Loading…
Subject: Gamification clear filter
Thursday, June 25
 

2:15pm CEST

Evil User Stories Modeling: Ensuring your User Stories in agile playing OWASP Cornucopia
Thursday June 25, 2026 2:15pm - 2:45pm CEST
Room -2.82 (Level 2)
In this session, I´ll show you how to sreamline the identification of security requirements associated with user stories in agile methodologies Using OWASP Cornucopia. Here you´ll se how to integrate User Stories with Cornucopia Cards and with ASVS as an security requirements and the defects that may arise if the security requirements are not properly considered or implemented. At the beginning ,we will explore two concepts I used to create this different way of playing OWASP Cornucopia and scaling it in agility, complementing the architecture-based threat model: Evil User Stories Modeling and Secure Scrum. All of this to apply the principle Security Just in Time for design a single product backlog that integrates security functionalities and controls into user stories avoiding the creation of a cybersecurity parallel backlog.
Speakers
avatar for Max Alejandro Gomez Sanchez Vergaray

Max Alejandro Gomez Sanchez Vergaray

Application Security Program Leader, AppSec & DevSecOps Consultant | Risk-driven Security for real-world products | S-SDLC, DevSecOps, Secure Design & Threat Modeling Trainer
I designed and led the application security program during the digital transformation process of one of the largest banks in Latin America, training more than 3,000 people in secure software development, specially in Secure Design using OWASP Cornucopia, another tools for threat modeling... Read More →
Thursday June 25, 2026 2:15pm - 2:45pm CEST
Room -2.82 (Level 2)
  Project Showcase (Lightning Talks)
 
Friday, June 26
 

1:15pm CEST

Let's Play: OWASP Cumulus (Workshop)
Friday June 26, 2026 1:15pm - 3:00pm CEST
Room -2.33 (Level -2)
OWASP Demo Lab - Hands-On Workshop / Small Group Session
Zone 3

In this hands-on session we will demonstrate the threat modeling card game "Cumulus" and show how it can help you start threat modeling your cloud and DevOps processes.

Using a real live example scenario, we will discuss, laugh and increase security. And maybe the winner will even get a prize! :)
Speakers
avatar for Christoph Niehoff

Christoph Niehoff

Senior Consultant, TNG Technology Consulting
In his role as a Senior Consultant at TNG Technology Consulting, Christoph Niehoff develops software products for his clients on a daily basis. As a full-stack developer, he lives and breathes DevOps, overseeing all steps of the development cycle. The security of the products is particularly... Read More →
Friday June 26, 2026 1:15pm - 3:00pm CEST
Room -2.33 (Level -2)
  Project Demo Lab (Hands-on)
 

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Monday, June 22
Tuesday, June 23
Wednesday, June 24
Thursday, June 25
Friday, June 26
Expo Hall X1
Foyer D (Level -2)
Hall D (Level -2)
Hall G1 (Level -2)
Hall G2 (Level -2)
Hall K1 (Level -2)
Hall K2 (Level -2)
Room -2.11 (Level -2)
Room -2.15 (Level -2)
Room -2.33 (Level -2)
Room -2.82 (Level 2)
Room -2.92 (Level -2)
TBA
Terrace G of Austria Center
  • 1-Day Training
  • 2-Day Training
  • 3-Day Training
  • Bonus Track
  • Deployment and Maintenance
  • Implementation
  • Keynote
  • Meals Provided by OWASP
  • Meeting
  • MobileAppSecCon
  • Planning and Design
  • PODS (Hands-on Activities)
  • Process and Culture
  • Project Demo Lab (Hands-on)
  • Project Showcase (Lightning Talks)
  • Project User Day
  • Sponsored Happy Hour
  • Testing
  • Audience
  • Advanced
  • All
  • AppSec Engineers
  • Beginner
  • Developers
  • Intermediate
  • Introductory and Overview
  • Private Meeting
  • Security Champions
  • Students and newcomers in AppSec
  • Subject
  • AI
  • CRA
  • Dependancies
  • DevSecOps
  • Gamification
  • Kubernetes
  • Mobile Security
  • Network Security
  • Pentesting
  • SBOM
  • SSDLC
  • Standards
  • Threat Modeling
  • WAF