Date: 17 May, 2024

Author: Jef meijvis

Tags: OwaspScrum

Cornucopia talk OWASP chapter Belgium

On Thursday May 2nd we were invited to give a talk about Cornucopia at a meetup of the OWASP Chapter Belgium.

The agenda for the evening was as follows:

  • 17h30-18h20: Welcome and refreshments
  • 18h20-18h30: OWASP Update
  • 18h30-19h30: Joris Gorinsek from NIKO: Navigating the Evolving Landscape of Cyber Security Legislation as an IoT Device Manufacturer
  • 19:45-20h45: Ive Verstappen & Jef Meijvis from DotNET lab: OWASP Cornucopia and Scrum: A strategic approach to introduce threat modeling in an Agile development process
  • 21:00: Close

Ive and myself presented our experience and view on integrating Cornucopia in an agile scrum development process.

Observations while playing Cornucopia

Over the last year we hosted quite a few Cornucopia sessions, during which we noted our observations. A few key takeaway points:

Timebox the session

Just as every scrum related meeting, it's really important to timebox the meeting. This can be done by keeping the team that plays the game small enough.

Cut discussions short

Don't let the Cornucopia session turn into a architectural or technical discussion. Only discuss the cards and the threats, and move on to the next card once a threat is identified.

Limit the application scope

When the application being used to play the game becomes too big, it might be useful to limit yourself to a certain set of features instead of the entire application.

For those who would like to know more, the presentation can be downloaded at the bottom of the page.

Some pictures:

Ive presenting at the OWASP Belgium chapter meeting

Image: Ive presenting at the OWASP Belgium chapter meeting

Jef presenting at the OWASP Belgium chapter meeting

Image: Jef presenting at the OWASP Belgium chapter meeting

Playing a session of OWASP Cornucopia

Image: Playing a session of OWASP Cornucopia

After the presentations we had some time to network at the KDG institute in Antwerp. Thanks to the organization of the Belgian OWASP Chapter for the great event!

Presentation

You can download the slidedeck we presented by clicking here.

Opening slide of the powerpoint presentation

Image: Opening slide of the powerpoint presentation

Loading comments 0%

View this post on Github

Provided by dotNET lab

This website is created, hosted and provided by dotNET lab. dotNET lab provides training and guidance on secure software development. Contact us to get in touch!

OWASP Cornucopia

OWASP Cornucopia is originally created by Colin Watson. It is open source and can be downloaded free of charge from the OWASP website. It is is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. OWASP does not endorse or recommend commercial products or services. OWASP Cornucopia is licensed under the Creative Commons Attribution-ShareAlike 3.0 license and is © 2012-2016 OWASP Foundation.

Get the cards

Order online

Print your own

Order your customized version

Mappings

OWASP SCP

OWASP ASVS

OWASP APPSENSOR

CAPEC

SAFECODE

OWASP and the OWASP logo are trademarks of the OWASP Foundation

Last update was Thu, 21 Nov 2024 02:45:30 GMT

Licensing information | Build information

DotNETlab 2024 rss | Sitemap