OWASP Global AppSec EU 2026 Vienna

1-Day Training: June 24, 2026
Level: Intermediate
Trainer: Tanya Janca

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

APIs are the backbone of modern applications—but they also introduce unique security risks. In this hands-on training, participants will deep-dive into API security threats using a "Bad, Better, Best" approach.

• Review real-world insecure APIs and step through progressive security improvements
• Work hands-on with OWASP DevSlop Pixi intentionally vulnerable API, 42Crunch IDE Plugin, and Semgrep to find, fix, and prevent API vulnerabilities
• Master the OWASP API Security Top Ten through guided code reviews and hands-on exercises
• Learn best practices for API security hardening, authentication, and monitoring

By the end of this session, participants will have the skills and tools to secure APIs with confidence using industry best practices.

1-Day Training: June 24, 2026
Level: Intermediate
Trainer:Juliane Reimann & Marisa Fagan

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Do you feel a disconnect between your cybersecurity efforts and engineering activities? If so, a Security Champions Program could bridge the gap. By involving engineers in security topics that align with their work, a Security Champions program not only enhances security awareness but also fosters a culture of security across your organization. However, creating such a program requires careful planning, innovative strategies, and a solid understanding of what drives individuals to champion security initiatives.

This training will equip you with practical tools and actionable insights to design and launch a successful Security Champions Program. You’ll explore key concepts, including how to:
- Develop a foundational understanding of what a Security Champions Programs is
- Plan and navigate the phases of program development, from launch to long-term growth.
- Learn about strategies to engage and motivate diverse personality types within the organization
- Acquire practical tools and a structured approach to establish a scalable and trackable Security Champions Program

Whether you’re a security engineer, architect, or manager, this training will provide you with the tools and frameworks to collaborate effectively with your engineering teams and establish a thriving Security Champions Program.

The session is highly interactive, featuring hands-on exercises and team-based activities to encourage collaboration and networking with fellow professionals. Join us to gain the confidence and strategies you need to kickstart your journey toward a more secure organization.

1-Day Training: June 24, 2026
Level: Intermediate
Trainer: Rob van der Veer

You may attend this training course either in person or virtually

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

The record-breaking Master AI security training is back!

This training broke the OWASP record online and on-site.

Your trainer is Rob van der Veer, Chief AI Officer at Software Improvement Group, with 33 years of AI experience, founder of the OWASP AI Exchange, co-editor for the AI Act security standard, member of the ISO/IEC 27090 for AI security, co-founder of OpenCRE, and main author of ISO 5338 on AI engineering.

Master AI security is a unique opportunity to become proficient in the intricate and rapidly evolving field of AI security.

The disruption by AI presents a significant challenge, regardless of whether you are a security professional, a developer, AI engineer, or a red teamer. What are your responsibilities? What constitutes the new AI attack surface, and what threats emerge from it? What measures can you take to mitigate these emerging risks?

This one-day intensive training program will equip you with the knowledge to tackle these AI-related challenges effectively, enabling you to apply what you learn immediately. Starting with a pragmatic overview of AI, the course then delivers an exhaustive exploration of the distinctive vulnerabilities AI introduces, the possible attack vectors, and the most current strategies to counteract threats like prompt injection, data poisoning, model theft, evasion, and more. Through practical exercises, you will gain hands-on experience in enacting strong security measures, attacking AI systems, conducting threat modelling on AI, and targeted vulnerability assessments for AI applications.

By day's end, you will possess a thorough comprehension of the core principles and techniques critical to strengthening AI systems. You will have gained practical insights and the confidence to implement cutting-edge AI security measures.

A key resource that is used in the training is the OWASP AI Exchange - the flagship project located at owaspai.org - which forms the foundation of ISO standard 27090 and the security standard of the AI Act.

The training is designed for all levels of attendees. as the material is new from the cutting edge of research and standardization. No in-depth security or AI knowledge is required, although some experience with either AI or security is helpful.

Attendees will be provided with handout slides and afterwards they can retrieve the unique Master AI security certificate.

• Stephan Cohen – BNP Paribas: “This training has significantly enhanced my understanding of both the challenges and controls in securing AI. Looking forward to applying these insights in my work. Thank you Rob for this course.”
• Ramesh Krishnasaga - British Petroleum:  “The training was enlightening. This experience went beyond just training—it provided a strategic roadmap for securing AI applications in practical scenarios."
• Jedidiah Y - S&P global: “A timely and essential training. The session was truly eye-opening! As a data scientist, I’ve always focused on building and optimizing models—accuracy, performance, and deployment. But this training completely shifted my perspective on the importance of security in AI systems."

1-Day Training: June 24, 2026
Level: Intermediate
Trainer: Marco Morana

**Threat Modeling book (85 euro value) free to the first 10 registrants**

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

As organizations deploy LLMs, chatbots, RAG pipelines, and autonomous AI agents, new attack surfaces emerge that traditional application threat modeling cannot fully capture. This one-day course provides a practical, hands-on introduction to threat modeling AI applications, grounded in the OWASP AI Testing Guide, OWASP AI Exchange, NIST AI RMF, and Secure AI Framework (SAIF).

Participants learn how AI reshapes attack surfaces at the data, model, pipeline, and API layers, and how adversarial risks such as prompt injection, model theft, data poisoning, membership inference, and supply-chain compromise can be identified early and validated before deployment.

Through structured modeling exercises, ATLAS Navigator demos, AI SBOM analysis, attack-flow mapping, and secure-by-design patterns, learners translate AI threat models into actionable test cases aligned to OWASP AITG Test IDs and MITRE ATLAS. The course concludes with an end-to-end capstone where participants model and test a real-world LLM or RAG pipeline.

By the end of the workshop, participants will be able to identify, model, test, and validate AI-specific threats, embed AI testing into DevSecOps workflows, and operationalize AI threat modeling as a repeatable, testable practice for QA, security, and incident response.