OWASP Global AppSec EU 2026 Vienna

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

1-Day Training: Tuesday, June 23
Trainer: Aram Hovsepyan
Level: All

Please note that this 1-day training course takes place on TUESDAY, not Wednesday like our other 1-day training courses. 

Application security has become synonymous with a vulnerability management program driven primarily by tools. This view is flawed. As many teams and organizations have already found out, tools often end up creating more problems than solutions. Any decent application security program starts with people knowing their roles and responsibilities. The team is then given friction-free processes to work with. Tools are brought in to streamline those processes and provide additional guardrails.

This is precisely what OWASP's Software Assurance Maturity Model (SAMM) provides as a high-level solution to build exactly this kind of program. This interactive training will give you a deep understanding of OWASP SAMM and show you how to apply it in real world scenarios. Through expert led sessions and hands-on exercises, you will learn how to embed security into every phase of the software development lifecycle. You will also gain a clear view of how SAMM naturally prepares you for upcoming regulations such as the EU Cyber Resilience Act. Finally, we will also cover some aspects of how using LLMs for writing code fits in the context of SAMM.

Participants will leave the training with:
- A comprehensive understanding of OWASP SAMM and its application in real-world organizations and teams.
- Experience performing OWASP SAMM assessments, setting improvement targets, and prioritizing those improvements.
- Insights into scoring and benchmarking to demonstrate progress and align efforts with organizational objectives.
- A practical understanding of how OWASP SAMM aligns with the expectations of the EU Cyber Resilience Act
- An interactive learning experience through hands-on exercises.
- What are the implications of using AI for writing code in the context of SAMM.

2-Day Training: June 23-24, 2026
Level: Intermediate
Trainer: Adam Shostack

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start with a guided threat modeling exercise, and we'll then iterate and break down the skills they're learning in more depth. We'll progressing through the Four Questions of Threat Modeling: what are we working on, what can go wrong, what are we going to do about it and did we do a good job. This is capped off with an end-to-end exercise that brings the skills together.

2-Day Training: June 23-24, 2026
Level: Intermediate
Trainer:Abhinav Singh

You may attend this training course either in person or virutally

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Can prompt injections lead to complete infrastructure takeovers? Could AI agents be exploited to compromise backend services? Can jailbreaks create false crisis alerts in security systems? In multi-agent systems, what if an attacker takes over an agent’s goals, turning other agents into coordinated threats? This immersive, CTF-styled training in AI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications & agentic systems to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline, mastering AI red and blue team strategies, building resilient defenses for AI apps & agents, and handling incident response for AI-based threats. Additionally, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services, fortifying your organization’s AI security foundation.

By the end of this training, you will be able to:

- Exploit vulnerabilities in AI applications to achieve code and command execution, uncovering scenarios such as instruction injection, agent control bypass, remote code execution for infrastructure takeover as well as chaining multiple agents for goal hijacking.
- Conduct AI red-teaming using adversary simulation, OWASP LLM Top 10, and MITRE ATLAS frameworks, while applying AI security and ethical principles in real-world scenarios.
- Execute and defend against adversarial attacks, including prompt injection, data poisoning, jailbreaks and agentic attacks.
- Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks, implementing a 3-way autonomous system consisting of attack, defend and judge models.
- Develop LLM security scanners to detect and protect against injections, jailbreaks, manipulations, and risky behaviors, as well as defending LLMs with LLMs.
- Build and deploy enterprise-grade LLM defenses, including custom guardrails for input/output protection, security benchmarking, and penetration testing of LLM agents.
- Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks and create a robust threat model for enterprise applications.
- Implement an incident response and risk management plan for enterprises developing or using GenAI services.

2-Day Training: June 23-24, 2026
Level: Intermediate
Trainer:Josh Grossman

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

To learn more about this training, please visit the link here. 

Suddenly anyone and everyone in your organization can use AI assistants to write code. Meanwhile, your actual developers are putting out 100x their previous output , with “varying” levels of quality. So how are you going to secure code at this scale?

This course is designed to be a deep dive into state-of-the-art techniques for validating code security within an organization’s codebase. The course has a strong emphasis on how AI-driven analysis can drive this forward whilst also clearly highlighting where standard, deterministic techniques (albeit incorporating AI acceleration) will be more effective.

During the course, you will learn how to combine these techniques, in a scalable and repeatable way, based on our experience doing just this with real organizations and real teams and with a focus on the current state of the art in this fast-moving area.

This course goes beyond the scope of standard application security knowledge and is designed to make you a specialist in this area. Having spent several years perfecting this process, we are excited to impart the lessons we have learnt!

The course is structured as follows:

* Overview – setting out the basic details of what we will be talking about in terms of code scanning and SAST.
* Key techniques – Discuss the different techniques which can be used for this including generic “off the shelf” SAST, deterministic custom scanning rules, and LLM powered custom AI prompts
* Technique comparison - Advantages and disadvantages of each technique based on our in-depth experience with each and which technique you will want to use in different situations, to avoid wasting time trying to use a technique in an inappropriate use case.
* Organizational process – How to get these processes built into an organization’s existing software lifecycle
* Generic SAST – Using “off the shelf” rules effectively to catch “low hanging fruit” and avoid reinventing the wheel.
* Custom SAST – Introduce custom rule languages (e.g., Semgrep, CodeQL), writing rules from scratch, and scaling analysis across a codebase.
* Basic AI Code Security Scanning – Overview of AI-based scanning, platforms, principles, and initial single-shot prompts.
* Complex AI Code Security Scanning – AI-driven techniques for code security, including using AI to review and triage findings and creating multi-stage rules that combine deterministic rules

2-Day Training: June 23-24, 2026
Level: Intermediate
Trainer:Sven Schleier

You may attend this training course in person or virtually.

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

This two-day, hands-on course is designed to teach penetration testers, developers, and engineers how to analyse Android and iOS applications for security vulnerabilities. The course covers the different phases of testing, including dynamic testing, static analysis, reverse engineering, and software composition analysis (SCA). We will also explore how you can use the Model Context Protocol (MCP) to automate some of these workflows and leverage its strengths.

The course is based on the OWASP Mobile Application Security Testing Guide (MASTG) and taught by one of the project co-leaders. This comprehensive, open-source mobile security testing book covers both iOS and Android, providing a methodology and detailed technical test cases to ensure completeness and utilizes the latest attack techniques against mobile applications. This course provides hands-on experience with open-source tools and advanced methodologies, guiding you through real-world scenarios.

Detailed outline

On the first day, we will start with an introduction to the OWASP MASVS and MASTG projects, including the latest updates. Then, we will dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device; instead, each student will be provided with a cloud-based, virtualised Android device from Corellium.

Topics include:

- Intercepting network traffic of an Android App in various scenarios, including intercepting traffic that is not HTTP.
- Scanning for secrets in an APK.
- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.
- Static Scanning of decompiled Kotlin source code by using MCP workflows with semgrep and radare2, identifying vulnerabilities and eliminating false positives.
- Frida crash course to get started with dynamic instrumentation on Android apps by using MCP workflows.
- Use dynamic instrumentation with Frida to bypass client-side security controls such as root detection mechanisms.
- We will close day 1 with a Capture the Flag (CTF) by attacking several apps, including a real world app and overcome it's protection mechanisms.

Day 2 focuses on iOS. We will begin the day by exploring the OWASP MASWE and creating an iOS test environment using Corellium and dive into several topics, including:

- Introduction into iOS Security fundamentals
- Intercepting network traffic of an iOS App in various scenarios, including intercepting traffic from apps written in mobile app frameworks such as Google's Flutter.
- How to retrieve an IPA, execute static scanning of an IPA and identifying vulnerabilities and eliminating false positives.
- Software Composition Analysis (SCA) for iOS by using SBOM's and scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and planning mitigation strategies.
- Frida crash course to get started with dynamic instrumentation for iOS applications and utilsing MCP workflows.
- Testing methodology with a non-jailbroken (jailed) device by repackaging an IPA with the Frida gadget.
- Analyse the storage of an iOS app and understand the various options on how (files, databases, logs etc.) and where files can be stored.
- Using Frida to bypass runtime instrumentation of iOS applications, like anti-Jailbreaking Mechanisms.

We'll wrap up the final day with a CTF and participants can win a prize!

Whether you are a beginner who wants to learn mobile app testing from the ground up, or an experienced pentester or developer or engineer who wants to improve your existing skills to perform more advanced attack techniques, this training will help you achieve your goals.

The course consists of many different hands-on labs developed by the instructor or using real world apps that are part of bug bounty platforms.

Upon successfully completing this course, students will have a better understanding of how to test for vulnerabilities in mobile applications, how to recommend appropriate mitigation techniques to developers and how to perform consistent and efficient testing using MCP (Model Context Protocol) workflows.

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

3-Day Training: June 22-24, 2026
Level: Beginner
Trainer: Jim Manico

You may attend this training course in person or virtually

Description: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests, so you can dive deeper into the areas that matter most.

Students will choose from the following material:

Core Modules

• 00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec
• 00-01 Input Validation Basics (1 hr): Allowlist Validation, Safe Redirects
• 00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers, Verbs, Secure Transport Basics
• 00-03 SOP and CORS (1 hr): Same-Origin Policy, Cross-Origin Resource Sharing Security
• 00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries, Secure Database Configurations, Command Injection
• 00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures
• 00-06 File Upload and File I/O Security (1 hr): Secure File Upload, File I/O Security
• 00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices
• 00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security
• 00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging
• 00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks
• 00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling
• 00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form Workflows

API Security

• 01-00 API and REST Security (2 hrs): REST Design, XML, XXE, JSON, API Access Control
• 01-01 Microservice Security (2 hrs): Security Architectures in Microservices
• 01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges
• 01-03 gRPC Security (1 hr): gRPC Security Architecture

Foundations of AI Security

• 02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts, Threats, and Mitigations
• 02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model Applications

AI Secure Development Practices

• 02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation
• 02-11 React Security Prompt Engineering (

3-Day Training: June 22-24, 2026
Level: Introductory and Overview
Trainer: Fabio Cerullo

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Introduction
Modern organisations rely heavily on web applications, and attackers exploit their weaknesses daily.
As AI tools accelerate software development, code is being generated faster than ever before. Yet every line, human-written or AI-generated, still carries risk. This three-day instructor-led course gives participants the knowledge and practical experience to recognise vulnerabilities, understand how exploitation works, and assess potential impact.
Aligned with the latest OWASP Top 10 2025, the course provides an in-depth exploration of each key risk, illustrated through demonstrations and guided labs.
Participants will learn how attackers think, how vulnerabilities are introduced, and how to recognise and validate them, preparing participants to collaborate effectively with developers and security teams in future remediation work.

Format
You will begin by exploring common web application vulnerabilities before gaining access to a purpose-built lab environment containing the very bugs and coding errors discussed in class. This provides an ideal, safe setting to observe and exploit these vulnerabilities using open-source tools and techniques, bridging the gap between theory and real-world practice.
This practical approach builds the confidence and analytical skills needed to identify and assess security risks effectively. Sessions encourage active participation, group discussions, and collaboration, allowing you to share insights and learn from peers across disciplines.

Course Outline
1. Introduction to Web Application Security
2. Technologies Used in Web Applications
3. Tools Used During the Course
4. Critical Areas in Web Applications: OWASP Top 10 2025
5. Broken Access Control (A01:2025)
6. Security Misconfiguration (A02:2025)
7. Software Supply Chain Failures (A03:2025)

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

3-Day Training: June 22-24, 2026
Level: Beginner
Trainer: Sebastien Deleersnyder

Download the complete training outline: AI Whiteboard Hacking Training Details

Testimonial: "After years evaluating security trainings at Black Hat, including Toreon's Whiteboard Hacking sessions, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."
- Daniel Cuthbert, Global Head of Cyber Security Research, Black Hat Review Board Member

In today's rapidly evolving AI landscape, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify, assess, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.

The training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses, expert Q&A sessions, and continuously updated resources.

Led by Sebastien Deleersnyder, co-founder and CTO of Toreon, and Black Hat trainer, this training combines technical expertise with practical insights gained from real-world projects across government, finance, healthcare, and technology sectors.

Quick Overview:
·       Target Audience: AI Engineers, Software Engineers, Solution Architects, Security Professionals
·       Prerequisites: Basic understanding of AI concepts (pre-training materials provided)
·       Certification: AI Threat Modeling Practitioner Certificate
·       Bonus: 1-year AI Threat Modeling Subscription included

Our lineup of the hands-on exercises from the training that let you put AI security concepts into practice:

Day 1: Foundations & Methodology
·       "AI Security Headlines from the Future" - Explore potential security scenarios
·       "Diagramming the AI Assistant Infrastructure" - Map out real AI system components