OWASP 2025 Global AppSec EU

1. Recap of Day 1 + What’s Next?  
- Quick summary of how KubeFIM detects file changes in Kubernetes.
- Why KubeFIM is unique compared to traditional FIM solutions.

2. Advanced Use Cases: Detecting Real-World Threats - Detecting tampered application binaries & unauthorized config changes.
- Show how KubeFIM detects & alerts security teams in real time.

3. Integrating KubeFIM into Security Workflows - How to forward alerts to SIEM tools (Splunk, ELK Stack, OpenSearch)
  - Using KubeFIM with SOAR platforms (automating threat response).
- Best practices for using KubeFIM in production Kubernetes clusters.

4. Roadmap & Future Improvements - What’s next for KubeFIM?

5. Closing Remarks & Q&A

Join OWASP project leader Sebastien for an engaging and interactive introduction and update on the OWASP Software Assurance Maturity Model (SAMM). We will cover SAMM's purpose and application in jumpstarting and accelerating your software assurance roadmap.

This session will provide valuable insights and practical knowledge on leveraging SAMM as secure development framework:

Tools and Assessment Guidance: Discover the range of SAMM tools available to support your software assurance efforts. We will explain the latest assessment guidance, providing you with the knowledge to utilize these tools to their fullest potential.

Mapping to Other Frameworks: Learn how SAMM maps to other frameworks, such as the NIST Secure Software Development Framework (SSDF) and OpenCRE. This will enable you to leverage SAMM for demonstrating compliance and enhancing your software security posture for any compliance requirement.

Benchmark yourself against peers: The OWASP SAMM Benchmark enables organizations to anonymously compare their software security practices against industry peers, providing insights to identify improvement areas, prioritize security efforts, and track progress over time.

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

Tired of the slow, manual grind of ASVS assessments? This live demo introduces the OWASP ASVS Security Evaluation Templates—an open-source toolkit built on Nuclei to streamline and scale your web application security testing.

Designed for security practitioners, this session walks through real-world use cases, showing how to plug these templates into your existing workflows for faster, more accurate ASVS evaluations. We’ll cover customization, integration, and key considerations for operationalizing the templates—plus, how you can contribute back to the project.

Whether you’re looking to boost testing efficiency or reduce human error, this session gives you the tools to level up your appsec approach in a fraction of the time.

Join us for an engaging session where we'll demonstrate OWASP Cumulus, a card game tailored for threat modeling the Ops of DevOps. Dive into a cloud scenario with us and uncover potential threats while having fun.

Let's play and explore the intricacies of DevOps security together!

In this 100% slide-free demo session you will embark on a journey through the popular OWASP Juice Shop vulnerable web application!

You will experience firsthand how easy it is to set up, get started, and solve your first hacking & coding challenges. In a quick mob-hacking session, you will gain your first points on Juice Shop's extensive score board!

The demo also includes a glimpse into Juice Shop's CTF tool and its multi-user hosting environment MultiJuicer! You will witness how fast a CTF event can be launched with OWASP Juice Shop, how great documentation really makes a difference, and even how to make
the application look like an in-house app of your own company.

Due to the nature of this small group demo session, you are welcome to ask questions during and between the different topics - ad libitum! There is time for clarification and dipping into special topics.

If time permits, this session can also cover interesting behind-the-scenes topics, such as cheat detection, start-up validations, webhook integrations, and a pro-level Grafana dashboard for observability!

Even if you know and have used OWASP Juice Shop yourself already,
there's no chance you've already seen everything that will be covered in this session!