Jump to navigation Jump to content

Speaker

Johan Sydseter

Johan Sydseter

Admincontrol AS, Application Security Engineer

Actions

Johan Sydseter is one of the co-leaders of OWASP Cornucopia and the co-creator of the OWASP Cornucopia Mobile App Edition, he is an application security engineer, developer, architect and DevOps practitioner. He has 15 years of experience building and designing backend and frontend solutions. He is also a regular contributor to Cornucopia. He has held several presentations on application security at various international conferences in the past and currently works as an application security engineer at Admincontrol AS a Euronext subsidiary.

Links

Sessions

Application security for agile teams

Admincontrol takes part in the Visma Application Security Program (VASP) which is a custom-made application security program based on leading standards and best practices.

While custom-made by Visma for Visma, the VASP is, by virtue of being an application security program, in many ways comparable to maturity models like OWASP SAMM in the way that it covers the organizational aspects for improving the security posture of our organization. It provides the governance, maturity benchmarking and continuous improvement practices needed to effectively improve our security practices.

OWASP ASVS and MASVS is used to provide a baseline for benchmarking the application security and for defining our application security requirements required to design, implement and test a secure design and conduct threat modelling before coding starts.

During our threat modelling session, we use OWASP Cornucopia, a threat modelling game, in order to identify these requirements.

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in agile development processes. It is language, platform, and technology agnostic. Admincontrol is using OWASP cornucopia to scale their security efforts and empower their teams to do agile application security work using gamification as a motivational factor.

Together with OWASP Threat Dragon, The OWASP Developer Guide and the OWASP MAS project, we are working on improving guidance on agile application security and scale threat modeling and application security efforts across the world.

We are doing this to ensure the successful implementation of agile security practices for web- and mobile applications for teams that uses Scrum, Lean or other agile methodologies. We believe the best way to scale application security efforts and empower development teams to take ownership for application security and improve application security posture is to gamify the security requirement- and threat modelling processes. Let the development team come up with the requirements themselves and support them in the planning, design and implementation of application security. Cornucopia will help development teams come up with those requirements and support them in planning, designing and implementing application security best practices, and if they don’t find the game interesting, why don’t let them create their own game using OWASP Cornucopia.

In this presentation we will talk about how agile application security can help scale your application security effort and the experiences from doing so at Admincontrol.

Workshop: Learn how to use OWASP Cornucopia to empower your teams and scale application security

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional, and formal development processes. It is language, platform, and technology agnostic. Admincontrol is using OWASP cornucopia to scale their security efforts and empower their teams to do application security work using gamification as a motivational factor.

By attending this workshop, you will learn about how to use Cornucopia to improve your mobile application security using the upcoming mobile version of Cornucopia. The attendees can choose from using Mobile Cornucopia or Cornucopia for web. You will be divided into groups and given a case. Together you will play Cornucopia and come up with threat scenarios and security stories that will help you implement the security controls for your application.

How to gamify your mobile application security using OWASP Cornucopia

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional, and formal development processes. It is language, platform, and technology agnostic. Admincontrol is using OWASP cornucopia to scale their security efforts and empower their teams to do application security work using gamification as a motivational factor.

Cornucopia had its 10th anniversary last year, it’s about time we released a new version of Cornucopia with a new Website App Edition updated with the ASVS 4.0 mapping and a Mobile App Edition with the MASVS 2.0 mapping for mobile development. At the same time we are also releasing the online version “Copi” for online and distributed collaboration.

Together with other Cornucopia enthusiasts, we are doing this to ensure the successful implementation of security practices for web- and mobile applications. We believe the best way to scale application security efforts and empower development teams to take ownership for application security and improve application security posture is to gamify the security requirement- and threat modelling processes. Let the development team come up with the requirements themselves and support them in the planning, design and implementation of application security. Cornucopia will help development teams come up with those requirements and support them in planning, designing and implementing application security best practices, and if they don’t find the game interesting, why don’t let them create their own threat modelling game using OWASP Cornucopia.

In this presentation we will talk about how Admincontrol uses Cornucopia to improve their product security using the upcoming mobile version of Cornucopia and what we have learned and gained from using Cornucopia in our development processes.

Johan Sydseter

Admincontrol AS, Application Security Engineer

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top