OWASP Helsinki chapter meeting #44

This is a HYBRID event (online and onsite participation possible).

Note: Onsite registration period ended 6th of March. Online registrations still possible until event start.

Onsite location: Second Nature Security (2NS), Auditorium, Keilaranta 1, Espoo (Google maps link).

Online event link published to RSVP.

Agenda:
17:30 ONSITE: Welcome coffee, snack & refreshments
18:00 Hybrid event starts: Opening words from OWASP Helsinki Chapter leader
18:05 Words from the sponsor, Juho Ranta, CTO - Second Nature Security (2NS)
18:15 Use the OWASP Threat Modeling Playbook to Improve Your Product Security, Sebastien Deleersnyder, co-founder, CTO of Toreon
19:30-23:00 ONSITE only: Discussions continue with snacks/BBQ, refreshments and sauna sponsored by Second Nature Security (2NS) Oy.

The event is free of charge, welcome!

Abstracts and bios:

Use the OWASP Threat Modeling Playbook to Improve Your Product Security by Sebastien Deleersnyder:

We pulled together our threat modelling vision and strategy with OWASP best practices (like OWASP SAMM and the AppSec Champion Playbook) to create a ‘Threat Modeling Playbook.’ It shows you how to turn threat modelling into an established, reliable practice in your development teams.

We consider threat modeling a foundational activity to improve your software assurance or product security.

We have trained hundreds of experts and consulted with as many clients regarding threat modeling. We found that a well-established threat modeling practice will measurably decrease security issues of delivered products.

Performing a threat modeling exercise is one thing. Scaling it up as a standard practice in an organization is another. Threat modeling is often considered a manual and costly activity with an unpredictable outcome.

We pulled together our Toreon threat modeling vision and strategy with OWASP best practices (like OWASP SAMM and the AppSec champion playbook) to create a ‘Threat modeling playbook.’ The playbook shows you how to turn threat modeling into an established, reliable practice in your development teams and in the larger organisation.

We released this as an open source OWASP project for everyone to use and improve upon. We encourage you to download and use our playbook. Try it with your own team or on a pilot project. And let us know how it works and how we can improve the playbook.

With you, we can create a community to support and continuously improve ‘Threat modeling playbook.’ Together, we can make threat modelling more widely available. This in turn will make all of our software more secure.

• GitHub Repository: [https://github.com/OWASP/threat-model-playbook](https://github.com/OWASP/threat-modeling-playbook)]
• OWASP Project Page: [https://owasp.org/www-project-threat-modeling-playbook/](https://owasp.org/www-project-threat-modeling-playbook/)

Sebastien Deleersnyder bio:
Sebastien (Seba) Deleersnyder is co-founder and CEO of Toreon and a proponent of application security as a holistic endeavour. He started the OWASP Belgium chapter, has been a member of the OWASP Foundation Board, and has given numerous public presentations on Application Security. Seba also co-organized the yearly security & hacker BruCON conference and training events in Belgium.

With a background in development and many years of experience in security, he has trained countless developers to create software more securely. He has led OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he is adapting application security models to the evolving field of DevOps and is also focused on bringing Threat Modelling to a wider audience. Twitter: @sebadele