OWASP Global AppSec: diving into leading application security technologies

Innovation in application security is no longer viewed as a trend, but as a necessity - one which companies can't overlook. To better understand leading application security technologies, experts in security, DevOps and cloud gathered at the OWASP Global AppSec conference in Tel Aviv, in May 2019. Among the attendees was Marc Walzer, Sherpany's Security and Data Protection Officer. Read the short interview to know which were the main security-related topics discussed, and why were they relevant to today's cyber security industry.

Sherpany: What was the OWASP Global AppSec conference about?

Marc: Founded in 2001, the Open Web Application Security Project (OWASP) is today one of the biggest and most influential foundations in the information security industry. It's known for its flagship project, the "OWASP Top Ten" that outlines the ten most critical web application security risks. The foundation also organises the Global AppSec conferences with speakers, sponsors and participants attending from all over the world. This edition of the OWASP Global AppSec conference in Tel Aviv had as the main theme the "Community of Innovation", which was a good fit with the cutting-edge cyber security industry of Israel.

Sherpany: Which were the main security-related topics discussed? 

Marc: Except for the keynote speeches, there were six tracks at the event: Breaker, Builder, DevOps, Layer 8, Risk Management and Innovation. The most difficult part was having to decide which sessions to attend since there were three sessions running in parallel at all times. In the end, I opted for a balanced mix between web- and mobile-security, as well as DevSecOps sessions, which are relevant for Sherpany. 

One of the sessions that caught my attention was "What do you mean threat model EVERY story?" by Izar Tarandach, lead product security architect at Autodesk. Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated and prioritised, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. With evaluations based on user stories, Mr. Tarandach proposed an interesting approach to integrate it in an agile development process. In my view, this is an elegant way of pushing security left within the short release cycles of the agile development world.

Sherpany: What was the highlight of the conference?

Marc: Meeting new people from various organisations across different industries and discussing common challenges. In the end, these networking moments resulted in different perspectives on similar problems, which led to sharing and exchanging valuable insights.

Sherpany: Why is it important for Sherpany to keep up with leading application security technologies?

Marc: Our customers entrust us with sensitive data. Thus, security is one of our core competencies. To maintain our leverage and competence in providing high levels of security, we need to keep ourselves up-to-date to make informed decisions and challenge our capabilities to do better. In addition, it is very important to exchange know-how with your peers. 

In general, as a professional, I think it's important to regularly exchange know-how with your peers. I enjoy learning new things from industry leaders and getting to know people who have to overcome the same or similar challenges. In the security awareness trainings I manage at Sherpany, I advocate that being vigilant, working together and communicating well enables us to be effective in defending ourselves against various categories of attacks. I truly believe that, and I also see great value in collaborations over organisational borders. Why not learn from the mistakes and experiences of others?

Einblicke und Ressourcen


Einblicke und Ressourcen

Unsere Inhalte unterstützen Führungskräfte dabei, ihre Meetings zum Erfolg zu machen und ihre Unternehmensziele zu erreichen. Dazu gehören: Experteninterviews, Artikel, White Papers, Leitfäden und Fallstudien.

Unsere Inhalte legen einen Fokus auf folgende Themen:

  • Meeting Management
  • Digitale Transformation
  • Agile Führung

Testen Sie Sherpany

Gerne würden wir mit Ihnen einen passenden Termin und den Ort einer ganz auf Sie zugeschnittenen Demonstration von Sherpany vereinbaren. Füllen Sie einfach dieses Formular aus und wir setzen uns umgehend mit Ihnen in Verbindung.

Kontaktieren Sie uns

Wenn Sie mit uns über unsere Lösung sprechen möchten oder spezielle Wünsche haben, kontaktieren Sie uns und wir werden uns in Kürze mit Ihnen in Verbindung setzen.


Füllen Sie das folgende Formular aus und Sie werden so schnell wie möglich kontaktiert.

Newsletter abonnieren