

  • improving web & application security for organisations from green-field level to very sophisticated security organisations 


Speakers
avatar for Tobias Gondrom

Tobias Gondrom

Global Board Member, OWASP
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and former chairman until December 2015. And until April 2015, he was leading a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany. He has over 15 years of experience leading global teams in information security, software development, application security, cryptography, electronic signatures... Read More →


Monday June 23, 2014 14:00 - 18:00
LAB113

Attendees (4)