3:00am • Opening Remarks
3:10am • AppSec is too hard!?
4:00am • OWASP Top 10 Privacy Risks 2021
4:00am • Blockchain-based Security Framework for Cyber Physical Systems (BSF-CPS)
4:00am • How Security, Development & Testing can work together to stop the same recurring vulnerabilities appearing in the OWASP Top 10
4:00am • OWASP Mobile Security Testing Guide Flagship Project
4:30am • Automatic Vulnerability Remediation: The Trusted and Secure Road to Developer Happiness
4:30am • Introducing graph theory to Policy-As-Code
4:30am • Your company, as a Knowledge Graph - the foundation of cybersecurity’s future
4:30am • OWASP ZAP Flagship Project
5:00am • Achieving the Web Isolation Nirvana - How far along are we?
5:00am • Connecting the Dots: How Threat Intelligence Protects the Applications
5:00am • Effective Usage Analysis: The Shortest Path Between a Developer and Accelerated Product Releases
5:00am • OWASP Juice Shop Flagship Project
5:30am • Attacking the microservice systems: methods and practical tips
5:30am • Objects In The Rear View Mirror Are Closer Than They Appear
5:30am • OWASP Application Gateway: What is it and how can you use it to secure your webapp?
5:30am • OWASP Software Assurance Maturity Model (SAMM) Flagship Project
6:00am • It's Not Your Developers' Fault
6:00am • Stop the looters: a method to detect digital skimming attacks
6:00am • Top 10 Challenges for DevSecOps
6:00am • OWASP Security Knowledge Framework Flagship Project
6:30am • OWASP Nettacker Project Presentation
6:30am • OWASP API Security Top 10 - A Beginner's Guide to Mitigation
6:30am • Feedback loop in DevSecOps - mature security process and dev cooperation
6:30am • OWASP Web Security Testing Guide Flagship Project
7:00am • OWASP Security Shepherd Flagship Project
7:00am • Scaling AppSec through Education
7:30am • Break
8:00am • Our Secure Future
9:00am • Code-Origin Policy: Towards a Formal User Privacy Protection for the Web
9:00am • OWASP OWTF Flagship Project
9:00am • React Native Security. Addressing typical mistakes
9:30am • Good Bot, Bad Bot: Characterizing Automated Browsing Activity
9:30am • Preventing an OWASP Top 10 in the world of AI
9:30am • Five philosophies to building better application logs
9:30am • OWASP Cloud-Native Application Security Top 10 Flagship Project
10:00am • Over 20 Years of SQL Injection Attacks in the Wild - Time to Refine and Optimize Web Attack Detection by Using Data Mining Techniques
10:00am • Agile Threat Modeling with Open-Source Tools
10:00am • OWASP ModSecurity Core Rule Set Flagship Project
10:00am • Rough Consensus - An OWASP Story
10:30am • Your code might be secure, but what about your pipeline? Challenges of securing build/deployment environment.
10:30am • OWASP ESAPI – A Retrospective: The Good, the Bad, & the Ugly
10:30am • What Shall We Do With a Vendor SBOM?
10:30am • OWASP Top 10 Flagship Project "Intro of Top 10"
11:00am • Break
11:30am • AppSec: from Outsiders to Allies
12:30pm • Common NGINX Misconfigurations That Leave Your Web Server Open To Attack
12:30pm • Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security
12:30pm • OWASP CSRFGuard Flagship Project
12:30pm • The future of Dev[Sec]Ops transformation
1:00pm • AppSec Timeline: Wins, Failures, Promises, and Predictions
1:00pm • Everything You Always Wanted to Know About Fingerprinting Browser Extensions, But Were Afraid to Ask
1:00pm • Unlocking Mobile App Security Secrets
1:00pm • OWASP Application Security Verification Standard (ASVS) Flagship Project
1:30pm • How To Review Code For Vulnerabilities
1:30pm • Common Application Security Mistakes that Enable Automated Attacks
1:30pm • Looking at 4 years of web honeypot attacks: tactics, techniques and trends
1:30pm • OWASP DefectDojo Flagship Project
2:00pm • Bot or human? Detecting malicious bots with machine learning in 2021
2:00pm • Kubernetes Security: Attacking and Defending K8s Clusters
2:00pm • OWASP Cheat Sheet Series Flagship Project
2:00pm • Fight Club | Grow your OWASP Chapter
2:30pm • Automated Finding Correlation where do SAST, DAST and IAST overlap
2:30pm • Automate Security, Don't Tell Your Boss
2:30pm • The future is simple - introducing the CRE
2:30pm • OWASP Amass Flagship Project
3:00pm • Break
3:30pm • 20:20 - The History and Future of OWASP
4:30pm • OWASP Dependency Track Flagship Project
4:30pm • Decoded: Leverage Cybersecurity as a Business Enabler
4:30pm • Creating an IoT-connected Mobile App Compliance Program Leveraging OWASP MASVS
4:30pm • Security Chaos Engineering - Turning the Tide in the War on Uncertainty in Cyber Security
5:00pm • Achieving Security by Shifting Left in Agile
5:00pm • Developers Struggle with Application Security (and How to Make It Better)
5:00pm • OWASP Top 10 Flagship Project "The making of the OWASP Top 10 and beyond"
5:30pm • These are the Vulns You are Looking For: AppSec Champions & Jedi Mind Tricks
5:30pm • OWASP Dependency-Check Flagship Project
6:00pm • Running a local Chapter
6:00pm • OWASP CycloneDX Flagship Project
6:30pm • All your Ether belong to us (a.k.a Hacking Ethereum-based DApps)
7:00pm • Break
7:30pm • Who Deserves Cybersecurity? Expanding Our Circle of Care
8:30pm • Using binary search algorithms for blind sql injection
8:30pm • Live Q&A Session
8:30pm • Security As Code - The New Model Of Achieving Security At Scale
9:00pm • DevSecOps in 2031: How robots and humans will secure apps together
9:00pm • Redefining Threat Modeling: Security team goes on vacation
9:00pm • Hack Your APIs in 15 Minutes or Less
9:30pm • Back to Basics: Looking for subtle bugs in beginner programming constructs
9:30pm • Security Metrics: Protecting Our Digital Assets of the Future
10:00pm • Purple Teaming with OWASP PurpleTeam
10:00pm • An Attackers View on APAC's 2021 Three Major Breaches
10:30pm • Birds & Buttons - Cyber Risk Success Criteria for Board & Executives
10:30pm • Costly mistakes in serverless computing
11:00pm • AWS (mis)configuration from an attacker’s-eye view
11:30pm • vAPI : Vulnerable Adversely Programmed Interface (OWASP API Top 10)
