OWASP 2025 Global AppSec EU

1. Recap of Day 1 + What’s Next?  
- Quick summary of how KubeFIM detects file changes in Kubernetes.
- Why KubeFIM is unique compared to traditional FIM solutions.

2. Advanced Use Cases: Detecting Real-World Threats - Detecting tampered application binaries & unauthorized config changes.
- Show how KubeFIM detects & alerts security teams in real time.

3. Integrating KubeFIM into Security Workflows - How to forward alerts to SIEM tools (Splunk, ELK Stack, OpenSearch)
  - Using KubeFIM with SOAR platforms (automating threat response).
- Best practices for using KubeFIM in production Kubernetes clusters.

4. Roadmap & Future Improvements - What’s next for KubeFIM?

5. Closing Remarks & Q&A

Join OWASP project leader Sebastien for an engaging and interactive introduction and update on the OWASP Software Assurance Maturity Model (SAMM). We will cover SAMM's purpose and application in jumpstarting and accelerating your software assurance roadmap.

This session will provide valuable insights and practical knowledge on leveraging SAMM as secure development framework:

Tools and Assessment Guidance: Discover the range of SAMM tools available to support your software assurance efforts. We will explain the latest assessment guidance, providing you with the knowledge to utilize these tools to their fullest potential.

Mapping to Other Frameworks: Learn how SAMM maps to other frameworks, such as the NIST Secure Software Development Framework (SSDF) and OpenCRE. This will enable you to leverage SAMM for demonstrating compliance and enhancing your software security posture for any compliance requirement.

Benchmark yourself against peers: The OWASP SAMM Benchmark enables organizations to anonymously compare their software security practices against industry peers, providing insights to identify improvement areas, prioritize security efforts, and track progress over time.

Zoom link posted in the #gsoc-mentors channel in Slack

Join us for an engaging session where we'll demonstrate OWASP Cumulus, a card game tailored for threat modeling the Ops of DevOps. Dive into a cloud scenario with us and uncover potential threats while having fun.

Let's play and explore the intricacies of DevOps security together!

In this 100% slide-free demo session you will embark on a journey through the popular OWASP Juice Shop vulnerable web application!

You will experience firsthand how easy it is to set up, get started, and solve your first hacking & coding challenges. In a quick mob-hacking session, you will gain your first points on Juice Shop's extensive score board!

The demo also includes a glimpse into Juice Shop's CTF tool and its multi-user hosting environment MultiJuicer! You will witness how fast a CTF event can be launched with OWASP Juice Shop, how great documentation really makes a difference, and even how to make
the application look like an in-house app of your own company.

Due to the nature of this small group demo session, you are welcome to ask questions during and between the different topics - ad libitum! There is time for clarification and dipping into special topics.

If time permits, this session can also cover interesting behind-the-scenes topics, such as cheat detection, start-up validations, webhook integrations, and a pro-level Grafana dashboard for observability!

Even if you know and have used OWASP Juice Shop yourself already,
there's no chance you've already seen everything that will be covered in this session!