Lunch 12:30pm - 1:30pm
Seth & Ken’s Excellent Adventures in Secure Code Review 23 9:00am - 25 5:00pm
Attacking Android and iOS apps by Example 23 9:00am - 25 5:00pm
The DevSecOps MasterClass 23 9:00am - 25 5:00pm
Am Coffee Break 10:00am - 10:30am
PM Coffee Break 3:00pm - 3:30pm
AM Coffee Break 10:30am - 11:00am
Hands-on threat modeling and tooling for DevSecOps 24 9:00am - 25 5:00pm
Breaking and Pwning Docker Containers and Kubernetes Clusters 24 9:00am - 25 5:00pm
Leaders Meeting 6:00pm - 7:00pm
Public Board Meeting 7:00pm - 8:00pm
AM Coffee Break 10:00am - 10:30am
Lunch 12:30pm - 1:00pm
Your dynamic software security journey with OWASP SAMM2 9:00am - 5:00pm
DevOps for CISO 9:00am - 5:00pm
Project Review 9:00am - 3:00pm
Welcome Reception 5:00pm - 6:00pm
Attacking AWS: the full cyber kill chain 10:15am - 11:00am
OWASP based Threat Modelling : Creating a feedba... 11:05am - 11:50am
Knative Security Pipelines 11:55am - 12:40pm
OWASP SAMM2 - your dynamic software security jou... 1:45pm - 2:30pm
Secure Agile development according to SAMM 2:35pm - 3:20pm
Mobile-friendly or Attacker-friendly? A Large-sc... 4:05pm - 4:50pm
Controlled Mayhem with Cloud Native Security Pip... 10:15am - 11:00am
Security Vulnerabilities Decomposition: Another... 11:05am - 11:50am
WebAuthn: Strong authentication vs. privacy vs.... 11:55am - 12:40pm
Web Apps vs Blockchain dApps (Smart Contracts):... 1:45pm - 2:30pm
Threat Modelling Stories from the Trenches 2:35pm - 3:20pm
Modern and Secure IAM for Modern Applications 4:05pm - 4:50pm
Practical OWASP CRS in High Security Settings 10:15am - 11:00am
The Zest of ZAP: How scripting in our favorite t... 11:05am - 11:50am
Choosing the right static code analyzers based o... 11:55am - 12:40pm
Being Powerful While Powerless: Elevating Securi... 1:45pm - 2:30pm
The Now and the Future of Malicious WebAssembly 2:35pm - 3:20pm
OWASP Docker Top 10 4:05pm - 4:50pm
Remote Code Execution in Firefox Beyond Memory C... 10:15am - 11:00am
Manual JavaScript Analysis is a Bug 11:05am - 11:50am
Securing ProtonMail: Building a Web App that Doe... 11:55am - 12:40pm
Fun with KSM 1:45pm - 2:30pm
Ransomware Identification with Limited Informati... 2:35pm - 3:20pm
XSS magic tricks 4:05pm - 4:50pm
API Security Project 11:05am - 11:50am
Juice Shop 2:35pm - 3:20pm
ModSecurity Core R...
Opening Remarks
The house is built on sand: exploiting hardware... 9:00am - 9:45am
Securing the Future 5:00pm - 5:45pm
AM Coffee Break 9:45am - 10:15am
Members Lounge 10:00am - 4:00pm
Lunch 12:40pm - 1:45pm
PM Coffee Break 3:20pm - 4:05pm
Networking Event at Strandzuid 6:30pm - 8:30pm
Restricting the scripts, you're to blame, you gi... 10:15am - 11:00am
Don't Trust The Locals: Evaluating and Mitigatin... 11:05am - 11:50am
HTTP Desync Attacks: Smashing into the Cell Next... 11:55am - 12:40pm
The State of Credential Stuffing and the future... 1:45pm - 2:30pm
Making the web secure, by design ++ 2:35pm - 3:20pm
How To Learn (And Teach) Hacking 4:05pm - 4:50pm
SUSTO: Systematic Universal Security Testing Orc... 10:15am - 11:00am
How do JavaScript frameworks impact the security... 11:05am - 11:50am
[In]secure deserialization, and how [not] to do... 11:55am - 12:40pm
No More Whack-a-Mole: How to Find and Prevent En... 1:45pm - 2:30pm
Breaches Are Everywhere. What’s a Good Security... 2:35pm - 3:20pm
Fast Forwarding mobile security with the OWASP M... 4:05pm - 4:50pm
Unlikely allies: how HR can help build a securit... 10:15am - 11:00am
Do certain types of developers or teams write mo... 11:05am - 11:50am
The Security we Need: Designing Usable IoT Secur... 11:55am - 12:40pm
ScriptProtect: Mitigating Unsafe Third-Party Jav... 1:45pm - 2:30pm
Five key trends in application security 2:35pm - 3:20pm
How I Could Have Stolen Your Photos From Google 4:05pm - 4:50pm
SAMM 10:15am - 11:00am
SecurityRat 11:05am - 11:50am
Web Goat 11:55am - 12:40pm
I've got a working title: The Woman Who Squashed... 9:00am - 9:45am
An Infosec Timeline - Noteworthy Events from 197... 5:00pm - 5:45pm
Members Lounge 10:00am - 3:00pm