OWASP Global AppSec: diving into leading application security technologies

Innovation in application security is no longer viewed as a trend, but as a necessity - one which companies can't overlook. To better understand leading application security technologies, experts in security, DevOps and cloud gathered at the OWASP Global AppSec conference in Tel Aviv, in May 2019. Among the attendees was Marc Walzer, Sherpany's Security and Data Protection Officer. Read the short interview to know which were the main security-related topics discussed, and why were they relevant to today's cyber security industry.

Sherpany: What was the OWASP Global AppSec conference about?

Marc: Founded in 2001, the Open Web Application Security Project (OWASP) is today one of the biggest and most influential foundations in the information security industry. It's known for its flagship project, the "OWASP Top Ten" that outlines the ten most critical web application security risks. The foundation also organises the Global AppSec conferences with speakers, sponsors and participants attending from all over the world. This edition of the OWASP Global AppSec conference in Tel Aviv had as the main theme the "Community of Innovation", which was a good fit with the cutting-edge cyber security industry of Israel.

Sherpany: Which were the main security-related topics discussed? 

Marc: Except for the keynote speeches, there were six tracks at the event: Breaker, Builder, DevOps, Layer 8, Risk Management and Innovation. The most difficult part was having to decide which sessions to attend since there were three sessions running in parallel at all times. In the end, I opted for a balanced mix between web- and mobile-security, as well as DevSecOps sessions, which are relevant for Sherpany. 

One of the sessions that caught my attention was "What do you mean threat model EVERY story?" by Izar Tarandach, lead product security architect at Autodesk. Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated and prioritised, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. With evaluations based on user stories, Mr. Tarandach proposed an interesting approach to integrate it in an agile development process. In my view, this is an elegant way of pushing security left within the short release cycles of the agile development world.

Sherpany: What was the highlight of the conference?

Marc: Meeting new people from various organisations across different industries and discussing common challenges. In the end, these networking moments resulted in different perspectives on similar problems, which led to sharing and exchanging valuable insights.

Sherpany: Why is it important for Sherpany to keep up with leading application security technologies?

Marc: Our customers entrust us with sensitive data. Thus, security is one of our core competencies. To maintain our leverage and competence in providing high levels of security, we need to keep ourselves up-to-date to make informed decisions and challenge our capabilities to do better. In addition, it is very important to exchange know-how with your peers. 

In general, as a professional, I think it's important to regularly exchange know-how with your peers. I enjoy learning new things from industry leaders and getting to know people who have to overcome the same or similar challenges. In the security awareness trainings I manage at Sherpany, I advocate that being vigilant, working together and communicating well enables us to be effective in defending ourselves against various categories of attacks. I truly believe that, and I also see great value in collaborations over organisational borders. Why not learn from the mistakes and experiences of others?

Insights and Resources


Insights and Resources

We provide resources to help Leaders and Administrators to achieve more through their meetings, including: expert interviews, articles, white papers, guides, and case studies.

Our content focusses on the themes of:

  • Meeting Management
  • Digital Transformation
  • Agile Leadership

Try Sherpany

We are glad to provide you with a personalised demonstration of Sherpany at a suitable time and location. Simply fill in the form and we will get in touch with you shortly.

Contact us

If you would like to talk to us about our solution or have specific requests, contact us and we will get in touch with you shortly.

Request pricing

Fill in the form and you will be contacted as soon as possible.

Subscribe Newsletter