Loading…
← Back to schedule
Evil User Stories Modeling: Ensuring your User Stories in agile playing OWASP Cornucopia
Thursday June 25, 2026 2:15pm - 2:45pm CEST
Room -2.82 (Level 2)
In this session, I´ll show you how to sreamline the identification of security requirements associated with user stories in agile methodologies Using OWASP Cornucopia. Here you´ll se how to integrate User Stories with Cornucopia Cards and with ASVS as an security requirements and the defects that may arise if the security requirements are not properly considered or implemented. At the beginning ,we will explore two concepts I used to create this different way of playing OWASP Cornucopia and scaling it in agility, complementing the architecture-based threat model: Evil User Stories Modeling and Secure Scrum. All of this to apply the principle Security Just in Time for design a single product backlog that integrates security functionalities and controls into user stories avoiding the creation of a cybersecurity parallel backlog.
Speakers
avatar for Grant Ongers

Grant Ongers

Security- Advisor | Ambassador | Architect, esynergy
With 10+ years in Dev, 20 in Ops, and 30 in Sec, Grant Ongers (rewtd) is the Head of esynergy’s Security Practice; a Principal Security Architect at the Department for Science, Innovation and Technology and a former OWASP® Foundation Global Board member. A firm believer that security... Read More →
avatar for Max Alejandro Gomez Sanchez Vergaray

Max Alejandro Gomez Sanchez Vergaray

Application Security Program Leader, AppSec & DevSecOps Consultant | Risk-driven Security for real-world products | S-SDLC, DevSecOps, Secure Design & Threat Modeling Trainer
I designed and led the application security program during the digital transformation process of one of the largest banks in Latin America, training more than 3,000 people in secure software development, specially in Secure Design using OWASP Cornucopia, another tools for threat modeling... Read More →
Thursday June 25, 2026 2:15pm - 2:45pm CEST
Room -2.82 (Level 2)
  Project Showcase (Lightning Talks)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link