BEGIN:VCALENDAR VERSION:2.0 X-WR-CALNAME:owaspglobalappseceuvienna20 X-WR-CALDESC:Event Calendar METHOD:PUBLISH CALSCALE:GREGORIAN PRODID:-//Sched.com OWASP Global AppSec EU 2026 Vienna//EN X-WR-TIMEZONE:UTC BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T063000Z DTEND:20260622T070000Z SUMMARY:Coffee/tea DESCRIPTION:\n CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Foyer D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:cdbc00b314ed83dfe4a62e7101b08d42 URL:http://owaspglobalappseceuvienna20.sched.com/event/cdbc00b314ed83dfe4a62e7101b08d42 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T070000Z DTEND:20260622T150000Z SUMMARY:3-Day Training: AppSec and AI Security for Developers with Jim Manico (Hybrid) DESCRIPTION:To register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n3-Day Training: June 22-24\, 2026\nLevel: Beginner\nTrainer: \;Jim Manico\n\nYou may attend this training course in person or virtually\nDescription: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class\, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests\, so you can dive deeper into the areas that matter most.Students will choose from the following material:Core Modules00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec00-01 Input Validation Basics (1 hr): Allowlist Validation\, Safe Redirects00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers\, Verbs\, Secure Transport Basics00-03 SOP and CORS (1 hr): Same-Origin Policy\, Cross-Origin Resource Sharing Security00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries\, Secure Database Configurations\, Command Injection00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures00-06 File Upload and File I/O Security (1 hr): Secure File Upload\, File I/O Security00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form WorkflowsAPI Security01-00 API and REST Security (2 hrs): REST Design\, XML\, XXE\, JSON\, API Access Control01-01 Microservice Security (2 hrs): Security Architectures in Microservices01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges01-03 gRPC Security (1 hr): gRPC Security ArchitectureFoundations of AI Security02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts\, Threats\, and Mitigations02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model ApplicationsAI Secure Development Practices02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation02-11 React Security Prompt Engineering ( CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:0c4c67a72939608ec5190e8cf113b4a5 URL:http://owaspglobalappseceuvienna20.sched.com/event/0c4c67a72939608ec5190e8cf113b4a5 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T070000Z DTEND:20260622T150000Z SUMMARY:3-Day Training: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access DESCRIPTION:3-Day Training:June 22-24\, 2026\nLevel: Intermediate\nTrainer: Dawid Czagan\n\n\nTo register\, please purchase your training ticket here. Training and conference are two separate ticket purchases.\n\nModern IT systems are increasingly complex\, making full-stack expertise more essential than ever. That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.\n\nFor each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help you develop your skills step by step. What's more\, when the training is over\, you can take the complete lab environment home to hack again at your own pace.\n\nI found security bugs in many companies including Google\, Yahoo\, Mozilla\, Twitter and in this training I'll share my experience with you.\n\nKey Learning Objectives\nAfter completing this training\, you will have learned about:\n\n- Hacking cloud applications\n- API hacking tips & tricks\n- Data exfiltration techniques\n- OSINT asset discovery tools\n- Tricky user impersonation\n- Bypassing protection mechanisms\n- CLI hacking scripts\n- Interesting XSS attacks\n- Server-side template injection\n- Hacking with Google & GitHub search engines\n- Automated SQL injection detection and exploitation\n- File read & file upload attacks\n- Password cracking in a smart way\n- Hacking Git repos\n- XML attacks\n- NoSQL injection\n- HTTP parameter pollution\n- Web cache deception attack\n- Hacking with wrappers\n- Finding metadata with sensitive information\n- Hijacking NTLM hashes\n- Automated detection of JavaScript libraries with known vulnerabilities\n- Extracting passwords\n- Hacking Electron applications\n- Establishing reverse shell connections\n- RCE attacks\n- XSS polyglot\n- and more …\n\nWhat Students Will Receive\nStudents will be handed in a VMware image with a specially prepared lab environment to play with all attacks\, vulnerabilities and techniques presented in this training. When the training is over\, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.\n\nSpecial Bonus\nThe ticket price includes FREE access to my 6 online courses:\n\n- Fuzzing with Burp Suite Intruder\n- Exploiting Race Conditions with OWASP ZAP\n- Case Studies of Award-Winning XSS Attacks: Part 1\n- Case Studies of Award-Winning XSS Attacks: Part 2\n- How Hackers Find SQL Injections in Minutes with Sqlmap\n- Web Application Security Testing with Google Hacking\n\nWhat Students Say About My Trainings\nReferences are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions – training participants from companies such as Oracle\, Adobe\, ESET\, ING\, Red Hat\, Trend Micro\, Philips\, government sector... \;\nWhat Students Should Know\nTo get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy\, such as Burp Suite Proxy or Zed Attack Proxy (ZAP)\, to analyze or modify the traffic.\n\nWhat Students Should Bring\nStudents will need a laptop with 64-bit operating system\, at least 8 GB RAM\, 35 GB free hard drive space\, administrative access\, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training\, make sure there are no problems with running x86_64 VMs.\n\nAdditional notes\nThis new 3-day training was sold out at top security conferences e.g. DEF CON (Las Vegas)\, Hack In Paris (Paris).\n\nThis is a 100% hands-on training: for each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help students develop their skills step by step.\n CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:be6b304a61f9bb55b13594df96bc78cf URL:http://owaspglobalappseceuvienna20.sched.com/event/be6b304a61f9bb55b13594df96bc78cf END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T070000Z DTEND:20260622T150000Z SUMMARY:3-Day Training: Web Application Security Essentials DESCRIPTION:3-Day Training: June 22-24\, 2026Level: \;Introductory and OverviewTrainer: Fabio Cerullo\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nIntroductionModern organisations rely heavily on web applications\, and attackers exploit their weaknesses daily.As AI tools accelerate software development\, code is being generated faster than ever before. Yet every line\, human-written or AI-generated\, still carries risk. This three-day instructor-led course gives participants the knowledge and practical experience to recognise vulnerabilities\, understand how exploitation works\, and assess potential impact.Aligned with the latest OWASP Top 10 2025\, the course provides an in-depth exploration of each key risk\, illustrated through demonstrations and guided labs.Participants will learn how attackers think\, how vulnerabilities are introduced\, and how to recognise and validate them\, preparing participants to collaborate effectively with developers and security teams in future remediation work.FormatYou will begin by exploring common web application vulnerabilities before gaining access to a purpose-built lab environment containing the very bugs and coding errors discussed in class. This provides an ideal\, safe setting to observe and exploit these vulnerabilities using open-source tools and techniques\, bridging the gap between theory and real-world practice.This practical approach builds the confidence and analytical skills needed to identify and assess security risks effectively. Sessions encourage active participation\, group discussions\, and collaboration\, allowing you to share insights and learn from peers across disciplines.Course Outline1. Introduction to Web Application Security2. Technologies Used in Web Applications3. Tools Used During the Course4. Critical Areas in Web Applications: OWASP Top 10 20255. Broken Access Control (A01:2025)6. Security Misconfiguration (A02:2025)7. Software Supply Chain Failures (A03:2025) CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:85c27e1fa8019bb7aae136a5af7c37e1 URL:http://owaspglobalappseceuvienna20.sched.com/event/85c27e1fa8019bb7aae136a5af7c37e1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T070000Z DTEND:20260622T150000Z SUMMARY:3-Day Training:AI Whiteboard Hacking aka Hands-on Threat Modeling Training DESCRIPTION:To register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.3-Day Training: June 22-24\, 2026Level: \;BeginnerTrainer: Sebastien Deleersnyder\n\nDownload the complete training outline: \;AI Whiteboard Hacking Training Details\n\nTestimonial: "After years evaluating security trainings at Black Hat\, including Toreon's Whiteboard Hacking sessions\, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."- Daniel Cuthbert\, Global Head of Cyber Security Research\, Black Hat Review Board Member\n\nIn today's rapidly evolving AI landscape\, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify\, assess\, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios\, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.\n\nThe training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion\, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses\, expert Q&A sessions\, and continuously updated resources.\n\nLed by Sebastien Deleersnyder\, co-founder and CTO of Toreon\, and Black Hat trainer\, this training combines technical expertise with practical insights gained from real-world projects across government\, finance\, healthcare\, and technology sectors.\n\nQuick Overview:·  \;  \;  \; Target Audience: AI Engineers\, Software Engineers\, Solution Architects\, Security Professionals·  \;  \;  \; Prerequisites: Basic understanding of AI concepts (pre-training materials provided)·  \;  \;  \; Certification: AI Threat Modeling Practitioner Certificate·  \;  \;  \; Bonus: 1-year AI Threat Modeling Subscription included\n\nOur lineup of the hands-on exercises from the training that let you put AI security concepts into practice:\nDay 1: Foundations & Methodology·  \;  \;  \; "AI Security Headlines from the Future" - Explore potential security scenarios·  \;  \;  \; "Diagramming the AI Assistant Infrastructure" - Map out real AI system components CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:016e4d34509d880f2982abf198feb96d URL:http://owaspglobalappseceuvienna20.sched.com/event/016e4d34509d880f2982abf198feb96d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T083000Z DTEND:20260622T090000Z SUMMARY:AM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:efdcd9fb9bf926ff176d57dce2f831f3 URL:http://owaspglobalappseceuvienna20.sched.com/event/efdcd9fb9bf926ff176d57dce2f831f3 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T103000Z DTEND:20260622T113000Z SUMMARY:Lunch DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:986e81a933d8cdcb9d906d4364fbc15f URL:http://owaspglobalappseceuvienna20.sched.com/event/986e81a933d8cdcb9d906d4364fbc15f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260622T130000Z DTEND:20260622T133000Z SUMMARY:PM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:6682eda3de1dadde48047a39479bb133 URL:http://owaspglobalappseceuvienna20.sched.com/event/6682eda3de1dadde48047a39479bb133 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T063000Z DTEND:20260623T070000Z SUMMARY:Coffee/tea DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:59f16b92d93f7a6f1de65f5619c6f49f URL:http://owaspglobalappseceuvienna20.sched.com/event/59f16b92d93f7a6f1de65f5619c6f49f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:1-Day Training: Build your AppSec Program with OWASP SAMM (Tuesday only) DESCRIPTION:To register\, please purchase your training ticket here. Training and conference are two separate ticket purchases.\n\n1-Day Training: Tuesday\, June 23 \nTrainer: Aram Hovsepyan\nLevel: All\n\nPlease note that this 1-day training course takes place on TUESDAY\, not Wednesday like our other 1-day training courses. \;\n\nApplication security has become synonymous with a vulnerability management program driven primarily by tools. This view is flawed. As many teams and organizations have already found out\, tools often end up creating more problems than solutions. Any decent application security program starts with people knowing their roles and responsibilities. The team is then given friction-free processes to work with. Tools are brought in to streamline those processes and provide additional guardrails. \n\n This is precisely what OWASP's Software Assurance Maturity Model (SAMM) provides as a high-level solution to build exactly this kind of program. This interactive training will give you a deep understanding of OWASP SAMM and show you how to apply it in real world scenarios. Through expert led sessions and hands-on exercises\, you will learn how to embed security into every phase of the software development lifecycle. You will also gain a clear view of how SAMM naturally prepares you for upcoming regulations such as the EU Cyber Resilience Act. Finally\, we will also cover some aspects of how using LLMs for writing code fits in the context of SAMM. \n\n Participants will leave the training with: \n- A comprehensive understanding of OWASP SAMM and its application in real-world organizations and teams. \n- Experience performing OWASP SAMM assessments\, setting improvement targets\, and prioritizing those improvements. \n- Insights into scoring and benchmarking to demonstrate progress and align efforts with organizational objectives. \n- A practical understanding of how OWASP SAMM aligns with the expectations of the EU Cyber Resilience Act \n- An interactive learning experience through hands-on exercises. \n- What are the implications of using AI for writing code in the context of SAMM. CATEGORIES:1-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:7dd4b48d12aca1326c3985785a77fc82 URL:http://owaspglobalappseceuvienna20.sched.com/event/7dd4b48d12aca1326c3985785a77fc82 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:2-Day Training: Adam Shostack's Threat Modeling Intensive DESCRIPTION:2-Day Training: June 23-24\, 2026\nLevel: Intermediate\nTrainer: Adam Shostack\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.This hands-on\, interactive class will focus on learning to threat model by executing each of the steps. Students will start with a guided threat modeling exercise\, and we'll then iterate and break down the skills they're learning in more depth. We'll progressing through the Four Questions of Threat Modeling: what are we working on\, what can go wrong\, what are we going to do about it and did we do a good job. This is capped off with an end-to-end exercise that brings the skills together. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:9acb797008160dc7dc5da51f2c6bc469 URL:http://owaspglobalappseceuvienna20.sched.com/event/9acb797008160dc7dc5da51f2c6bc469 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:2-Day Training: AI SecureOps: Attacking & Defending AI Applications and Agents (Hybrid) DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Abhinav Singh\n\nYou may attend this training course either in person or virutally\n\nTo register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n\nCan prompt injections lead to complete infrastructure takeovers? Could AI agents be exploited to compromise backend services? Can jailbreaks create false crisis alerts in security systems? In multi-agent systems\, what if an attacker takes over an agent’s goals\, turning other agents into coordinated threats? This immersive\, CTF-styled training in AI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats\, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications & agentic systems to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline\, mastering AI red and blue team strategies\, building resilient defenses for AI apps & agents\, and handling incident response for AI-based threats. Additionally\, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services\, fortifying your organization’s AI security foundation.\nBy the end of this training\, you will be able to:- Exploit vulnerabilities in AI applications to achieve code and command execution\, uncovering scenarios such as instruction injection\, agent control bypass\, remote code execution for infrastructure takeover as well as chaining multiple agents for goal hijacking.- Conduct AI red-teaming using adversary simulation\, OWASP LLM Top 10\, and MITRE ATLAS frameworks\, while applying AI security and ethical principles in real-world scenarios.- Execute and defend against adversarial attacks\, including prompt injection\, data poisoning\, jailbreaks and agentic attacks.- Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks\, implementing a 3-way autonomous system consisting of attack\, defend and judge models.- Develop LLM security scanners to detect and protect against injections\, jailbreaks\, manipulations\, and risky behaviors\, as well as defending LLMs with LLMs.- Build and deploy enterprise-grade LLM defenses\, including custom guardrails for input/output protection\, security benchmarking\, and penetration testing of LLM agents.- Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks and create a robust threat model for enterprise applications.- Implement an incident response and risk management plan for enterprises developing or using GenAI services. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:70fbdef11fda620367f2dd11292bf46e URL:http://owaspglobalappseceuvienna20.sched.com/event/70fbdef11fda620367f2dd11292bf46e END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:2-Day Training: Repeatable\, Scalable and Valuable Code Security Scanning DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Josh Grossman\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nTo learn more about this training\, please visit the link here. \;\n\nSuddenly anyone and everyone in your organization can use AI assistants to write code. Meanwhile\, your actual developers are putting out 100x their previous output \, with “varying” levels of quality. So how are you going to secure code at this scale?This course is designed to be a deep dive into state-of-the-art techniques for validating code security within an organization’s codebase. The course has a strong emphasis on how AI-driven analysis can drive this forward whilst also clearly highlighting where standard\, deterministic techniques (albeit incorporating AI acceleration) will be more effective.During the course\, you will learn how to combine these techniques\, in a scalable and repeatable way\, based on our experience doing just this with real organizations and real teams and with a focus on the current state of the art in this fast-moving area.This course goes beyond the scope of standard application security knowledge and is designed to make you a specialist in this area. Having spent several years perfecting this process\, we are excited to impart the lessons we have learnt!The course is structured as follows:* Overview – setting out the basic details of what we will be talking about in terms of code scanning and SAST.* Key techniques – Discuss the different techniques which can be used for this including generic “off the shelf” SAST\, deterministic custom scanning rules\, and LLM powered custom AI prompts* Technique comparison - Advantages and disadvantages of each technique based on our in-depth experience with each and which technique you will want to use in different situations\, to avoid wasting time trying to use a technique in an inappropriate use case.* Organizational process – How to get these processes built into an organization’s existing software lifecycle* Generic SAST – Using “off the shelf” rules effectively to catch “low hanging fruit” and avoid reinventing the wheel.* Custom SAST – Introduce custom rule languages (e.g.\, Semgrep\, CodeQL)\, writing rules from scratch\, and scaling analysis across a codebase.* Basic AI Code Security Scanning – Overview of AI-based scanning\, platforms\, principles\, and initial single-shot prompts.* Complex AI Code Security Scanning – AI-driven techniques for code security\, including using AI to review and triage findings and creating multi-stage rules that combine deterministic rules CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:5222aa1b47dfad1896e583d8c18b54be URL:http://owaspglobalappseceuvienna20.sched.com/event/5222aa1b47dfad1896e583d8c18b54be END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:2-Day Training: The Mobile Playbook - A guide for iOS and Android App Security (Hybrid) DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Sven Schleier\n\nYou may attend this training course in person or virtually.\n\nTo register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n\nThis two-day\, hands-on course is designed to teach penetration testers\, developers\, and engineers how to analyse Android and iOS applications for security vulnerabilities. The course covers the different phases of testing\, including dynamic testing\, static analysis\, reverse engineering\, and software composition analysis (SCA). We will also explore how you can use the Model Context Protocol (MCP) to automate some of these workflows and leverage its strengths.The course is based on the OWASP Mobile Application Security Testing Guide (MASTG) and taught by one of the project co-leaders. This comprehensive\, open-source mobile security testing book covers both iOS and Android\, providing a methodology and detailed technical test cases to ensure completeness and utilizes the latest attack techniques against mobile applications. This course provides hands-on experience with open-source tools and advanced methodologies\, guiding you through real-world scenarios.Detailed outlineOn the first day\, we will start with an introduction to the OWASP MASVS and MASTG projects\, including the latest updates. Then\, we will dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device\; instead\, each student will be provided with a cloud-based\, virtualised Android device from Corellium.Topics include:- Intercepting network traffic of an Android App in various scenarios\, including intercepting traffic that is not HTTP.- Scanning for secrets in an APK.- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.- Static Scanning of decompiled Kotlin source code by using MCP workflows with semgrep and radare2\, identifying vulnerabilities and eliminating false positives.- Frida crash course to get started with dynamic instrumentation on Android apps by using MCP workflows.- Use dynamic instrumentation with Frida to bypass client-side security controls such as root detection mechanisms.- We will close day 1 with a Capture the Flag (CTF) by attacking several apps\, including a real world app and overcome it's protection mechanisms.Day 2 focuses on iOS. We will begin the day by exploring the OWASP MASWE and creating an iOS test environment using Corellium and dive into several topics\, including:\n\n- Introduction into iOS Security fundamentals\n- Intercepting network traffic of an iOS App in various scenarios\, including intercepting traffic from apps written in mobile app frameworks such as Google's Flutter.\n- How to retrieve an IPA\, execute static scanning of an IPA and identifying vulnerabilities and eliminating false positives.\n- Software Composition Analysis (SCA) for iOS by using SBOM's and scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and planning mitigation strategies.\n- Frida crash course to get started with dynamic instrumentation for iOS applications and utilsing MCP workflows.\n- Testing methodology with a non-jailbroken (jailed) device by repackaging an IPA with the Frida gadget.\n- Analyse the storage of an iOS app and understand the various options on how (files\, databases\, logs etc.) and where files can be stored.\n- Using Frida to bypass runtime instrumentation of iOS applications\, like anti-Jailbreaking Mechanisms.\n\nWe'll wrap up the final day with a CTF and participants can win a prize!\n\nWhether you are a beginner who wants to learn mobile app testing from the ground up\, or an experienced pentester or developer or engineer who wants to improve your existing skills to perform more advanced attack techniques\, this training will help you achieve your goals.\n\nThe course consists of many different hands-on labs developed by the instructor or using real world apps that are part of bug bounty platforms.\n\nUpon successfully completing this course\, students will have a better understanding of how to test for vulnerabilities in mobile applications\, how to recommend appropriate mitigation techniques to developers and how to perform consistent and efficient testing using MCP (Model Context Protocol) workflows. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:3bcb2a73c999d740eeb6a64ab3a24760 URL:http://owaspglobalappseceuvienna20.sched.com/event/3bcb2a73c999d740eeb6a64ab3a24760 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:3-Day Training: AppSec and AI Security for Developers with Jim Manico (Hybrid) DESCRIPTION:To register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n3-Day Training: June 22-24\, 2026\nLevel: Beginner\nTrainer: \;Jim Manico\n\nYou may attend this training course in person or virtually\nDescription: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class\, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests\, so you can dive deeper into the areas that matter most.Students will choose from the following material:Core Modules00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec00-01 Input Validation Basics (1 hr): Allowlist Validation\, Safe Redirects00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers\, Verbs\, Secure Transport Basics00-03 SOP and CORS (1 hr): Same-Origin Policy\, Cross-Origin Resource Sharing Security00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries\, Secure Database Configurations\, Command Injection00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures00-06 File Upload and File I/O Security (1 hr): Secure File Upload\, File I/O Security00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form WorkflowsAPI Security01-00 API and REST Security (2 hrs): REST Design\, XML\, XXE\, JSON\, API Access Control01-01 Microservice Security (2 hrs): Security Architectures in Microservices01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges01-03 gRPC Security (1 hr): gRPC Security ArchitectureFoundations of AI Security02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts\, Threats\, and Mitigations02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model ApplicationsAI Secure Development Practices02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation02-11 React Security Prompt Engineering ( CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:25a541a395c334ead461b6ef3c8b6c72 URL:http://owaspglobalappseceuvienna20.sched.com/event/25a541a395c334ead461b6ef3c8b6c72 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:3-Day Training: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access DESCRIPTION:3-Day Training:June 22-24\, 2026\nLevel: Intermediate\nTrainer: Dawid Czagan\n\n\nTo register\, please purchase your training ticket here. Training and conference are two separate ticket purchases.\n\nModern IT systems are increasingly complex\, making full-stack expertise more essential than ever. That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.\n\nFor each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help you develop your skills step by step. What's more\, when the training is over\, you can take the complete lab environment home to hack again at your own pace.\n\nI found security bugs in many companies including Google\, Yahoo\, Mozilla\, Twitter and in this training I'll share my experience with you.\n\nKey Learning Objectives\nAfter completing this training\, you will have learned about:\n\n- Hacking cloud applications\n- API hacking tips & tricks\n- Data exfiltration techniques\n- OSINT asset discovery tools\n- Tricky user impersonation\n- Bypassing protection mechanisms\n- CLI hacking scripts\n- Interesting XSS attacks\n- Server-side template injection\n- Hacking with Google & GitHub search engines\n- Automated SQL injection detection and exploitation\n- File read & file upload attacks\n- Password cracking in a smart way\n- Hacking Git repos\n- XML attacks\n- NoSQL injection\n- HTTP parameter pollution\n- Web cache deception attack\n- Hacking with wrappers\n- Finding metadata with sensitive information\n- Hijacking NTLM hashes\n- Automated detection of JavaScript libraries with known vulnerabilities\n- Extracting passwords\n- Hacking Electron applications\n- Establishing reverse shell connections\n- RCE attacks\n- XSS polyglot\n- and more …\n\nWhat Students Will Receive\nStudents will be handed in a VMware image with a specially prepared lab environment to play with all attacks\, vulnerabilities and techniques presented in this training. When the training is over\, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.\n\nSpecial Bonus\nThe ticket price includes FREE access to my 6 online courses:\n\n- Fuzzing with Burp Suite Intruder\n- Exploiting Race Conditions with OWASP ZAP\n- Case Studies of Award-Winning XSS Attacks: Part 1\n- Case Studies of Award-Winning XSS Attacks: Part 2\n- How Hackers Find SQL Injections in Minutes with Sqlmap\n- Web Application Security Testing with Google Hacking\n\nWhat Students Say About My Trainings\nReferences are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions – training participants from companies such as Oracle\, Adobe\, ESET\, ING\, Red Hat\, Trend Micro\, Philips\, government sector... \;\nWhat Students Should Know\nTo get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy\, such as Burp Suite Proxy or Zed Attack Proxy (ZAP)\, to analyze or modify the traffic.\n\nWhat Students Should Bring\nStudents will need a laptop with 64-bit operating system\, at least 8 GB RAM\, 35 GB free hard drive space\, administrative access\, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training\, make sure there are no problems with running x86_64 VMs.\n\nAdditional notes\nThis new 3-day training was sold out at top security conferences e.g. DEF CON (Las Vegas)\, Hack In Paris (Paris).\n\nThis is a 100% hands-on training: for each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help students develop their skills step by step.\n CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:65a06f1349cefc378510f5579153180d URL:http://owaspglobalappseceuvienna20.sched.com/event/65a06f1349cefc378510f5579153180d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:3-Day Training: Web Application Security Essentials DESCRIPTION:3-Day Training: June 22-24\, 2026Level: \;Introductory and OverviewTrainer: Fabio Cerullo\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nIntroductionModern organisations rely heavily on web applications\, and attackers exploit their weaknesses daily.As AI tools accelerate software development\, code is being generated faster than ever before. Yet every line\, human-written or AI-generated\, still carries risk. This three-day instructor-led course gives participants the knowledge and practical experience to recognise vulnerabilities\, understand how exploitation works\, and assess potential impact.Aligned with the latest OWASP Top 10 2025\, the course provides an in-depth exploration of each key risk\, illustrated through demonstrations and guided labs.Participants will learn how attackers think\, how vulnerabilities are introduced\, and how to recognise and validate them\, preparing participants to collaborate effectively with developers and security teams in future remediation work.FormatYou will begin by exploring common web application vulnerabilities before gaining access to a purpose-built lab environment containing the very bugs and coding errors discussed in class. This provides an ideal\, safe setting to observe and exploit these vulnerabilities using open-source tools and techniques\, bridging the gap between theory and real-world practice.This practical approach builds the confidence and analytical skills needed to identify and assess security risks effectively. Sessions encourage active participation\, group discussions\, and collaboration\, allowing you to share insights and learn from peers across disciplines.Course Outline1. Introduction to Web Application Security2. Technologies Used in Web Applications3. Tools Used During the Course4. Critical Areas in Web Applications: OWASP Top 10 20255. Broken Access Control (A01:2025)6. Security Misconfiguration (A02:2025)7. Software Supply Chain Failures (A03:2025) CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:e4a09a3692a025b4a2999cfa9f849b5f URL:http://owaspglobalappseceuvienna20.sched.com/event/e4a09a3692a025b4a2999cfa9f849b5f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:3-Day Training:AI Whiteboard Hacking aka Hands-on Threat Modeling Training DESCRIPTION:To register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.3-Day Training: June 22-24\, 2026Level: \;BeginnerTrainer: \;Sebastien Deleersnyder\n\nDownload the complete training outline: \;AI Whiteboard Hacking Training Details\n\nTestimonial: "After years evaluating security trainings at Black Hat\, including Toreon's Whiteboard Hacking sessions\, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."- Daniel Cuthbert\, Global Head of Cyber Security Research\, Black Hat Review Board Member\n\nIn today's rapidly evolving AI landscape\, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify\, assess\, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios\, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.\n\nThe training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion\, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses\, expert Q&A sessions\, and continuously updated resources.\n\nLed by Sebastien Deleersnyder\, co-founder and CTO of Toreon\, and Black Hat trainer\, this training combines technical expertise with practical insights gained from real-world projects across government\, finance\, healthcare\, and technology sectors.\n\nQuick Overview:·  \;  \;  \; Target Audience: AI Engineers\, Software Engineers\, Solution Architects\, Security Professionals·  \;  \;  \; Prerequisites: Basic understanding of AI concepts (pre-training materials provided)·  \;  \;  \; Certification: AI Threat Modeling Practitioner Certificate·  \;  \;  \; Bonus: 1-year AI Threat Modeling Subscription included\n\nOur lineup of the hands-on exercises from the training that let you put AI security concepts into practice:\nDay 1: Foundations & Methodology·  \;  \;  \; "AI Security Headlines from the Future" - Explore potential security scenarios·  \;  \;  \; "Diagramming the AI Assistant Infrastructure" - Map out real AI system components CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:5e5ed35d957375cf68f6ca626d131f61 URL:http://owaspglobalappseceuvienna20.sched.com/event/5e5ed35d957375cf68f6ca626d131f61 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T070000Z DTEND:20260623T150000Z SUMMARY:Private BOD Meeting DESCRIPTION:\n CATEGORIES:MEETING LOCATION:Room -2.11 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:78e7eedf1ebd277e63b251e2b62758e3 URL:http://owaspglobalappseceuvienna20.sched.com/event/78e7eedf1ebd277e63b251e2b62758e3 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T083000Z DTEND:20260623T090000Z SUMMARY:AM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:4d2e66c89c0e05132e303c3ea08ccc97 URL:http://owaspglobalappseceuvienna20.sched.com/event/4d2e66c89c0e05132e303c3ea08ccc97 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T103000Z DTEND:20260623T113000Z SUMMARY:Lunch DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:c750133c377ce4334ca11c196d288c9f URL:http://owaspglobalappseceuvienna20.sched.com/event/c750133c377ce4334ca11c196d288c9f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260623T130000Z DTEND:20260623T133000Z SUMMARY:PM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:bf3050535e71e0c5c95362ce983cbdee URL:http://owaspglobalappseceuvienna20.sched.com/event/bf3050535e71e0c5c95362ce983cbdee END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T053000Z DTEND:20260624T070000Z SUMMARY:Private Board Meeting DESCRIPTION:\n CATEGORIES:MEETING LOCATION:Room -2.11 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:f9b907826e131f665e4518c6a80f20ac URL:http://owaspglobalappseceuvienna20.sched.com/event/f9b907826e131f665e4518c6a80f20ac END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T063000Z DTEND:20260624T070000Z SUMMARY:Coffee/tea DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:c07e8ba18a8376cbb27b1d67090c23a8 URL:http://owaspglobalappseceuvienna20.sched.com/event/c07e8ba18a8376cbb27b1d67090c23a8 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:1-Day Training: API Security: Hands-On Secure API Design & Hardening DESCRIPTION:1-Day Training: June 24\, 2026Level: \;IntermediateTrainer: Tanya Janca\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nAPIs are the backbone of modern applications—but they also introduce unique security risks. In this hands-on training\, participants will deep-dive into API security threats using a "Bad\, Better\, Best" approach.\n• Review real-world insecure APIs and step through progressive security improvements• Work hands-on with OWASP DevSlop Pixi intentionally vulnerable API\, 42Crunch IDE Plugin\, and Semgrep to find\, fix\, and prevent API vulnerabilities• Master the OWASP API Security Top Ten through guided code reviews and hands-on exercises• Learn best practices for API security hardening\, authentication\, and monitoring\nBy the end of this session\, participants will have the skills and tools to secure APIs with confidence using industry best practices. CATEGORIES:1-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:68d8c0a1af3c221d58871a8b75b6f282 URL:http://owaspglobalappseceuvienna20.sched.com/event/68d8c0a1af3c221d58871a8b75b6f282 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:1-Day Training: How to build a Successful Security Champions Program DESCRIPTION:1-Day Training: June 24\, 2026Level: \;IntermediateTrainer:Juliane Reimann & Marisa Fagan\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nDo you feel a disconnect between your cybersecurity efforts and engineering activities? If so\, a Security Champions Program could bridge the gap. By involving engineers in security topics that align with their work\, a Security Champions program not only enhances security awareness but also fosters a culture of security across your organization. However\, creating such a program requires careful planning\, innovative strategies\, and a solid understanding of what drives individuals to champion security initiatives.This training will equip you with practical tools and actionable insights to design and launch a successful Security Champions Program. You’ll explore key concepts\, including how to:- Develop a foundational understanding of what a Security Champions Programs is- Plan and navigate the phases of program development\, from launch to long-term growth.- Learn about strategies to engage and motivate diverse personality types within the organization- Acquire practical tools and a structured approach to establish a scalable and trackable Security Champions ProgramWhether you’re a security engineer\, architect\, or manager\, this training will provide you with the tools and frameworks to collaborate effectively with your engineering teams and establish a thriving Security Champions Program.The session is highly interactive\, featuring hands-on exercises and team-based activities to encourage collaboration and networking with fellow professionals. Join us to gain the confidence and strategies you need to kickstart your journey toward a more secure organization. CATEGORIES:1-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:40cae1908cb8f7c652e27a9e330b0062 URL:http://owaspglobalappseceuvienna20.sched.com/event/40cae1908cb8f7c652e27a9e330b0062 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:1-Day Training: Master AI Security (Hybrid) DESCRIPTION:1-Day Training: June 24\, 2026\nLevel: Intermediate\nTrainer: Rob van der Veer\n\nYou may attend this training course either in person or virtually\n\nTo register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n\nThe record-breaking Master AI security training is back!\nThis training broke the OWASP record online and on-site.\nYour trainer is Rob van der Veer\, Chief AI Officer at Software Improvement Group\, with 33 years of AI experience\, founder of the OWASP AI Exchange\, co-editor for the AI Act security standard\, member of the ISO/IEC 27090 for AI security\, co-founder of OpenCRE\, and main author of ISO 5338 on AI engineering.\nMaster AI security is a unique opportunity to become proficient in the intricate and rapidly evolving field of AI security.\nThe disruption by AI presents a significant challenge\, regardless of whether you are a security professional\, a developer\, AI engineer\, or a red teamer. What are your responsibilities? What constitutes the new AI attack surface\, and what threats emerge from it? What measures can you take to mitigate these emerging risks?\nThis one-day intensive training program will equip you with the knowledge to tackle these AI-related challenges effectively\, enabling you to apply what you learn immediately. Starting with a pragmatic overview of AI\, the course then delivers an exhaustive exploration of the distinctive vulnerabilities AI introduces\, the possible attack vectors\, and the most current strategies to counteract threats like prompt injection\, data poisoning\, model theft\, evasion\, and more. Through practical exercises\, you will gain hands-on experience in enacting strong security measures\, attacking AI systems\, conducting threat modelling on AI\, and targeted vulnerability assessments for AI applications.\nBy day's end\, you will possess a thorough comprehension of the core principles and techniques critical to strengthening AI systems. You will have gained practical insights and the confidence to implement cutting-edge AI security measures.\nA key resource that is used in the training is the OWASP AI Exchange - the flagship project located at owaspai.org - which forms the foundation of ISO standard 27090 and the security standard of the AI Act.\nThe training is designed for all levels of attendees. as the material is new from the cutting edge of research and standardization. No in-depth security or AI knowledge is required\, although some experience with either AI or security is helpful.\n\nAttendees will be provided with handout slides and afterwards they can retrieve the unique Master AI security certificate.\n\nSome testimonials of previous runs:Stephan Cohen – BNP Paribas: “This training has significantly enhanced my understanding of both the challenges and controls in securing AI. Looking forward to applying these insights in my work. Thank you Rob for this course.”Ramesh Krishnasaga - British Petroleum:  \;“The training was enlightening. This experience went beyond just training—it provided a strategic roadmap for securing AI applications in practical scenarios."Jedidiah Y - S&P global: “A timely and essential training. The session was truly eye-opening! As a data scientist\, I’ve always focused on building and optimizing models—accuracy\, performance\, and deployment. But this training completely shifted my perspective on the importance of security in AI systems."\n CATEGORIES:1-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:e3281a4d13906b9250145c0c09578492 URL:http://owaspglobalappseceuvienna20.sched.com/event/e3281a4d13906b9250145c0c09578492 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:1-Day Training: Secure-by-Design AI Applications: Identifying\, Testing\, and Validating AI-Specific Threats Before Deployment DESCRIPTION:1-Day Training: June 24\, 2026Level: IntermediateTrainer: Marco Morana**Threat Modeling book (85 euro value) free to the first 10 registrants**\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nAs organizations deploy LLMs\, chatbots\, RAG pipelines\, and autonomous AI agents\, new attack surfaces emerge that traditional application threat modeling cannot fully capture. This one-day course provides a practical\, hands-on introduction to threat modeling AI applications\, grounded in the OWASP AI Testing Guide\, OWASP AI Exchange\, NIST AI RMF\, and Secure AI Framework (SAIF).Participants learn how AI reshapes attack surfaces at the data\, model\, pipeline\, and API layers\, and how adversarial risks such as prompt injection\, model theft\, data poisoning\, membership inference\, and supply-chain compromise can be identified early and validated before deployment.Through structured modeling exercises\, ATLAS Navigator demos\, AI SBOM analysis\, attack-flow mapping\, and secure-by-design patterns\, learners translate AI threat models into actionable test cases aligned to OWASP AITG Test IDs and MITRE ATLAS. The course concludes with an end-to-end capstone where participants model and test a real-world LLM or RAG pipeline.By the end of the workshop\, participants will be able to identify\, model\, test\, and validate AI-specific threats\, embed AI testing into DevSecOps workflows\, and operationalize AI threat modeling as a repeatable\, testable practice for QA\, security\, and incident response. CATEGORIES:1-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:a35b9140f43ca7d365147589a701271f URL:http://owaspglobalappseceuvienna20.sched.com/event/a35b9140f43ca7d365147589a701271f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:2-Day Training: Adam Shostack's Threat Modeling Intensive DESCRIPTION:2-Day Training: June 23-24\, 2026\nLevel: Intermediate\nTrainer: Adam Shostack\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.This hands-on\, interactive class will focus on learning to threat model by executing each of the steps. Students will start with a guided threat modeling exercise\, and we'll then iterate and break down the skills they're learning in more depth. We'll progressing through the Four Questions of Threat Modeling: what are we working on\, what can go wrong\, what are we going to do about it and did we do a good job. This is capped off with an end-to-end exercise that brings the skills together. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:651d6a4b28591e78220e670d1a447760 URL:http://owaspglobalappseceuvienna20.sched.com/event/651d6a4b28591e78220e670d1a447760 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:2-Day Training: AI SecureOps: Attacking & Defending AI Applications and Agents (Hybrid) DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Abhinav Singh\n\nYou may attend this training course in person or virtually\n\nTo register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n\nCan prompt injections lead to complete infrastructure takeovers? Could AI agents be exploited to compromise backend services? Can jailbreaks create false crisis alerts in security systems? In multi-agent systems\, what if an attacker takes over an agent’s goals\, turning other agents into coordinated threats? This immersive\, CTF-styled training in AI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats\, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications & agentic systems to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline\, mastering AI red and blue team strategies\, building resilient defenses for AI apps & agents\, and handling incident response for AI-based threats. Additionally\, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services\, fortifying your organization’s AI security foundation.\nBy the end of this training\, you will be able to:- Exploit vulnerabilities in AI applications to achieve code and command execution\, uncovering scenarios such as instruction injection\, agent control bypass\, remote code execution for infrastructure takeover as well as chaining multiple agents for goal hijacking.- Conduct AI red-teaming using adversary simulation\, OWASP LLM Top 10\, and MITRE ATLAS frameworks\, while applying AI security and ethical principles in real-world scenarios.- Execute and defend against adversarial attacks\, including prompt injection\, data poisoning\, jailbreaks and agentic attacks.- Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks\, implementing a 3-way autonomous system consisting of attack\, defend and judge models.- Develop LLM security scanners to detect and protect against injections\, jailbreaks\, manipulations\, and risky behaviors\, as well as defending LLMs with LLMs.- Build and deploy enterprise-grade LLM defenses\, including custom guardrails for input/output protection\, security benchmarking\, and penetration testing of LLM agents.- Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks and create a robust threat model for enterprise applications.- Implement an incident response and risk management plan for enterprises developing or using GenAI services. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:2d22fc83031a9b4c5a038ea659f3ba52 URL:http://owaspglobalappseceuvienna20.sched.com/event/2d22fc83031a9b4c5a038ea659f3ba52 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:2-Day Training: Repeatable\, Scalable and Valuable Code Security Scanning DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Josh Grossman\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nTo learn more about this training\, please visit the link here.\n\nSuddenly anyone and everyone in your organization can use AI assistants to write code. Meanwhile\, your actual developers are putting out 100x their previous output \, with “varying” levels of quality. So how are you going to secure code at this scale?This course is designed to be a deep dive into state-of-the-art techniques for validating code security within an organization’s codebase. The course has a strong emphasis on how AI-driven analysis can drive this forward whilst also clearly highlighting where standard\, deterministic techniques (albeit incorporating AI acceleration) will be more effective.During the course\, you will learn how to combine these techniques\, in a scalable and repeatable way\, based on our experience doing just this with real organizations and real teams and with a focus on the current state of the art in this fast-moving area.This course goes beyond the scope of standard application security knowledge and is designed to make you a specialist in this area. Having spent several years perfecting this process\, we are excited to impart the lessons we have learnt!The course is structured as follows:* Overview – setting out the basic details of what we will be talking about in terms of code scanning and SAST.* Key techniques – Discuss the different techniques which can be used for this including generic “off the shelf” SAST\, deterministic custom scanning rules\, and LLM powered custom AI prompts* Technique comparison - Advantages and disadvantages of each technique based on our in-depth experience with each and which technique you will want to use in different situations\, to avoid wasting time trying to use a technique in an inappropriate use case.* Organizational process – How to get these processes built into an organization’s existing software lifecycle* Generic SAST – Using “off the shelf” rules effectively to catch “low hanging fruit” and avoid reinventing the wheel.* Custom SAST – Introduce custom rule languages (e.g.\, Semgrep\, CodeQL)\, writing rules from scratch\, and scaling analysis across a codebase.* Basic AI Code Security Scanning – Overview of AI-based scanning\, platforms\, principles\, and initial single-shot prompts.* Complex AI Code Security Scanning – AI-driven techniques for code security\, including using AI to review and triage findings and creating multi-stage rules that combine deterministic rules CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:d8d555d74519f1681212599df68dc482 URL:http://owaspglobalappseceuvienna20.sched.com/event/d8d555d74519f1681212599df68dc482 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:2-Day Training: The Mobile Playbook - A guide for iOS and Android App Security (Hybrid) DESCRIPTION:2-Day Training: June 23-24\, 2026Level: \;IntermediateTrainer:Sven Schleier\n\nYou may attend this training course in person or virtually.\n\nTo register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n\nThis two-day\, hands-on course is designed to teach penetration testers\, developers\, and engineers how to analyse Android and iOS applications for security vulnerabilities. The course covers the different phases of testing\, including dynamic testing\, static analysis\, reverse engineering\, and software composition analysis (SCA). We will also explore how you can use the Model Context Protocol (MCP) to automate some of these workflows and leverage its strengths.The course is based on the OWASP Mobile Application Security Testing Guide (MASTG) and taught by one of the project co-leaders. This comprehensive\, open-source mobile security testing book covers both iOS and Android\, providing a methodology and detailed technical test cases to ensure completeness and utilizes the latest attack techniques against mobile applications. This course provides hands-on experience with open-source tools and advanced methodologies\, guiding you through real-world scenarios.Detailed outlineOn the first day\, we will start with an introduction to the OWASP MASVS and MASTG projects\, including the latest updates. Then\, we will dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device\; instead\, each student will be provided with a cloud-based\, virtualised Android device from Corellium.Topics include:- Intercepting network traffic of an Android App in various scenarios\, including intercepting traffic that is not HTTP.- Scanning for secrets in an APK.- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.- Static Scanning of decompiled Kotlin source code by using MCP workflows with semgrep and radare2\, identifying vulnerabilities and eliminating false positives.- Frida crash course to get started with dynamic instrumentation on Android apps by using MCP workflows.- Use dynamic instrumentation with Frida to bypass client-side security controls such as root detection mechanisms.- We will close day 1 with a Capture the Flag (CTF) by attacking several apps\, including a real world app and overcome it's protection mechanisms.Day 2 focuses on iOS. We will begin the day by exploring the OWASP MASWE and creating an iOS test environment using Corellium and dive into several topics\, including:\n\n- Introduction into iOS Security fundamentals\n- Intercepting network traffic of an iOS App in various scenarios\, including intercepting traffic from apps written in mobile app frameworks such as Google's Flutter.\n- How to retrieve an IPA\, execute static scanning of an IPA and identifying vulnerabilities and eliminating false positives.\n- Software Composition Analysis (SCA) for iOS by using SBOM's and scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and planning mitigation strategies.\n- Frida crash course to get started with dynamic instrumentation for iOS applications and utilsing MCP workflows.\n- Testing methodology with a non-jailbroken (jailed) device by repackaging an IPA with the Frida gadget.\n- Analyse the storage of an iOS app and understand the various options on how (files\, databases\, logs etc.) and where files can be stored.\n- Using Frida to bypass runtime instrumentation of iOS applications\, like anti-Jailbreaking Mechanisms.\n\nWe'll wrap up the final day with a CTF and participants can win a prize!\n\nWhether you are a beginner who wants to learn mobile app testing from the ground up\, or an experienced pentester or developer or engineer who wants to improve your existing skills to perform more advanced attack techniques\, this training will help you achieve your goals.\n\nThe course consists of many different hands-on labs developed by the instructor or using real world apps that are part of bug bounty platforms.\n\nUpon successfully completing this course\, students will have a better understanding of how to test for vulnerabilities in mobile applications\, how to recommend appropriate mitigation techniques to developers and how to perform consistent and efficient testing using MCP (Model Context Protocol) workflows. CATEGORIES:2-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:954de325045b615f68e7a5cd36b144fe URL:http://owaspglobalappseceuvienna20.sched.com/event/954de325045b615f68e7a5cd36b144fe END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:3-Day Training: AppSec and AI Security for Developers with Jim Manico (Hybrid) DESCRIPTION:To register\, please purchase your training ticket \;here. Training and conference are two separate ticket purchases.\n3-Day Training: June 22-24\, 2026\nLevel: Beginner\nTrainer: \;Jim Manico\n\nYou may attend this training course in person or virtually\nDescription: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class\, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests\, so you can dive deeper into the areas that matter most.Students will choose from the following material:Core Modules00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec00-01 Input Validation Basics (1 hr): Allowlist Validation\, Safe Redirects00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers\, Verbs\, Secure Transport Basics00-03 SOP and CORS (1 hr): Same-Origin Policy\, Cross-Origin Resource Sharing Security00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries\, Secure Database Configurations\, Command Injection00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures00-06 File Upload and File I/O Security (1 hr): Secure File Upload\, File I/O Security00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form WorkflowsAPI Security01-00 API and REST Security (2 hrs): REST Design\, XML\, XXE\, JSON\, API Access Control01-01 Microservice Security (2 hrs): Security Architectures in Microservices01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges01-03 gRPC Security (1 hr): gRPC Security ArchitectureFoundations of AI Security02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts\, Threats\, and Mitigations02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model ApplicationsAI Secure Development Practices02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation02-11 React Security Prompt Engineering ( CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:25a535959c0345160f97d525167948de URL:http://owaspglobalappseceuvienna20.sched.com/event/25a535959c0345160f97d525167948de END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:3-Day Training: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access DESCRIPTION:3-Day Training:June 22-24\, 2026\nLevel: Intermediate\nTrainer: Dawid Czagan\n\n\nTo register\, please purchase your training ticket here. Training and conference are two separate ticket purchases.\n\nModern IT systems are increasingly complex\, making full-stack expertise more essential than ever. That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.\n\nFor each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help you develop your skills step by step. What's more\, when the training is over\, you can take the complete lab environment home to hack again at your own pace.\n\nI found security bugs in many companies including Google\, Yahoo\, Mozilla\, Twitter and in this training I'll share my experience with you.\n\nKey Learning Objectives\nAfter completing this training\, you will have learned about:\n\n- Hacking cloud applications\n- API hacking tips & tricks\n- Data exfiltration techniques\n- OSINT asset discovery tools\n- Tricky user impersonation\n- Bypassing protection mechanisms\n- CLI hacking scripts\n- Interesting XSS attacks\n- Server-side template injection\n- Hacking with Google & GitHub search engines\n- Automated SQL injection detection and exploitation\n- File read & file upload attacks\n- Password cracking in a smart way\n- Hacking Git repos\n- XML attacks\n- NoSQL injection\n- HTTP parameter pollution\n- Web cache deception attack\n- Hacking with wrappers\n- Finding metadata with sensitive information\n- Hijacking NTLM hashes\n- Automated detection of JavaScript libraries with known vulnerabilities\n- Extracting passwords\n- Hacking Electron applications\n- Establishing reverse shell connections\n- RCE attacks\n- XSS polyglot\n- and more …\n\nWhat Students Will Receive\nStudents will be handed in a VMware image with a specially prepared lab environment to play with all attacks\, vulnerabilities and techniques presented in this training. When the training is over\, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.\n\nSpecial Bonus\nThe ticket price includes FREE access to my 6 online courses:\n\n- Fuzzing with Burp Suite Intruder\n- Exploiting Race Conditions with OWASP ZAP\n- Case Studies of Award-Winning XSS Attacks: Part 1\n- Case Studies of Award-Winning XSS Attacks: Part 2\n- How Hackers Find SQL Injections in Minutes with Sqlmap\n- Web Application Security Testing with Google Hacking\n\nWhat Students Say About My Trainings\nReferences are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions – training participants from companies such as Oracle\, Adobe\, ESET\, ING\, Red Hat\, Trend Micro\, Philips\, government sector... \;\nWhat Students Should Know\nTo get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy\, such as Burp Suite Proxy or Zed Attack Proxy (ZAP)\, to analyze or modify the traffic.\n\nWhat Students Should Bring\nStudents will need a laptop with 64-bit operating system\, at least 8 GB RAM\, 35 GB free hard drive space\, administrative access\, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training\, make sure there are no problems with running x86_64 VMs.\n\nAdditional notes\nThis new 3-day training was sold out at top security conferences e.g. DEF CON (Las Vegas)\, Hack In Paris (Paris).\n\nThis is a 100% hands-on training: for each attack\, vulnerability and technique presented in this training\, there is a lab exercise to help students develop their skills step by step.\n CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:7954982d7b36a9045c07d418ce86b1b0 URL:http://owaspglobalappseceuvienna20.sched.com/event/7954982d7b36a9045c07d418ce86b1b0 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:3-Day Training: Web Application Security Essentials DESCRIPTION:3-Day Training: June 22-24\, 2026Level: \;Introductory and OverviewTrainer: Fabio Cerullo\n\nTo register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.\n\nIntroductionModern organisations rely heavily on web applications\, and attackers exploit their weaknesses daily.As AI tools accelerate software development\, code is being generated faster than ever before. Yet every line\, human-written or AI-generated\, still carries risk. This three-day instructor-led course gives participants the knowledge and practical experience to recognise vulnerabilities\, understand how exploitation works\, and assess potential impact.Aligned with the latest OWASP Top 10 2025\, the course provides an in-depth exploration of each key risk\, illustrated through demonstrations and guided labs.Participants will learn how attackers think\, how vulnerabilities are introduced\, and how to recognise and validate them\, preparing participants to collaborate effectively with developers and security teams in future remediation work.FormatYou will begin by exploring common web application vulnerabilities before gaining access to a purpose-built lab environment containing the very bugs and coding errors discussed in class. This provides an ideal\, safe setting to observe and exploit these vulnerabilities using open-source tools and techniques\, bridging the gap between theory and real-world practice.This practical approach builds the confidence and analytical skills needed to identify and assess security risks effectively. Sessions encourage active participation\, group discussions\, and collaboration\, allowing you to share insights and learn from peers across disciplines.Course Outline1. Introduction to Web Application Security2. Technologies Used in Web Applications3. Tools Used During the Course4. Critical Areas in Web Applications: OWASP Top 10 20255. Broken Access Control (A01:2025)6. Security Misconfiguration (A02:2025)7. Software Supply Chain Failures (A03:2025) CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:dfbdb3ab9f069f601f1a39bf2e4e64c0 URL:http://owaspglobalappseceuvienna20.sched.com/event/dfbdb3ab9f069f601f1a39bf2e4e64c0 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:3-Day Training:AI Whiteboard Hacking aka Hands-on Threat Modeling Training DESCRIPTION:To register\, please purchase your training ticket \;here. \;Training and conference are two separate ticket purchases.3-Day Training: June 22-24\, 2026Level: \;BeginnerTrainer: \;Sebastien Deleersnyder\n\nDownload the complete training outline: \;AI Whiteboard Hacking Training Details\n\nTestimonial: "After years evaluating security trainings at Black Hat\, including Toreon's Whiteboard Hacking sessions\, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."- Daniel Cuthbert\, Global Head of Cyber Security Research\, Black Hat Review Board Member\n\nIn today's rapidly evolving AI landscape\, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify\, assess\, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios\, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.\n\nThe training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion\, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses\, expert Q&A sessions\, and continuously updated resources.\n\nLed by Sebastien Deleersnyder\, co-founder and CTO of Toreon\, and Black Hat trainer\, this training combines technical expertise with practical insights gained from real-world projects across government\, finance\, healthcare\, and technology sectors.\n\nQuick Overview:·  \;  \;  \; Target Audience: AI Engineers\, Software Engineers\, Solution Architects\, Security Professionals·  \;  \;  \; Prerequisites: Basic understanding of AI concepts (pre-training materials provided)·  \;  \;  \; Certification: AI Threat Modeling Practitioner Certificate·  \;  \;  \; Bonus: 1-year AI Threat Modeling Subscription included\n\nOur lineup of the hands-on exercises from the training that let you put AI security concepts into practice:\nDay 1: Foundations & Methodology·  \;  \;  \; "AI Security Headlines from the Future" - Explore potential security scenarios·  \;  \;  \; "Diagramming the AI Assistant Infrastructure" - Map out real AI system components CATEGORIES:3-DAY TRAINING LOCATION:Vienna\, Austria SEQUENCE:0 UID:d069e45e748e44f9826498671eb81220 URL:http://owaspglobalappseceuvienna20.sched.com/event/d069e45e748e44f9826498671eb81220 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T070000Z DTEND:20260624T150000Z SUMMARY:1-Day Training: SAMM and DSOMM User Day DESCRIPTION: CATEGORIES:PROJECT USER DAY LOCATION:Vienna\, Austria SEQUENCE:0 UID:e998238c863db4c5760d097e01f67fdf URL:http://owaspglobalappseceuvienna20.sched.com/event/e998238c863db4c5760d097e01f67fdf END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T083000Z DTEND:20260624T090000Z SUMMARY:AM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:2cacc0c46fde4360242854fbc461e5fd URL:http://owaspglobalappseceuvienna20.sched.com/event/2cacc0c46fde4360242854fbc461e5fd END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T103000Z DTEND:20260624T113000Z SUMMARY:Lunch DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:327a488af3d2f95639151aed05202b55 URL:http://owaspglobalappseceuvienna20.sched.com/event/327a488af3d2f95639151aed05202b55 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T130000Z DTEND:20260624T133000Z SUMMARY:PM Break DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:d6ff5f9ac8e5c3599204e356dd9c2e4d URL:http://owaspglobalappseceuvienna20.sched.com/event/d6ff5f9ac8e5c3599204e356dd9c2e4d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T153000Z DTEND:20260624T170000Z SUMMARY:Global Board of Directors Public Meeting DESCRIPTION:\n CATEGORIES:MEETING LOCATION:Vienna\, Austria SEQUENCE:0 UID:fcc48397332fd87b33b300a163a1911e URL:http://owaspglobalappseceuvienna20.sched.com/event/fcc48397332fd87b33b300a163a1911e END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260624T170000Z DTEND:20260624T200000Z SUMMARY:Anti Magic Quadrant Club Sunset Drinks by Aikido DESCRIPTION:For everyone who survived OWASP Global AppSec on Wednesday — join at the beach club \;for sunset drinks \;before vendor mayhem starts.Come\, have a good time\, catch up with old friends\, and leave with a few new ones. Everyone is welcome!\nTwo rules:\nNo acronymsHave fun - and make the most of the open bar 🍹Why Anti-Magic Quadrant Club?This industry loves flashy quadrants and new acronyms. Builders don’t.\nIf you care about fixing what matters and getting back to building\, you’ll fit right in.\nSign up now. +1s welcome!\n\nRegister for the Happy Hour with Aikido! CATEGORIES:SPONSORED HAPPY HOUR LOCATION:Vienna\, Austria SEQUENCE:0 UID:a90a2b1aed03c9e67f37272c7b7a2555 URL:http://owaspglobalappseceuvienna20.sched.com/event/a90a2b1aed03c9e67f37272c7b7a2555 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T054500Z DTEND:20260625T064500Z SUMMARY:Women in AppSec Breakfast (Sign up Required) DESCRIPTION:Must already be registered for the conference and sign up for breakfast is required.Come and enjoy a breakfast committeed to making conference friends and friends for life (AKA - professioinal networking) at the Women in AppSec Breakfast co-hosted by Tanya Janca\, Juliane Reimann\, Kim Wyuts\, and Marisa Fagan.RSVP now \;to enjoy great food\, pick up your challenge coin early\, and walk through the expo hall\, if you choose\, to start tackling the expo passport program and win prizes. CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Terrace G of Austria Center\, Vienna\, Austria SEQUENCE:0 UID:b1443aee2246d2f4263f6680e173135f URL:http://owaspglobalappseceuvienna20.sched.com/event/b1443aee2246d2f4263f6680e173135f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T063000Z DTEND:20260625T140000Z SUMMARY:OWASP Official Store: Come explore books\, games and merch (or Explore CyberSec Games\, OWASP books and official merch) DESCRIPTION:Come visit our table in the Expo Hall for books\, games\, and merch CATEGORIES:BONUS TRACK LOCATION:Vienna\, Austria SEQUENCE:0 UID:2935d3b5bdb01c465884aea28907a210 URL:http://owaspglobalappseceuvienna20.sched.com/event/2935d3b5bdb01c465884aea28907a210 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T063000Z DTEND:20260625T070000Z SUMMARY:Coffee/tea DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:5229eda5f05e17786d1d64b5af585b03 URL:http://owaspglobalappseceuvienna20.sched.com/event/5229eda5f05e17786d1d64b5af585b03 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T070000Z DTEND:20260625T071500Z SUMMARY:Opening Remarks DESCRIPTION:Welcome to the OWASP Global AppSec EU 2026 conference! We are excited you are with us\, not only to attend this amazing event\, but also to celebrate our 25th anniversary!\n\nDon't miss the opening remarks for the event as we welcome you and provide a few key details to provide you with a roadmap to a successful time with us! CATEGORIES:KEYNOTE LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:d11cd5dda4e03bec2e3df6e756e5dc82 URL:http://owaspglobalappseceuvienna20.sched.com/event/d11cd5dda4e03bec2e3df6e756e5dc82 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T071500Z DTEND:20260625T080000Z SUMMARY:Keynote: The Reinvention of Software Engineering DESCRIPTION:I don’t need to tell you that AI has changed software development forever. You know this. Whether you’re positive\, negative or indifferent to this change\, you can’t deny that the past 2 years have radically changed the role of the software developer. \n\n As an industry we have been obsessed with velocity. \n\nWe wanted every second of “developer productivity” squeezed from every dev team and designed tools\, processes and practices to create the right environment for that to happen. \n\n The velocity is here. And we don’t know what to do with it. \n\n Many of our tools\, processes and practices simply don’t make sense any more. The “unblocking” of one bottleneck in the software development lifecycle has created new bottlenecks and pressure points. This is especially true for application security teams. \n\n The seismic shift in software is only just getting started. I don’t offer a proven strategy to navigate this change\, we are sailing these turbulent waters together. What I propose is that we go back to fundamentals\, refocus on outcomes and evaluate our options for evolving our software development lifecycle\, safely and securely. \n\n Fundamentals like security and reliability are as important as ever\, but how do we deliver on these commitments at the pace of AI coding? What practices are gone forever\, and which do we need to keep? \n\n In this talk I bring you these options\, what I’ve seen work\, what I’m ready to throw out\, and most importantly\, the things I will keep no matter what. CATEGORIES:KEYNOTE LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:94b8089a9667b1b19fce332385801d0b URL:http://owaspglobalappseceuvienna20.sched.com/event/94b8089a9667b1b19fce332385801d0b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T080000Z DTEND:20260625T083000Z SUMMARY:AM Break in Expo Hall DESCRIPTION:\n CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Vienna\, Austria SEQUENCE:0 UID:4f49c990764d84a82a964c86ba9eb446 URL:http://owaspglobalappseceuvienna20.sched.com/event/4f49c990764d84a82a964c86ba9eb446 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T080500Z DTEND:20260625T100500Z SUMMARY:Hands-On: Building Security Guardrails for AI-Generated Code DESCRIPTION:AI-assisted development is now responsible for a significant and growing portion of production code. However\, most AppSec programs still treat AI as an external input to be scanned after code is written\, rather than as a system that can be guided to produce safer code up front.\n\nIn this Practical On-Demand session\, participants will explore a secure-by-construction approach to AI coding using Cursor-style rules and hooks. The POD is structured around short\, repeatable activities rather than a linear workshop. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5239f56b7fbb58836eb09756ca84c2c6 URL:http://owaspglobalappseceuvienna20.sched.com/event/5239f56b7fbb58836eb09756ca84c2c6 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T080500Z DTEND:20260625T100500Z SUMMARY:Teaching Security Concepts Using Physical Analogies DESCRIPTION:Understanding security fundamentals doesn’t have to be dry or abstract. In this interactive CF‑Pod\, you’ll explore the core principles of confidentiality\, integrity\, and availability through surprising physical demonstrations and simple “magic‑like” activities that make each concept intuitive and memorable.Each station focuses on one security principle and offers a short\, hands‑on challenge that transforms an abstract idea into something you can see\, touch\, and explain to others. You can drop in for 10–15 minutes\, try an activity\, and walk away with a clear\, practical analogy you can use in real‑world conversations with teammates and stakeholders.Whether you're new to security or looking for better ways to teach it\, this session will give you fun\, effective tools for communicating the foundations of secure systems. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5245cb6005dea31fc14ad88490bd3566 URL:http://owaspglobalappseceuvienna20.sched.com/event/5245cb6005dea31fc14ad88490bd3566 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T080500Z DTEND:20260625T100500Z SUMMARY:The Old But Unforgettable Key DESCRIPTION:Application security failures often stem from small\, everyday oversights that quietly accumulate into serious risk. This Practical On-Demand (POD) activity lets participants explore how those issues surface in real applications by actively engaging with a deliberately vulnerable web app.Attendees can drop in at any time and participate in a self-paced\, Capture the Flag (CTF) style challenge centred on investigation\, experimentation\, and problem solving. Starting from a minimal application with limited guidance\, participants uncover and connect security weaknesses to progressively increase their level of access.The activity is designed to be accessible to all experience levels. Newcomers can engage with individual challenges and learn core AppSec concepts\, while more experienced practitioners can pursue deeper exploration and more complex exploitation paths. All scenarios are inspired by issues commonly encountered in real world development environments.Facilitators are present throughout the session to support participants\, answer questions\, and provide short\, optional walkthroughs for those without laptops. The emphasis remains on doing\, discovery\, and practical takeaways\, ensuring participants leave with a stronger intuition for identifying risk and concrete guidance they can apply in their own applications. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:ad03284c3a0e8d87c3354b38172d9581 URL:http://owaspglobalappseceuvienna20.sched.com/event/ad03284c3a0e8d87c3354b38172d9581 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T094500Z SUMMARY:Meet the Mentor DESCRIPTION:One more Global AppSec event.You’re taking training\, you’re running between sessions\, you’re connecting with people over coffee or when talking to a vendor.What if you could use the event to also meet a potential mentor\, or mentee?What if you could connect face to face with someone who may help take your career to the next level\, or that you can help and make a difference with?We are inviting you to an OWASP Global AppSec activity: Meet The Mentor! A speed-dating activity between potential mentors and mentees where you can come face to face and see if it “clicks”\, start a conversation\, and see if it is a match. CATEGORIES:BONUS TRACK LOCATION:Vienna\, Austria SEQUENCE:0 UID:b72a2ab0b650a2ab6f3e98639ebed92d URL:http://owaspglobalappseceuvienna20.sched.com/event/b72a2ab0b650a2ab6f3e98639ebed92d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T091500Z SUMMARY:Why Isn't the Fix in My Container? Tracking CVE Propagation Across 10\,000 Projects DESCRIPTION:We analyzed CVE remediation patterns across 10\,000 open source projects to uncover a critical problem: vulnerabilities fixed upstream often take weeks or months to reach downstream containers. This lag creates massive security exposure windows in Kubernetes environments.In this talk\, we'll present our findings showing how CVE fixes flow (or stall) across ecosystem layers\, from upstream projects to package managers to base images to final containers. You'll see real metrics on remediation delays\, and the compounding effect of layered dependencies.But we won't stop at the problem. The second half focuses on practical solutions. From automated patch backporting to in-place image patching with tools like Copa. You'll learn how to build workflows that dramatically reduce MTTR\, including dependency automation patterns and risk-based prioritization.Attendees will leave with both a data-driven understanding of the CVE remediation challenge and a practical playbook for fixing it. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:b59bed79fab37c4a75da267c01e922d4 URL:http://owaspglobalappseceuvienna20.sched.com/event/b59bed79fab37c4a75da267c01e922d4 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T091500Z SUMMARY:Builders & Breakers Part II: Securing Agentic AI After the Death of LLM Wrappers DESCRIPTION:Last year at OWASP Global AppSec Barcelona\, we showed how to break and defend LLM-integrated apps: (indirect) prompt injection\, jailbreaks\, data poisoning. And what practical controls actually worked in production. But the game has changed.This follow-up talk picks up where we left off\, focusing on the next generation of LLM-driven systems: agentic AI and e.g. MCP (Model Context Protocol) & A2A (Agent2Agent). These systems combine LLMs with tools\, memory\, plugins\, APIs\, and planning loops\, making them far more powerful\, and also far more fragile.We’ll walk through how this new architecture has shifted the attack surface\, and why last year’s defences (input validation\, injection prevention) don’t hold up anymore. Expect real-world attack paths: memory poisoning\, tool misuse\, and agent goal hijacking. Then we’ll show you what works: “Zero Trust”-style isolation\, sandboxing tool execution\, runtime plan validation\, and defence patterns that are actually deployable.This is not a theoretical talk. It’s a two-speaker format - builder and breaker - based on real-world incidents\, internal and external red teaming\, and live demos. If you’re building\, securing\, or reviewing AI-driven systems that do more than just chat\, this is the session to see what’s coming and how to stay ahead. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:7b587260a138ea5de372476dcc0d35bb URL:http://owaspglobalappseceuvienna20.sched.com/event/7b587260a138ea5de372476dcc0d35bb END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T083500Z SUMMARY:OWASP masCon - Introduction by OWASP MAS team to MAS Con DESCRIPTION:\n CATEGORIES:MOBILEAPPSECCON LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:4c3302cc18778603b9aef0193c2e2501 URL:http://owaspglobalappseceuvienna20.sched.com/event/4c3302cc18778603b9aef0193c2e2501 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T091500Z SUMMARY:AI Explainability Score Card DESCRIPTION:AI is tightening its grip on security operations\, but when no one can explain what a system is doing\, accountability breaks down and attackers gain the edge. Regulations like the EU AI Act now require AI systems to be transparent\, yet most organizations lack a concrete way to measure what “transparent” actually means. The AI Explainability Scorecard fills that gap by providing a fast\, practical way to assess whether an AI system is traceable and defensible\, scoring it on faithfulness\, comprehensibility\, consistency\, accessibility\, and operational clarity\, including for LLM-based systems. The takeaway is clear: if you cannot explain the results of your AI\, it is running your business\, not your people. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c452a07a0451ef72f649cacb38f56f27 URL:http://owaspglobalappseceuvienna20.sched.com/event/c452a07a0451ef72f649cacb38f56f27 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T091500Z SUMMARY:Why AppSec Fails at Scale (and How to Fix It) DESCRIPTION:As organizations grow\, application security often becomes more painful but not more effective. Vulnerabilities recur\, engineers feel blocked\, and security teams struggle to scale. These failures are rarely caused by careless engineers or missing tools — they are symptoms of broken systems.In this talk\, we examine why AppSec fails to scale\, particularly in growing teams and startups\, and why adding more guidelines\, scanners\, or training usually makes the problem worse. Instead\, let's approach application security as a sociotechnical system shaped by incentives\, defaults\, ownership boundaries\, and feedback loops.In this session\, you will hear about common failure modes such as compliance-driven security\, misplaced responsibility\, and metrics that reward activity instead of risk reduction. Then hear about practical strategies for fixing the system: shifting security into platforms and defaults\, reducing cognitive load for engineers\, and aligning AppSec goals with delivery pressure and business constraints. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c35f60c2c59fc75ae38b82a81593ec6b URL:http://owaspglobalappseceuvienna20.sched.com/event/c35f60c2c59fc75ae38b82a81593ec6b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T090000Z SUMMARY:OpenCRE.org: Uniting all standards and guidelines DESCRIPTION:In security\, it is important to understand the whole chain: from regulation to business risk\, to requirement\, to code example\, to vulnerability\, to test method\, to tool configurations. However\, so far there hasn’t been a solid way to interconnect standards\, documentation\, and tooling. Standards writers often work in isolation\, and tooling authors rightly focus on quality results instead of comprehensive information about those results.\nThe open source initiative OpenCRE.org connects all these sources of information: It links topics across multiple standards\, including the Top 10\, ASVS\, Pro-active controls\, Testing guide\, Cheat sheets\, SAMM\, SSDF\, ISO27001\, CSA CCMv3\, CWE\, CAPEC\, PCI-DSS\, NIST 800-53 and 63b. It further links code samples and offensive tooling configurations or rules. That way it serves as a universal translator\, to connect every role involved: executive\, compliance officer\, procurement\, architect\, developer\,and tester.\nThis talk takes you through how openCRE.org works\, how we have brought all these standards together\, how we used AI in a revolutionary way\, and how you can benefit in your work as a manager\, builder\, breaker\, buyer\, or standard maker! \n\nThe intended audience for this talk is anyone involved with Application Security and looking for an easy-to-use guide\, mapping standards to regulations to code and configurations. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:741313c2d7e3b005dc48aa7ff5c14e64 URL:http://owaspglobalappseceuvienna20.sched.com/event/741313c2d7e3b005dc48aa7ff5c14e64 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083000Z DTEND:20260625T091500Z SUMMARY:Scanning Agentic AI Systems: Beyond Traditional LLM Red Teaming DESCRIPTION:As agentic AI systems evolve from simple LLM interfaces into autonomous and multi-agent workflows. Given the high autonomy of agentic AI systems\, there is a growing need to perform a detailed risk assessment\, which means traditional LLM-focused red teaming is no longer enough. Unlike standalone LLMs with text input and output\, agentic systems interact with tools\, memory\, external data\, and other agents\, creating many new attack surfaces. Attacks may be introduced through emails\, tool descriptions\, or environmental content\, and their impact can go beyond model responses to affect system behavior\, planning\, and perform harmful real-world actions.\nIn this talk\, we share our hands-on journey building a comprehensive red teaming scanning solution tailored for agentic AI systems. We begin by analyzing why current scanning tools fall short\, specifically their emphasis on structured components (e.g.\, protocols like MCP\, A2A\, and Skills) while overlooking unstructured and highly dynamic attack vectors where most real-world risks emerge. We then walk through the technical challenges of simulating realistic attacks without harming production environments\, handling the diversity of agent architectures\, frameworks\, and agency-levels\, and designing scanners that generalize across heterogeneous systems.\nWe present a practical full scanning pipeline that creates a novel holistic solution\, including sandboxing and emulation strategies\, automated system discovery pipelines\, abstraction-based scanning mechanisms\, and a risk-aware robustness scoring framework that goes beyond binary attack success. Throughout the talk\, we highlight concrete lessons learned\, trade-offs between cost and reliability\, and real examples of agent-specific vulnerabilities.We conclude with a concrete end-to-end scanning workflow and discuss open challenges such as adaptive scanner generation and black-box agent discovery. Attendees will leave with a deep understanding of why agentic AI requires fundamentally new red teaming methodologies and with actionable techniques for securing real-world autonomous AI systems. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c4c4bd69160aa5299d148961d107100e URL:http://owaspglobalappseceuvienna20.sched.com/event/c4c4bd69160aa5299d148961d107100e END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T083500Z DTEND:20260625T092500Z SUMMARY:OWASP masCon - Let's get frooky: Structured Mobile DAST with Frida DESCRIPTION:Mobile application penetration tests can be challenging. In order to find vulnerabilities in the OWASP MAS Testing Profile L2\, security testers have to simulate attacks on compromised devices. When apps protect themselves with advanced static and dynamic hardening techniques\, security testers often rely on instrumentation in order to assess the security of the app at runtime.\n\nThis talk will present some of these challenges as seen in real world mobile apps and then present “frooky”\, a Frida-powered hook runner based on structured I/O. This tool was consolidated together with OWASP MAS leadership and released as a standalone project for OWASP MASTG. We will show you what it can do\, how it was developed and how you can use it for any mobile app penetration testing efforts in general. CATEGORIES:MOBILEAPPSECCON LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:86f1e01d96ceb67f842762450fdb38a7 URL:http://owaspglobalappseceuvienna20.sched.com/event/86f1e01d96ceb67f842762450fdb38a7 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T090000Z DTEND:20260625T093000Z SUMMARY:OWASP AI Testing Guide in Practice: Securing LLM Applications DESCRIPTION:This talk presents the OWASP AI Testing Guide as a practical extension of traditional application security methodologies for AI and LLM-based systems. It shows how AppSec engineers can systematically identify\, model\, and test AI-specific risks using an OWASP-aligned approach\, rather than relying on ad hoc assessments or vendor claims.The session starts with an architecture-driven threat modeling process for AI systems\, decomposing LLM applications into application\, model\, data\, and infrastructure layers. Using OWASP LLM Top 10 and threat modeling of AI System and Agent AI architectures\, the talk demonstrates how AI attack surfaces and threat scenarios can be identified and mapped to concrete security risks. These threats are then mapped to testable hypotheses using the OWASP AI Testing Guide\, bridging the gap between threat modeling and hands-on security testing.Through real-world examples\, the talk explores how common AI vulnerabilities manifest in practice\, including prompt injection\, jailbreak techniques\, sensitive data exposure\, model misalignment\, hallucinations\, RAG pipeline abuse\, and agent workflow exploitation. The audience will see how these issues can be tested in LLM-based applications using OWASP AITG test cases\, OWASP LLM Top 10 payloads\, and common AppSec and AI toolings.The session concludes by showing how AI security testing can be integrated into MLSecOps. It highlights how organizations can move from intuition-based AI security to evidence-based risk validation\, positioning OWASP AITG as a foundational methodology for securing AI systems within modern application security programs.The key message of the talk is that trustworthy AI is not achieved through design assumptions or policy statements\, but through systematic\, repeatable testing aligned with OWASP principles. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:a4746390011bfaf2fc46eb9a26a8bffa URL:http://owaspglobalappseceuvienna20.sched.com/event/a4746390011bfaf2fc46eb9a26a8bffa END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T101500Z SUMMARY:Actionable Continuous SBOM Diffing DESCRIPTION:SBOMs are known to be at the forefront of modern strategies to ensure supply chain security. However\, there are two key problems that traditional SBOM workflows do not solve: working with components that do not have well-established identifiers and the introduction of malware in the supply chain.This presents a significant gap between the expectations of SBOM adoption and the real value it can deliver. This talk will explore the concept of applying continuous SBOM diffing as part of the CI process. Rather than analyzing an SBOM for each release as a standalone artifact\, we can compute diffs and take actions based on whether something has changed from the previous component release.This approach makes all SBOM components actionable\, even those that otherwise seem meaningless. For example\, if an individual file that is not part of any library appears in an SBOM\, legacy approaches make it difficult to reason about such a file. However\, with continuous SBOM diffing\, tracking changes in such components becomes meaningful and therefore actionable. For example\, if a new component file appears with an unknown origin\, we can sanitize the build and conduct additional investigations into what happened.We will also demonstrate practical examples of how to achieve such actionable workflows using open-source tooling. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:6d4e50054ca5acc80a3cb43166d0f151 URL:http://owaspglobalappseceuvienna20.sched.com/event/6d4e50054ca5acc80a3cb43166d0f151 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T101500Z SUMMARY:The OWASP Top Ten 2025 DESCRIPTION:The OWASP Top Ten has been one of the most influential resources in application security for more than two decades — shaping training\, security programs\, and procurement decisions around the world. In this session\, we’ll unveil the newest edition of the OWASP Top Ten Critical Risks to Web Applications\, explain how it was built through community input and real-world data\, and show what these changes mean for you.We will cover all ten risks\, focusing more time on the new and expanded items\, as well as covering 3 ‘honourable mentions’ (#11\, #12\, and one that we do not have data to support). We’ll wrap up with practical guidance on how to use the Top Ten in your own programs (not as a compliance checklist\, but as a strategic awareness tool).Whether you’re an application security engineer\, developer\, or in management\, this is your chance to get ahead of the curve and help shape the conversation: the writing is open for comment\, and your feedback will make a difference. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:41b370e52998d3daea430074798d7b87 URL:http://owaspglobalappseceuvienna20.sched.com/event/41b370e52998d3daea430074798d7b87 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T095500Z SUMMARY:OWASP masCon - Unveiling The Internals From Multiplatform Mobile Runtimes DESCRIPTION:Flutter\, React and Unity are the main multiplatform runtimes of choice when developing mobile applications for iOS and Android. We will cover the main characteristics\, starting with the programming language associated with the framework\, the ecosystem\, the toolchains and showcase some clever low level details in their implementations. Recovering code and data from the final release binaries with the help of the opensource plugins for radare2. CATEGORIES:MOBILEAPPSECCON LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:4332bf22db76dd4bc3a33fb45a2ec323 URL:http://owaspglobalappseceuvienna20.sched.com/event/4332bf22db76dd4bc3a33fb45a2ec323 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T101500Z SUMMARY:Authorization Is Where Your App Goes to Lie DESCRIPTION:Your authorization logic probably lives in code\, while the rationale behind it lives only in people’s heads.That’s why authorization breaks in familiar ways: a missing check\, an incorrect assumption\, a copied snippet that made sense in one endpoint but was entirely wrong for another.This talk is about making authorization logic visible earlier\, during design\, so engineers have something concrete to implement and reviewers have something concrete to critique. We’ll walk through a lightweight\, design-time template that turns “who should be able to do what” into a structured artifact that can later be translated into policy-as-code\, tested\, and enforced consistently.No new tools required\; the focus is on a design-time step that fits cleanly into architecture reviews and threat modeling\, and makes authorization easier to get right. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:b9017fde0977a4c99ea60c9802e4dd8a URL:http://owaspglobalappseceuvienna20.sched.com/event/b9017fde0977a4c99ea60c9802e4dd8a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T101500Z SUMMARY:Admission of Guilt: I Exploited a Parking System for a Year (And What It Taught Me About AppSec) DESCRIPTION:If you’ve ever wanted to make AppSec relatable to your developers\, your business stakeholders\, etc…\nIf you want to hear an example of security flaws in a digital-physical system and how AppSec practices apply…\nIf you want to hear a funny story about my student-years shenanigans and maybe reminisce about your own…\nThen this is the talk for you.Security is often taught through theory\, but some of the most powerful lessons come from lived experience even when that experience involves some very questionable ethics.I will share with you the story of how I\, a broke university student\, reverse engineered and exploited a parking system to get free parking for a whole school year.But this talk isn’t just a funny story\, it’s about the lessons about AppSec that it taught me. And the realization that AppSec failures can have an impact on the physical world\, and will even more so in the future as our physical environments become more intertwined with technology. The current example is minor and relatively harmless\, but the implications of AppSec failures could have been far more serious in a different setting.We’ll dissect this real-world exploit and how the vulnerabilities directly map to application security. Then each aspect will be mapped to the relevant CWEs\, OWASP Top 10 categories and OWASP SAMM practices.I will leave you with one activity that would have likely prevented the issues in the aforementioned system\, and that I believe should be implemented in all organizations without exception. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:529a6e1b3d308ad55733e81292f28518 URL:http://owaspglobalappseceuvienna20.sched.com/event/529a6e1b3d308ad55733e81292f28518 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T100000Z SUMMARY:OWASP AI Security Verification Standard (AISVS) DESCRIPTION:AI systems face threats that traditional application security standards weren't built to address. This includes prompt injection\, training data poisoning\, model extraction\, agentic autonomy risks\, and more. The OWASP AI Security Verification Standard (AISVS) provides 400+ testable requirements across 14 chapters\, covering everything from input validation and model lifecycle management to MCP protocol security and autonomous agent controls. This lightning talk introduces the standard's structure\, its three verification levels\, and how security teams can use it today to assess and harden AI-powered applications. We'll show where AISVS fits alongside existing frameworks like ASVS\, NIST AI RMF\, and ISO 42001 and where it deliberately doesn't overlap. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:ead12563fdf44b9ae888b00ea2e0dd3a URL:http://owaspglobalappseceuvienna20.sched.com/event/ead12563fdf44b9ae888b00ea2e0dd3a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T093000Z DTEND:20260625T101500Z SUMMARY:Developing Effective Security Testing Skills with Objective Structured Assessments DESCRIPTION:Technical skill development and evaluation for application (software) security testers remains underdeveloped. There is no widely adopted framework defining core competencies\, proficiency levels\, or objective assessment criteria. In the absence of such standards\, the industry has defaulted to a fragmented ecosystem of private organizations offering training and certifications that insufficiently prepare the next generation of security testers for real-world testing.This environment disproportionately rewards those who benefit from exceptional mentorship or possess the time\, resources\, and aptitude for intensive self-directed learning. The popular mantra “Try Harder” reflects this culture of self-made expertise\, but it also serves as a substitute for formalized training models. Further\, aspiring security professionals are left toIn contrast\, more mature\, life-critical disciplines that demand high levels of technical skill (such as aviation and surgery) are built upon standardized curricula\, clearly defined skill progressions\, and objective methods for evaluating competence. This is not by chance\; over many decades\, these (and related) fields have honed in how to achieve optimal outcomes through evidence-based training programs and practices.In this talk\, we will examine the past\, present\, and prospective future of application security tester training in comparison to more mature professions that demand a high level of technical skill. We will introduce a novel framework for evaluating technical skills and demonstrate its application in combination with a comprehensive AppSec curriculum. Both the assessment framework and the curriculum will be released to the open-source community at the time of presentation. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5efe34c801af146d25769150023eb234 URL:http://owaspglobalappseceuvienna20.sched.com/event/5efe34c801af146d25769150023eb234 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T101500Z DTEND:20260625T111500Z SUMMARY:Lunch in Expo Hall DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:7d79e7b1c27159cf63237a8c2eb43c1d URL:http://owaspglobalappseceuvienna20.sched.com/event/7d79e7b1c27159cf63237a8c2eb43c1d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T101500Z DTEND:20260625T121500Z SUMMARY:Cybersecurity Awareness Card Game : Let's Play DESCRIPTION:Learn the foundations of cybersecurity through a card game.Participate in a tabletop\, technology-free “capture the flag” experience where players gain practical insights into protecting digital information\, responding to cyberattacks\, and understanding core concepts such as the Cyber Kill Chain and the NIST Cybersecurity Framework.For less experienced practitioners\, the game builds a strong foundational mindset to support their ongoing cybersecurity journey. For more experienced practitioners\, it offers a fresh\, engaging way to communicate and teach core cybersecurity concepts. This makes cybersecurity more accessible and approachable for others. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:818024ef0468e8f177798bb893b235bb URL:http://owaspglobalappseceuvienna20.sched.com/event/818024ef0468e8f177798bb893b235bb END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T101500Z DTEND:20260625T121500Z SUMMARY:Hunting Critical CVEs: A Hands-On\, Pick-Your-Own Exploitation POD DESCRIPTION:New CVEs are released constantly\, but in practice most teams never go beyond reading the advisory or relying on automated scanning. This POD is designed to change that by giving participants time and platform to hunt and exploit real-world critical CVEs.Participants will have access to 10 hands-on challenges\, each based on a real high or critical severity CVE commonly found in modern applications. Each challenge runs within a limited time window and can be attempted independently of the others.For each challenge\, participants can click a Deploy Lab option to spin up a temporary target system. The deployed application/system contains a previously undisclosed CVE to the participant\, and the task is to identify the vulnerability\, understand its behavior\, and exploit it to demonstrate impact.There is no fixed order or linear walkthrough. Participants are free to choose which CVEs to attempt\, how deep they want to go with each one\, and how long they want to stay in the activity. Some CVEs will allow participants to become admin\, some might give a reverse shell. Labs are provisioned on demand using infrastructure-as-code\, allowing participants to work independently on each challenge.Some participants may focus on understanding a single CVE and reproducing it reliably. Others may try to exploit multiple issues or explore alternate attack paths. Both approaches are expected and encouraged.The emphasis of this POD is on building practical intuition: how to read advisories critically\, identify vulnerable attack surfaces\, validate exploitability\, and understand real impact beyond severity scores. The activity is fully hands-on\, informal\, and designed so people can join and leave at any time without falling behind. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:312f882aa72a166e1f184301a057a133 URL:http://owaspglobalappseceuvienna20.sched.com/event/312f882aa72a166e1f184301a057a133 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T101500Z DTEND:20260625T121500Z SUMMARY:“2001: Agentic Odyssey” When threat modelling meets HAL\, agentic AI\, testing and safety engineering DESCRIPTION:“2001: Agentic Odyssey” is a hands-on\, drop-in POD where we threat model the HAL 9000 system from 2001: A Space Odyssey as if it were a modern agentic AI system (LLM + tools + permissions + side effects). I bring a HAL DFD\, and together we mark trust boundaries and do classic “what can go wrong?” threat identification. Participants then split into small groups to build attack-tree branches and translate them into Fault Tree Analysis (FTA) using AND/OR logic and minimal cut sets\, including lightweight probability estimates to prioritise the most likely failure chains. We finish by turning those failure paths into automation-ready test ideas (fault injection\, invariants\, evidence)\, and optionally drafting a structured HAL threat model for submission to the OWASP Threat Model Library. Designed so anyone can contribute in 10-15 minutes\, while advanced participants can go deep on FTA and prioritisation. Every stage is split into a way to enable drop-ins at any time. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:0e6ad96f20f6f5c53f05c8a75c5b1f04 URL:http://owaspglobalappseceuvienna20.sched.com/event/0e6ad96f20f6f5c53f05c8a75c5b1f04 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T120000Z SUMMARY:One IDE to Rule Them All - Securing Your Supply Chain’s Weakest Link DESCRIPTION:Your API keys\, business logic\, database connections\, sometimes even customer data and user information - might be all directly accessible from your IDE. This makes the IDE in one of the top spots for threat actors to try and break into.Because the IDE has direct access to so much data\, it makes your entire software supply chain to be as secure as a single extension\, turning it to the weakest link in the chain.It takes only one evil extension\, one vulnerability or one prompt\, to compromise your entire organization. We will explore how each of these attack scenarios can turn a developer’s workspace into a gateway for threat actors to exfiltrate customer data before a single line of code is even written.We’ll dive deep into the IDEs architecture\, starting from how IDE extensions are developed and their permissions stack\, and how threat actors could manipulate extensions and IDE configurations to bypass security measures including the ability to exfiltrate valuable information from the developer’s IDE\, then perform lateral movement directly after infection\, and their ability to stay persistent even after being removed.It's not just about threat actors hacking your IDE - they will go after everything in the organization that’s connected to it\, and they will try to stay there as long as possible.We’ll take a look at how threat actors could leverage vulnerabilities that lie in existing IDE extensions to execute remote code & exfiltrate information - transforming a developer's local machine into an under the radar backdoor of your organization. This includes our finding of multiple 0-day vulnerabilities in popular IDE extensions\, and our research of weaponizing Chromium 1-day vulnerabilities on Cursor & Windsurf.We’ll wrap up by giving the best practice recommendations for securing your IDE\, avoiding evil extensions\, adding company-wide policies and for approved extensions\, and showing security teams how to integrate IDE security into their organization at scale. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:6eb37524613c1b6ab5d65c2fe80a800f URL:http://owaspglobalappseceuvienna20.sched.com/event/6eb37524613c1b6ab5d65c2fe80a800f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T120000Z SUMMARY:Retiring CVE Chasing: Defending Against Application Exploit Techniques DESCRIPTION:Vulnerability scanners are everywhere. CVE databases are growing exponentially. Yet vulnerability exploitation has surpassed phishing as the leading initial access vector. What's going wrong?The problem isn’t a lack of vulnerability data – it’s that defenders are solving last year’s problems. While teams drown in CVE backlogs\, attackers use AI to rapidly weaponize exploit techniques that work across vulnerability classes. OS command injection\, deserialization\, and path traversal aren't just individual CVEs – they're attack patterns that persist regardless of patch status.This session introduces the Application Attack Matrix\, the first comprehensive\, community-driven framework mapping tactics\, techniques\, and procedures used against modern applications. Built by contributors from Mandiant\, Microsoft\, AWS\, and Meta\, it does for application security what MITRE ATT&CK did for enterprise defense.You’ll learn how to shift from reactive CVE remediation to proactive technique-based defense\, understand which exploit patterns dominate real-world attacks\, and prioritize security controls that protect against entire attack classes\, not just individual CVEs. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:94c28c33d8e464406f4f5ff54b1914bc URL:http://owaspglobalappseceuvienna20.sched.com/event/94c28c33d8e464406f4f5ff54b1914bc END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T114000Z SUMMARY:OWASP masCon - Recent Mobile App Security Incidents from Real-World Cases DESCRIPTION:This is a review of recent mobile app security incidents I work on day to day. We’ll walk through concrete cases from banking\, food delivery\, and e-commerce to break down how the breaches happened.\n\nBy the end\, you’ll have a clearer sense of which security practices hold up in modern mobile apps and which ones fail in practice. You’ll also learn what commonly introduces vulnerabilities and where to find secure practices that actually work. CATEGORIES:MOBILEAPPSECCON LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:42bf8d151d1a89acb4569b72fe7d30c5 URL:http://owaspglobalappseceuvienna20.sched.com/event/42bf8d151d1a89acb4569b72fe7d30c5 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T120000Z SUMMARY:The Map of Artificial Treasures: What to Automate in Security - and Why? DESCRIPTION:With the rise of AI\, especially large language models\, it seems every security workflow will soon be automated or heavily supported by automation - from LLM-powered threat-intelligence enrichment or compliance mappings to AI-written threat models\, codefixes and complete CISO roadmaps. But which processes will truly benefit\, and in which cases will AI just increase the risk of adding cost and complexity? As security managers or leaders\, how can we determine where to focus our efforts and investments upfront?This talk presents a practical framework for evaluating the effectiveness of AI-driven automation in application security and related fields. First\, we explore how to identify processes that are strong candidates for automation based on criteria such as repeatability\, return on investment\, and risk tolerance. Then\, we map typical security processes to AI approaches\, including large language models (LLMs)\, traditional machine learning\, retrieval-augmented generation (RAG)\, and hybrid systems.We will learn how these solutions are applied to critical security areas\, such as vulnerability management\, secure software development\, threat detection\, and compliance. We will explore an AI Capability Map\, industry benchmarks\, and real-world examples\, such as the use of RAG-powered chatbots for security guidance and LLMs for compliance analysis. Our goal is to help you determine where AI would be a good fit for your organization and where you would likely see measurable value when applying it\, so that you can make informed decisions. Also\, we will examine the available data: In which areas of the industry is value already being recognized? We explore potential pitfalls\, from fragile LLM implementations to poor risk modeling\, and discuss how to avoid wasting resources.Using industry data\, real-world experience\, and structured criteria\, this talk provides security leaders and practitioners with more guidance in this rapidly evolving field. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:ebcbe76141cc86ece4cb9d2ffedb1e95 URL:http://owaspglobalappseceuvienna20.sched.com/event/ebcbe76141cc86ece4cb9d2ffedb1e95 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T120000Z SUMMARY:The Velocity Paradox: Why Slow is Smooth and Smooth is Fast in AppSec DESCRIPTION:Many AppSec programs fail because they try to run before they can walk. But in the world of ever changing attack surface\, the truth is - Slow is smooth\, smooth is fast\, and 'smooth' is how we actually ship secure software at the speed of business.This presentation outlines our multi-phased methodology for establishing an AppSec program. This approach emphasizes incremental\, measurable\, and sustainable goals throughout the journey. I will share ‘why\, what and how’ of each major business-tailored adoption of frameworks like OWASP SAMM\, Security Champions Guide and open source solutions. This talk will cover both cultural and technical aspects of the program\, ranging from pushback from development to customization of language-specific-SAST policies to measuring the value with KPIs.Application security practitioners will be able to use the strategy shared in this talk to build and scale the AppSec program aligned with their business goals. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:46ac9844bf8c3d58c582cdda9db8b80c URL:http://owaspglobalappseceuvienna20.sched.com/event/46ac9844bf8c3d58c582cdda9db8b80c END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T111500Z DTEND:20260625T114500Z SUMMARY:OWASP ModSecurity DESCRIPTION:As the cornerstone of open-source Web Application Firewalls\, OWASP ModSecurity has protected the web for decades. However\, maintaining its relevance in today’s evolving threat landscape requires more than just incremental updates—it requires a fundamental modernization. This presentation dives deep into the recent engineering efforts aimed at transforming the ModSecurity codebase into a leaner\, more robust\, and future-proof security engine.Key highlights include:* Code Quality & Refactoring: How we addressed technical debt and implemented stricter development standards.* New Features: A look at the latest functionalities designed to counter sophisticated web attacks.* Dependency Management: The rationale behind removing abandoned libraries and the technical challenges involved.* The Path to a New Version: Why a major version update became necessary and what it means for the community.* Beyond the Code: A brief look at the supporting ecosystem\, including the complete renewal of the official website and documentation.Attendees will gain a clear understanding of the architectural decisions shaping the next era of ModSecurity and what to expect from the upcoming releases. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:7a81822ac68c0fca323090d09f8ef945 URL:http://owaspglobalappseceuvienna20.sched.com/event/7a81822ac68c0fca323090d09f8ef945 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T113000Z DTEND:20260625T123000Z SUMMARY:Private Board Meeting DESCRIPTION:\n CATEGORIES:MEETING LOCATION:Room -2.15 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:cd0c7f77743c0f1c82d9b4b4d8bfe759 URL:http://owaspglobalappseceuvienna20.sched.com/event/cd0c7f77743c0f1c82d9b4b4d8bfe759 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T114500Z DTEND:20260625T121000Z SUMMARY:OWASP masCon - Meet the New Frida Frontend on the Block DESCRIPTION:This talk introduces a new Frida frontend for macOS and iOS\, designed as an interactive\, persistent environment for exploring live processes.\n\nIt supports local and remote targets\, long-lived sessions that survive crashes\, and saved documents you can return to later. Built around this core model are a REPL\, a code tracer\, a powerful editor with completion and inline documentation\, a persistent notebook\, package management\, and built-in collaboration.\n\nWe’ll walk through the motivation and architecture behind the frontend\, and demo how a more stateful\, GUI-driven approach opens up new workflows for dynamic instrumentation—without naming names (yet). CATEGORIES:MOBILEAPPSECCON LOCATION:Vienna\, Austria SEQUENCE:0 UID:9867ab8daac9dccb8aa899412c53e4d4 URL:http://owaspglobalappseceuvienna20.sched.com/event/9867ab8daac9dccb8aa899412c53e4d4 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T114500Z DTEND:20260625T121500Z SUMMARY:OWASP KubeFIM: Detecting File Integrity Threats with eBPF & AI in Kubernetes DESCRIPTION:IntroductionFile Integrity Monitoring is still a critical part of runtime security\, but in Kubernetes it comes with new challenges. A single cluster can generate thousands of file system events per second across containers\, nodes\, and workloads. While eBPF allows us to safely and efficiently capture these events at the kernel level\, interpreting them remains a hard problem.OWASP KubeFIM AI is built to address this gap.This session presents how KubeFIM AI sits on top of the OWASP KubeFIM Agent and analyzes kernel-level File Integrity Monitoring events collected via eBPF. Instead of treating each event as an alert\, KubeFIM AI focuses on reasoning over events by correlating them with Kubernetes context such as pods\, namespaces\, images\, and workload behavior.Technical Details and Future RoadmapThe talk will cover:1. Why raw eBPF-based FIM events are difficult to use at scale2. What kernel-level file operations actually tell us during real attacks3. How KubeFIM AI models file behavior over time instead of reacting to single events4. Using Kubernetes context to distinguish expected behavior from suspicious activity5. How AI can reduce noise\, explain intent\, and improve triage without hiding technical detailsRather than using a generic large language model\, KubeFIM AI is designed around a domain-specific approach\, trained to understand file system behavior\, container lifecycles\, and Kubernetes runtime patterns. The focus is on producing human-readable security insights.The session will also discuss the roadmap for the project\, including plans to improve detection accuracy\, reduce alert fatigue\, and assist security teams with faster incident response in cloud-native environments.Explain why KubeFIM AI Is Not a SIEM ReplacementKubeFIM AI is not designed to replace a SIEM. It solves a different problem at a different layer of the stack.SIEM platforms focus on collecting\, storing\, and correlating logs and alerts from many sources across an organization. They are built for visibility\, compliance\, long-term retention\, and investigation across applications\, cloud services\, networks\, and users.KubeFIM AI operates much closer to the system. It works at the Linux kernel level using eBPF to observe file system behavior inside Kubernetes nodes and containers. Its primary role is to generate high-quality runtime security signals\, not to aggregate logs or manage incidents.The project intentionally avoids becoming a central log store or alerting platform. Instead\, it focuses on understanding why a file change occurred\, whether it matches expected workload behavior\, and whether it may indicate a security issue. This analysis happens before data is sent anywhere else.In practice\, CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:a17f5680cd3983bf376ab5dec9e7a7d1 URL:http://owaspglobalappseceuvienna20.sched.com/event/a17f5680cd3983bf376ab5dec9e7a7d1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T130000Z SUMMARY:From 0 to SLSA Level 3: A Practitioner's Field Guide DESCRIPTION:SLSA (Supply-chain Levels for Software Artifacts) promises to secure your software supply chain—but implementing it at enterprise scale is harder than the spec suggests. This talk shares our journey to SLSA Level 3\, including the architectural decisions\, performance trade-offs\, and customer escalations that shaped our approach.You'll learn:- Provenance attestation architecture for multi-tenant CI/CD pipelines- How to integrate SLSA verification without breaking existing workflows- Real metrics: what SLSA costs in CI minutes and what attacks it actually catches- Common implementation pitfalls and how to avoid themWhether you're just starting your SLSA journey or stuck at Level 2\, walk away with battle-tested patterns that work at scale. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:3f64db0c13923eef4c183c83fd79b10a URL:http://owaspglobalappseceuvienna20.sched.com/event/3f64db0c13923eef4c183c83fd79b10a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T130000Z SUMMARY:Beyond the Chatbox: Implementing Guardrails for Autonomous Agents and LLMs Using Tools DESCRIPTION:As LLMs evolve from passive text generators to autonomous Agentic AI\, the attack surface is shifting from simple prompt injection to Excessive Agency and Goal Hijacking. When we grant agents the power to execute shell commands\, call sensitive APIs\, or modify cloud infrastructure\, we are essentially deploying "unattended administrators" into our environments.\nThis session moves past theoretical AI risks to provide a hands-on blueprint for securing autonomous actors.I will explore the newly released OWASP Top 10 for Agentic Applications 2026\, focusing on critical vulnerabilities like ASI02 (Tool Misuse) and ASI05 (Unexpected Code Execution). Attendees will leave with a practical framework for implementing "Least-Agency" architecture\, hardware-enforced sandboxing\, and real-time intent validation. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c12eaae153576c7d3f1d0b4b752e07c8 URL:http://owaspglobalappseceuvienna20.sched.com/event/c12eaae153576c7d3f1d0b4b752e07c8 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T124000Z SUMMARY:OWASP masCon - Attacking ART DESCRIPTION:When analyzing the security of mobile applications\, we often have to overcome local security controls to perform a thorough audit. This can include obtaining access to the application’s internal storage\, disabling TLS pinning or forcing the application to use our interception proxy.\nFor many applications\, this is straightforward. We can install the app on our rooted device\, inject Frida and accomplish all of the above. However\, this gets tricky when the application has implemented resiliency controls\, known as Runtime Application Self Protection (RASP).\n\nIn this talk\, I will zoom in on one lesser-known technique targeting the Android Runtime (ART): Manipulating ODEX/VDEX files. Any code implemented in Java/Kotlin can easily be manipulated without leaving any traces. CATEGORIES:MOBILEAPPSECCON LOCATION:Vienna\, Austria SEQUENCE:0 UID:b1fac5d75a4b214607951322e64556db URL:http://owaspglobalappseceuvienna20.sched.com/event/b1fac5d75a4b214607951322e64556db END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T130000Z SUMMARY:Human Rights Threat Modeling DESCRIPTION:Security and privacy threat models are fundamental tools in AppSec\, but in modern systems\, such as Identity and Access Management (IAM) and AI\, they fail to intercept a growing class of threats: those that do not compromise the system but produce harm to people.In this talk\, we show why traditional threat models fail to capture these problems and how the limitation is not technical but cognitive. Human rights concepts are too abstract for many technicians\, just as security was for developers before Threat Modeling became a facilitated and shared practice.Through a concrete use case on IAM - extendable directly to AI systems - we present an approach that integrates Threat Modeling and harm modeling through a structured facilitation process\, supported by cards and serious games.The goal is not to turn developers into human rights experts but to make these threats visible\, debatable\, and mitigable using familiar AppSec tools. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:ded74eda14c36a022138fb6accd5c57e URL:http://owaspglobalappseceuvienna20.sched.com/event/ded74eda14c36a022138fb6accd5c57e END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T130000Z SUMMARY:Taming the AppSec Data Deluge DESCRIPTION:Application Security engineers face a critical challenge: information overload from disparate security tools create “decision paralysis”. How do you balance design reviews\, threat modeling\, code reviews\, monitoring alerts and managing your bug bounty program in an intentional instead of ad-hoc or reactive way?This presentation demonstrates a novel approach using AI agents combined with Model Context Protocol (MCP) servers to automate work discovery and prioritize intelligently. Through practical examples\, I'll show how Claude Code integrates with existing enterprise infrastructure—including issue tracking systems\, content management platforms\, Cloud Security Posture Management (CSPM) tools\, and version control systems—to create an autonomous triage and prioritization engine.You'll see how AI agents can pull together security data from all your different tools\, figure out what actually matters based on your business context and threat intel\, and spit out a prioritized to-do list that makes sense. I'll walk through real examples showing how this approach cuts down remediation times and helps you cover more ground with the same resources. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:4c8a4e1e1c443862f0a03adf7dadc2bb URL:http://owaspglobalappseceuvienna20.sched.com/event/4c8a4e1e1c443862f0a03adf7dadc2bb END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T124500Z SUMMARY:Evil User Stories Modeling: Ensuring your User Stories in agile playing OWASP Cornucopia DESCRIPTION:In this session\, I´ll show you how to sreamline the identification of security requirements associated with user stories in agile methodologies Using OWASP Cornucopia. Here you´ll se how to integrate User Stories with Cornucopia Cards and with ASVS as an security requirements and the defects that may arise if the security requirements are not properly considered or implemented. At the beginning \,we will explore two concepts I used to create this different way of playing OWASP Cornucopia and scaling it in agility\, complementing the architecture-based threat model: Evil User Stories Modeling and Secure Scrum. All of this to apply the principle Security Just in Time for design a single product backlog that integrates security functionalities and controls into user stories avoiding the creation of a cybersecurity parallel backlog. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:a0ce9318def195934abc62edada82576 URL:http://owaspglobalappseceuvienna20.sched.com/event/a0ce9318def195934abc62edada82576 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T121500Z DTEND:20260625T130000Z SUMMARY:This Build can Break You - Evil Runners and eBPF for Detection DESCRIPTION:CI/CD pipelines play an important role in modern software development. From a security perspective\, this methodology contributes to more secure products\, as automated checks can be applied on every run. Developers define tasks in a metadata file\, and the system executes the defined jobs automatically. But what if the build chain itself becomes the security problem\, allowing attackers to manipulate artifacts or take control of backend infrastructure? Let’s take a deep dive into “Poisoned Pipeline Execution” (OWASP CICD-SEC-4).Builds are typically carried out in multiple steps using Runners—agents that pick up jobs and execute build instructions. These instructions\, such as compiling a program or building a container image\, are usually performed inside containers. Containers may provide isolation\, but the effectiveness in terms of security strongly depends on the Runner’s configuration. Attackers can abuse Runners to execute arbitrary commands\, leading to information disclosure or privilege escalation. While such attacks are well documented\, effective detection mechanisms are often lacking.Any viable detection method must be independent of the source code\, language-agnostic\, and container-friendly. The eBPF technology\, which enables tracing of kernel-level activity\, is well suited for this purpose. In this talk\, we explore security vulnerabilities in CI Runners\, how they become targets for attackers\, and how malicious activities can be detected using eBPF. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:87b4728824810737dc80c6d39866510b URL:http://owaspglobalappseceuvienna20.sched.com/event/87b4728824810737dc80c6d39866510b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T123000Z DTEND:20260625T143000Z SUMMARY:AI for Code Security in Modern Codebases DESCRIPTION:Modern codebases are large\, fast-moving\, and increasingly AI-assisted\, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.Participants will actively work through realistic code security scenarios drawn from modern APIs\, cloud-native services\, and GenAI-enabled components. Using guided exercises and optional AI prompts\, attendees will identify vulnerabilities\, reason about exploitability\, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control\, injection\, insecure design\, and supply chain issues).This is not a talk or a tool demo. Participants will do the work themselves through short\, practical challenges. Beginners can follow structured steps\, while experienced AppSec practitioners can dive into advanced issues such as logic flaws\, authorization bypasses\, insecure AI integrations\, prompt injection risks in code\, and unsafe use of AI-generated code.The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments\, with or without AI tools. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:2a66cd0f4ecb967d4b1d7093fc2b7e0e URL:http://owaspglobalappseceuvienna20.sched.com/event/2a66cd0f4ecb967d4b1d7093fc2b7e0e END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T123000Z DTEND:20260625T143000Z SUMMARY:Context & Cringe - Application Privacy through Play DESCRIPTION:Privacy risks are rarely obvious when looking at data\, features\, or apps in isolation. They emerge through changing context and are impacted by user perception.In this POD\, participants play Context & Cringe\, a discussion-driven card game where players build fictional app scenarios using real-world data and features\, then judge how those designs feel from a user’s perspective.Rather than focusing on compliance or checklists\, this session helps participants develop intuition for privacy impact by actively creating\, debating\, and experiencing cringey design choices. The result is a hands-on\, low-barrier way to surface privacy risks that are often missed in a traditional security analysis - and a non-adversarial way to introduce uncomfortable topics into team discussions. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:68c65ce65760948fa84cec8b59f69a0a URL:http://owaspglobalappseceuvienna20.sched.com/event/68c65ce65760948fa84cec8b59f69a0a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T123000Z DTEND:20260625T143000Z SUMMARY:DDoS your friends DESCRIPTION:interactive DDoS competition - player on player!Each round players chooses to be an attacker or defender\, matches up with an opponent and configures their attack/defense. The attack traffic is run (speed run)\, scores are given based on attack traffic stopped vs let through\, and legit traffic blocked.Players gain points each round\, and there is an ongoing scoreboard. Leading attacker and defender configs are published too\, so defenders and attackers can adapt.The game is played on a webapp so can be accessed via mobile or laptop. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:2746bd0937c4a84e71b1b0a0f2b80df6 URL:http://owaspglobalappseceuvienna20.sched.com/event/2746bd0937c4a84e71b1b0a0f2b80df6 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T123000Z DTEND:20260625T143000Z SUMMARY:From Prompts to Payloads: Exploiting the AI-AppSec Intersection DESCRIPTION:LLMs are no longer standalone chatbots—they're increasingly embedded directly into application logic\, with access to databases\, APIs\, file systems\, and internal services. This architectural shift means the most dangerous LLM exploits don't just manipulate the model\; they use the model as an attack vector to reach traditional AppSec targets. Prompt injection becomes a path to SQL injection. Conversational manipulation enables SSRF. The AI agent becomes an unwitting insider threat.\nIn this hands-on POD\, participants will experience this convergence firsthand through a purpose-built vulnerable web application with an integrated AI agent. Through independent challenges\, attendees will discover how attackers chain LLM manipulation with classic web exploitation—and why securing AI-integrated applications requires understanding both domains.\nChallenges are designed for drop-in participation and cover multiple difficulty levels:- Beginner-friendly: Basic prompt manipulation and information disclosure- Intermediate: Chaining AI misuse with traditional web exploitation- Advanced: Multi-stage attacks combining indirect prompt injection with server-side vulnerabilities\nEach challenge is self-contained (under 15 minutes) with clear objectives\, hints available on request\, and facilitators ready to guide participants. Whether you're new to AI security or a seasoned pentester curious about LLM attack vectors\, you'll walk away with practical techniques applicable to real-world assessments.\nChallenges are mapped to multiple OWASP frameworks: the OWASP Top 10 for LLM Applications (covering risks like LLM01: Prompt Injection\, LLM07: Insecure Plugin Design)\, the OWASP API Security Top 10\, and the classic OWASP Web Application Top 10\, helping participants connect new AI risks to established security knowledge.\nNo prior AI/ML experience required. Just curiosity and a laptop with a modern browser. All challenges run in-browser against our cloud-hosted lab environment. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:1e95c17e03f817fda88821d69e3fa6b2 URL:http://owaspglobalappseceuvienna20.sched.com/event/1e95c17e03f817fda88821d69e3fa6b2 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T124500Z DTEND:20260625T130000Z SUMMARY:OWASP masCon - Closure of conference by OWASP MAS team DESCRIPTION: CATEGORIES:MOBILEAPPSECCON LOCATION:Vienna\, Austria SEQUENCE:0 UID:6ddef01693acb334b35284cce93fea7f URL:http://owaspglobalappseceuvienna20.sched.com/event/6ddef01693acb334b35284cce93fea7f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T124500Z DTEND:20260625T131500Z SUMMARY:OWASP MCP Top 10: When AI Agents Go Rogue\, Securing the Model Context Protocol DESCRIPTION:The OWASP MCP Top 10 identifies the most critical security risks in MCP-enabled ecosystems. At the top of that list sits MCP Top 01: Untrusted Context Injection\, a class of vulnerabilities where malicious inputs manipulate the context provided to AI agents\, influencing their reasoning and actions.Unlike traditional vulnerabilities that exploit deterministic code paths\, MCP attacks target the decision-making layer of AI systems.In this session\, we explore how attackers can manipulate agent context\, poison tool outputs\, or inject instructions that cause AI systems to leak sensitive data\, perform unintended actions\, or bypass security controls.Through real-world examples and architectural analysis\, we will walk through the emerging MCP threat model and discuss defensive patterns organizations must adopt to secure the next generation of agentic AI systems.The future of application security may depend on securing not just code but the context that AI thinks with. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:466ade49afbb12a40dabc1c849da3c80 URL:http://owaspglobalappseceuvienna20.sched.com/event/466ade49afbb12a40dabc1c849da3c80 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T130000Z DTEND:20260625T133000Z SUMMARY:PM Break in Expo Hall DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:c235902df017eaa818b0eaa54ad1dec1 URL:http://owaspglobalappseceuvienna20.sched.com/event/c235902df017eaa818b0eaa54ad1dec1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T131500Z DTEND:20260625T141500Z SUMMARY:OWASP Leaders Meeting DESCRIPTION:Calling all OWASP Leaders!  \;Join OWASP Foundation staff to discuss updates to Chapters\, Projects\, and the Foundation as a whole. \; This is your chance to receive updates and ask questions! CATEGORIES:MEETING LOCATION:Room -2.15 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:a91f3b42fdedba9f06cd6d826f4cc504 URL:http://owaspglobalappseceuvienna20.sched.com/event/a91f3b42fdedba9f06cd6d826f4cc504 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T141500Z SUMMARY:Pragmatic least-privilege for cloud and Kubernetes: applying good advice to real systems DESCRIPTION:Whichever public cloud you use\, there are literally hundreds of assignable permissions — and while everyone quotes the ideal of “least privilege\,” just when the deadline looms it becomes far too tempting to grant “just one more permission.” Before you know it\, your developer teams and service accounts are swimming in high privileges.In this session we’ll start from the basics of structured permission management\, then go deeper — all the way to time-limited access\, rule-based privileged-access workflows\, and on-demand role elevation. We won’t rehash each cloud provider’s security guide\; instead\, we’ll deliver pragmatic\, maintainable\, and flexible guidelines that balance solid permission hygiene with the realities of tight deadlines.This talk is targeted at security engineers\, cloud engineers or anyone just looking for a point to start organizing and structuring their permission approach. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:df69b0777d2d92ea96f9acb3e50bafb4 URL:http://owaspglobalappseceuvienna20.sched.com/event/df69b0777d2d92ea96f9acb3e50bafb4 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T141500Z SUMMARY:The Devil is in the Defaults - what to do about XSS DESCRIPTION:This session is about latest defenses against Cross-Site Scritping (XSS)\, the most prevalent security issue of all times. We will showcase typical XSS bugs and how they can be avoided. We will also explain why previous mechanisms fall short of protecting web sites at scale and why we believe Trusted Types and the Sanitizer API can help closing this gap.The presentation will also give hands-on advice to enable security and development teams adopting these new protections. We will close with a bit on security considerations and remainign risks. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:26a4b8272c46808841f8dae0bb86a7e1 URL:http://owaspglobalappseceuvienna20.sched.com/event/26a4b8272c46808841f8dae0bb86a7e1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T141500Z SUMMARY:AI and the Threat Modeling Manifesto: Conflicts\, Failure Modes\, and Better Patterns DESCRIPTION:AI is becoming increasingly embedded in threat modeling processes. Some organizations now claim that threat modeling can be performed entirely by AI. This appears to be a natural progression\, given the growing use of AI in software development itself.\n\nBefore the current wave of AI adoption\, the Threat Modeling Manifesto (TMM) was developed\, drawing inspiration from the Agile Manifesto. It distilled years of practitioner experience in application security into a short\, actionable document. The TMM emphasizes values such as a culture of finding and fixing design issues\, people and collaboration over tools\, and a journey of understanding rather than a static security snapshot.\n\nThis talk examines how AI-assisted threat modeling can diverge from these values through five recurring anti-patterns. These include treating AI as the hero threat modeler\, de-emphasizing human collaboration and input\, prioritizing snapshots over the journey of understanding\, delegating creativity to AI\, and favoring exhaustive enumeration over deliberate discussion.\n\nThe session then explores three silent failure modes that frequently emerge in the presence of these anti-patterns: hallucination\, automation bias\, and the illusion of completeness. Together\, they produce threat models that appear finished and authoritative\, while concealing subtle errors\, weakening shared understanding and ownership\, and failing to create the motivation needed for people to act.\n\nFinally\, the talk synthesizes emerging best practices observed across real-world AppSec teams. These include using AI as a facilitator rather than an authority\, designing explicitly for disagreement and multiple viewpoints\, and structuring processes that increase meaningful human participation and understanding.\n\nAttendees will leave with a practical framework for adopting AI-assisted threat modeling that helps teams avoid silent failures\, preserve human judgment and collaboration\, and use AI to generate output that gets understood and acted upon.\n\n CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:44feeab41cf8891e61713c960f678161 URL:http://owaspglobalappseceuvienna20.sched.com/event/44feeab41cf8891e61713c960f678161 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T141500Z SUMMARY:Agile Development and IT Security – From Conflict to Collaboration DESCRIPTION:Agile software development and IT security share the goal of delivering reliable\, robust software\, yet they often collide in practice. Security validation is still frequently deferred to the end of the development lifecycle\, producing findings too late to be effectively addressed. Under delivery pressure\, this can lead to defensive reactions toward security activities and tools. This talk explores why security issues are detected yet may not be processed soon and shows how integrating security early and continuously can transform friction into collaboration. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5f0d5bbf26c1dc4b203d2837b3c2024c URL:http://owaspglobalappseceuvienna20.sched.com/event/5f0d5bbf26c1dc4b203d2837b3c2024c END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T140000Z SUMMARY:OWASP AI Exchange Showcase DESCRIPTION:OWASP's flagship project\, AI Exchange\, is the world's AI security guide.\n300+ pages of free\, constantly-evolving\, practical guidance on securing AI systems. It covers the fundamentals and represents the closest publicly available alignment of global expert consensus\, feeding directly into the AI Act and ISO standards through a unique SDO partnership. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:b7d72480adb19574c6f16ab285ebe1c5 URL:http://owaspglobalappseceuvienna20.sched.com/event/b7d72480adb19574c6f16ab285ebe1c5 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T133000Z DTEND:20260625T141500Z SUMMARY:Boiling the Ocean for Signal: Lessons from High-Volume OSS Malware Detection DESCRIPTION:Malicious open source packages are on the rise\, targeting more and more ecosystems. And while open source maintainers and users struggle to secure the immense attack surface of today’s software development practice\, attackers continue to evolve their techniques.This talk presents lessons learned from developing and operating an end-to-end malware detection pipeline in an enterprise setup that automatically scans tens of thousands packages a day\, and is followed by human review of reported malware. It provides an overview about and fundamental design decisions\, starting from a suitable classification scheme and the selection of meaningful signals with a low signal-to-noise ratio\, to the compilation of Indicators of Compromise and the final reporting of confirmed malicious packages to the respective registries and third-party databases like OSV. The individual sections and learnings will be motivated and illustrated through real-world samples as well as descriptive statistics obtained from our system.Session attendees will learn about:- Latest open source malware trends\,- common evasion techniques used by attackers\, from encoding techniques\, code transformations and payload splitting to prompt instructions aiming to sabotage LLM-based detectors\,- the shortcomings of current malware datasets in regard to supporting developers in the evaluation of malware scanners\, e.g.\, the lack of accompanying metadata and qualitative descriptions\,- the importance and complementarity of code and metadata-based detection signals\,- requirements and design decisions for an end-to-end OSS malware scanner\, e.g.\, the realization that a binary classification benign/malicious is not colorful enough for the breadth of software distributed through OSS registries like npm or PyPI\, and- descriptive statistics obtained from our system\, showing the prevalence of techniques used in the wild\, e.g.\, the prevalence of different malware triggers and targeted platforms.As such\, the presentation targets both open source users interested in the latest malware trends and safeguards\, as well as builders wanting to create an end-to-end OSS scan pipeline\, e.g.\, because their ecosystem is already targeted by attackers but not yet or not sufficiently covered by state-of-the-art scanners. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:89f7449cc26e33eeac0b62d54c7b1b3b URL:http://owaspglobalappseceuvienna20.sched.com/event/89f7449cc26e33eeac0b62d54c7b1b3b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260625T141500Z DTEND:20260625T164500Z SUMMARY:Networking Reception in Expo Hall and OWASP Jeopardy! DESCRIPTION:Come mingle with attendees and exhibitors AND have the chance to win prizes during OWASP Jeopardy with Jerry Hoff! CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:2f59dc3110fca97eb0b5e3bc461e36d2 URL:http://owaspglobalappseceuvienna20.sched.com/event/2f59dc3110fca97eb0b5e3bc461e36d2 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T063000Z DTEND:20260626T070000Z SUMMARY:Coffee/tea DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:d7173e029a8dae1d60396967d6baf11d URL:http://owaspglobalappseceuvienna20.sched.com/event/d7173e029a8dae1d60396967d6baf11d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T070000Z DTEND:20260626T071500Z SUMMARY:Opening Remarks DESCRIPTION:Welcome to the OWASP Global AppSec EU 2026 conference! We are excited you are with us\, not only to attend this amazing event\, but also to celebrate our 25th anniversary!\n\nDon't miss the opening remarks for the event as we welcome you and provide a few key details to provide you with a roadmap to a successful time with us! CATEGORIES:KEYNOTE LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:7546b57ec3793405062f3e73fd2d8223 URL:http://owaspglobalappseceuvienna20.sched.com/event/7546b57ec3793405062f3e73fd2d8223 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T071500Z DTEND:20260626T080000Z SUMMARY:Keynote: We Live in the Future: The Death and Rebirth of Application Security DESCRIPTION:\n CATEGORIES:KEYNOTE LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:07d1495750c269b9ac9e2181d3aef318 URL:http://owaspglobalappseceuvienna20.sched.com/event/07d1495750c269b9ac9e2181d3aef318 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080000Z DTEND:20260626T120000Z SUMMARY:Bob the Breaker: Welcome to the Jungle! (Sponosored by Nokod Security) DESCRIPTION:\nThe jungle is thick\, the paths are tangled\, and Bob the Breaker is already deep inside.\n\nBehind polished apps and smooth workflows lies a wild terrain of permissions\, hidden data\, andnewly unleashed AI agents roaming freely through the system.\n\nVines of automation twist everywhere\, secrets hide beneath the canopy\, and Bob has beenswinging from one weak spot to the next\, uncovering what was never meant to be found.\n\nFollow Bob into the canopy\, capture the flags\, and out-hack the competition.\n\nSwing by the Nokod booth Thursday June 24 (10:15\, 13:00\, 16:00) to catch livevulnerability demos and grab clues to help you navigate the CTF jungle CATEGORIES:BONUS TRACK LOCATION:TBA\, Vienna\, Austria SEQUENCE:0 UID:b87302f4516d635aead617eebd349bc4 URL:http://owaspglobalappseceuvienna20.sched.com/event/b87302f4516d635aead617eebd349bc4 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080000Z DTEND:20260626T140000Z SUMMARY:OWASP Official Store: Come explore books\, games and merch (or Explore CyberSec Games\, OWASP books and official merch) DESCRIPTION:Come visit our table in the Expo Hall for books\, games\, and merch CATEGORIES:BONUS TRACK LOCATION:Vienna\, Austria SEQUENCE:0 UID:93ce6d4c1a610915c3e1592be2a7400f URL:http://owaspglobalappseceuvienna20.sched.com/event/93ce6d4c1a610915c3e1592be2a7400f END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080000Z DTEND:20260626T083000Z SUMMARY:AM Break in Expo Hall DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:3dc39439e2b51fcda6bac3e05cff6542 URL:http://owaspglobalappseceuvienna20.sched.com/event/3dc39439e2b51fcda6bac3e05cff6542 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080500Z DTEND:20260626T100500Z SUMMARY:Cybersecurity Awareness Card Game : Let's Play DESCRIPTION:Learn the foundations of cybersecurity through a card game.Participate in a tabletop\, technology-free “capture the flag” experience where players gain practical insights into protecting digital information\, responding to cyberattacks\, and understanding core concepts such as the Cyber Kill Chain and the NIST Cybersecurity Framework.For less experienced practitioners\, the game builds a strong foundational mindset to support their ongoing cybersecurity journey. For more experienced practitioners\, it offers a fresh\, engaging way to communicate and teach core cybersecurity concepts. This makes cybersecurity more accessible and approachable for others. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:3a60daed68f2e355186e84e1f400e9ff URL:http://owaspglobalappseceuvienna20.sched.com/event/3a60daed68f2e355186e84e1f400e9ff END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080500Z DTEND:20260626T100500Z SUMMARY:DDoS your friends DESCRIPTION:interactive DDoS competition - player on player!Each round players chooses to be an attacker or defender\, matches up with an opponent and configures their attack/defense. The attack traffic is run (speed run)\, scores are given based on attack traffic stopped vs let through\, and legit traffic blocked.Players gain points each round\, and there is an ongoing scoreboard. Leading attacker and defender configs are published too\, so defenders and attackers can adapt.The game is played on a webapp so can be accessed via mobile or laptop. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c48448b3bf96cb2f4ef41b7723f21d19 URL:http://owaspglobalappseceuvienna20.sched.com/event/c48448b3bf96cb2f4ef41b7723f21d19 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080500Z DTEND:20260626T100500Z SUMMARY:From Prompts to Payloads: Exploiting the AI-AppSec Intersection DESCRIPTION:LLMs are no longer standalone chatbots—they're increasingly embedded directly into application logic\, with access to databases\, APIs\, file systems\, and internal services. This architectural shift means the most dangerous LLM exploits don't just manipulate the model\; they use the model as an attack vector to reach traditional AppSec targets. Prompt injection becomes a path to SQL injection. Conversational manipulation enables SSRF. The AI agent becomes an unwitting insider threat.\nIn this hands-on POD\, participants will experience this convergence firsthand through a purpose-built vulnerable web application with an integrated AI agent. Through independent challenges\, attendees will discover how attackers chain LLM manipulation with classic web exploitation—and why securing AI-integrated applications requires understanding both domains.\nChallenges are designed for drop-in participation and cover multiple difficulty levels:- Beginner-friendly: Basic prompt manipulation and information disclosure- Intermediate: Chaining AI misuse with traditional web exploitation- Advanced: Multi-stage attacks combining indirect prompt injection with server-side vulnerabilities\nEach challenge is self-contained (under 15 minutes) with clear objectives\, hints available on request\, and facilitators ready to guide participants. Whether you're new to AI security or a seasoned pentester curious about LLM attack vectors\, you'll walk away with practical techniques applicable to real-world assessments.\nChallenges are mapped to multiple OWASP frameworks: the OWASP Top 10 for LLM Applications (covering risks like LLM01: Prompt Injection\, LLM07: Insecure Plugin Design)\, the OWASP API Security Top 10\, and the classic OWASP Web Application Top 10\, helping participants connect new AI risks to established security knowledge.\nNo prior AI/ML experience required. Just curiosity and a laptop with a modern browser. All challenges run in-browser against our cloud-hosted lab environment. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:0ac73b025402bb2c725c2462e32c7352 URL:http://owaspglobalappseceuvienna20.sched.com/event/0ac73b025402bb2c725c2462e32c7352 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T080500Z DTEND:20260626T100500Z SUMMARY:Hunting Critical CVEs: A Hands-On\, Pick-Your-Own Exploitation POD DESCRIPTION:New CVEs are released constantly\, but in practice most teams never go beyond reading the advisory or relying on automated scanning. This POD is designed to change that by giving participants time and platform to hunt and exploit real-world critical CVEs.Participants will have access to 10 hands-on challenges\, each based on a real high or critical severity CVE commonly found in modern applications. Each challenge runs within a limited time window and can be attempted independently of the others.For each challenge\, participants can click a Deploy Lab option to spin up a temporary target system. The deployed application/system contains a previously undisclosed CVE to the participant\, and the task is to identify the vulnerability\, understand its behavior\, and exploit it to demonstrate impact.There is no fixed order or linear walkthrough. Participants are free to choose which CVEs to attempt\, how deep they want to go with each one\, and how long they want to stay in the activity. Some CVEs will allow participants to become admin\, some might give a reverse shell. Labs are provisioned on demand using infrastructure-as-code\, allowing participants to work independently on each challenge.Some participants may focus on understanding a single CVE and reproducing it reliably. Others may try to exploit multiple issues or explore alternate attack paths. Both approaches are expected and encouraged.The emphasis of this POD is on building practical intuition: how to read advisories critically\, identify vulnerable attack surfaces\, validate exploitability\, and understand real impact beyond severity scores. The activity is fully hands-on\, informal\, and designed so people can join and leave at any time without falling behind. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:4998bc8b87737c49ae00711efdd85139 URL:http://owaspglobalappseceuvienna20.sched.com/event/4998bc8b87737c49ae00711efdd85139 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T091500Z SUMMARY:When AI Attacks AI: Inside the Self-Propagating Botnet Built on Compromised AI Infrastructure DESCRIPTION:ShadowRay did not disappear after disclosure.Despite extensive public reporting and technical analysis\, the campaign remains active and continues to expand in scale\, with more than 230\,000 exposed Ray endpoints and an order-of-magnitude increase in observed exploitation.Enter a self-propagating botnet built from compromised machine-learning clusters\, all running on Ray—the de facto execution layer of modern AI infrastructure\, embedded across production training pipelines\, inference services\, and internal compute platforms.This is ShadowRay 2.0.The attackers weaponized Ray's orchestration features to spread autonomously across exposed servers\, turning victims into both mining rigs and propagation nodes.We'll walk through the concrete evidence that enabled the researchers to stop the attack in real time by finding billions worth of compute that were compromised. This includes LLM-generated payloads evolving in real-time\, GPU cryptojacking\, competitor miner elimination scripts\, how Ray's own APIs were weaponized for lateral movement\, and more.The talk also reveals the techniques employed by the attackers to evade detection\, employing CI/CD for malware distribution\, and building multi-purpose capabilities beyond cryptojacking\, including DDoS\, data exfiltration\, and more. This is AI infrastructure turned against itself\, at internet scale with verifiable proof. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:11f399c9cb7dd80e4b043ab7484a745c URL:http://owaspglobalappseceuvienna20.sched.com/event/11f399c9cb7dd80e4b043ab7484a745c END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T091500Z SUMMARY:DOMination - Abusing the Permission Model in Web Extensions DESCRIPTION:People in your organization might have a living-breathing backdoor right now\, and you don’t even know it.EDR wouldn’t catch it - not because it employs a zero-day\, but because it behaves harmlessly. It might be a malicious extension that wasn’t flagged yet that has excessive permissions\, it might be an NPM package that reads .env files and sends them to a remote server\, and it might be an Android application tracking your location.During our research we detected two seemingly innocent Chrome extensions that add a sidebar with AI capabilities over any website\, with a total of 900\,000+ users. These extensions had a backdoor that exfiltrated both your browser history and your ChatGPT & DeepSeek conversations - none of them were flagged by anti-malware and EDR tools.These extensions\, together with almost any add-on\, NPM package\, or application you have installed have broad permissions\, giving them the ability to execute code\, read files\, and basically do anything on your machine.During our presentation we will present how we dissect a malicious Chrome extension\, the techniques that it uses to avoid detection and how it reads and exfiltrates data. We’ll also show how actors think\, from cloning legitimate extensions\, adding their malicious code and bypassing store reviews in order to publish their malicious extensions into the official Chrome Web Store.We will present how the permissions model works in different platforms\, including the Chrome Web Store\, the Android Play Store\, and IDE marketplaces - allowing different malware on different platforms to perform bad activities.Lastly\, we will give our insights about how to best protect your personal browser at home and in your organization\, to help you reduce the possibility of being infected from malware in official marketplaces. We’ll also discuss how a good permission model should look like\, and what companies can do to return the power to the users over their private information in order to protect them from extensions and applications reading their data unknowingly. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:85663b0753dd994bfac4c35c93fa24b1 URL:http://owaspglobalappseceuvienna20.sched.com/event/85663b0753dd994bfac4c35c93fa24b1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T091500Z SUMMARY:From ASVS to APVS: What Changes When You Treat Privacy as a System Property? DESCRIPTION:Privacy is increasingly expected to be “built in by design”\, yet most privacy guidance remains legal\, abstract\, or disconnected from how systems are actually designed and reviewed. As a result\, privacy is still treated as a compliance exercise rather than an engineering discipline.In this talk\, we share early lessons from the OWASP Privacy Project and our work on the Application Privacy Verification Standard (APVS). Drawing on familiar AppSec concepts such as ASVS\, threat modeling\, and weakness classification\, we explore what changes when privacy is treated as a system property rather than a checkbox.We discuss where traditional security controls fall short\, how privacy risks can exist without attackers or breaches\, and how we are translating high-level privacy principles into actionable guidance for architects and developers. This is not a finished standard\, but a candid look at what works\, what doesn’t\, and where practitioner feedback is essential as the project evolves. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:6e90ea29bdd2a6f8fe9b1dcf8604fc57 URL:http://owaspglobalappseceuvienna20.sched.com/event/6e90ea29bdd2a6f8fe9b1dcf8604fc57 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T091500Z SUMMARY:Keep It Between Us: Manipulating Humans for Better AppSec (Ethically) DESCRIPTION:Most AppSec programs fail not because people disagree with security\, but because security competes with habits that are already winning. Developers don’t wake up wanting to threat-model or review alerts - they wake up wanting to ship.In this talk\, we’ll stop trying to “convince” people to care about security and instead learn how to design AppSec activities so they naturally stick. Using proven techniques from behavioural science\, you’ll learn how to create a quiet\, behind-the-scenes plan that turns security tasks into habits - without mandates\, enforcement\, or friction-heavy processes.We’ll explore how to reduce friction\, align incentives\, and embed security into existing workflows\, so secure behavior becomes the default. This is not about more policies or awareness training. It’s about building a deliberate\, ethical “secret plan” that makes AppSec activities feel wanted\, automatic\, and hard to avoid - in the best possible way. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:221ce4f5fbee087cc1a9fadbb9bcf61a URL:http://owaspglobalappseceuvienna20.sched.com/event/221ce4f5fbee087cc1a9fadbb9bcf61a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T100000Z SUMMARY:Hands-On AI Security Assessment with OWASP AISVS (Workshop) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\n\nHow do you actually verify that an AI system is secure? In this workshop\, the AISVS project leads walk through practical assessment scenarios using the OWASP AI Security Verification Standard. We'll work through real requirements from chapters on prompt injection defense\, agentic action security\, RAG/vector database hardening\, and output safety controls\, showing what "verify that" looks like in practice against running systems. Participants will leave with a working understanding of how to scope an AI security assessment\, select appropriate verification levels\, and apply AISVS requirements to LLM-based applications\, autonomous agents\, and MCP-connected tool ecosystems. Bring a laptop if you want to follow along. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:48859c09c56ad6e067b15c35a44dccc8 URL:http://owaspglobalappseceuvienna20.sched.com/event/48859c09c56ad6e067b15c35a44dccc8 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T100000Z SUMMARY:OWASP Certified Secure-Software Developer (Call for Contributors) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\nZone 4\n\nOWASP Certified Secure-Software Developer Certification project is aimed at developing a certification program for developers. \nThis presentation will take the audience through the journey of OCSD\, the progress made so far and will include a call for contributions. This session seeks to answer common questions about the relevance of the certification in the world where applications are stood up in a matter of hours using Claude / AI.\nWe would like to demonstrate the relevance of OCSD in the face of development / coding carried out with the help of AI / tools. We have the curriculum content and have added references from OWASP body of knowledge. We would like to make a call contribution to review the curriculum\, the references and add supplementary reading material. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:12d8a046167ba88c0aaafc13a72d2a3b URL:http://owaspglobalappseceuvienna20.sched.com/event/12d8a046167ba88c0aaafc13a72d2a3b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T100000Z SUMMARY:OWASP CycloneDX Sunshine: see CycloneDX SBOMs come to life & chat with them (Workshop) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\nZone 3\n \;\nEver looked at a CycloneDX file and thought\, there’s gotta be a better way to read this? You're not alone. In late December 2024 OWASP CycloneDX unveiled a brand new SBOM visualization tool called Sunshine - a first-of-its-kind visualization tool that transforms static CycloneDX SBOM files into intuitive\, interactive experiences. Sunshine lets you explore software components\, dependencies\, vulnerabilities\, and licenses like never before. As an open-source tool under the Apache 2.0 license\, it's accessible to everyone. Designed with a privacy-first approach\, all processing happens client-side\, ensuring your SBOM data remains entirely within your browser.Presented for the first time at OWASP AppSec EU 2025\, since then many new features have been released and will be showcased at OWASP AppSec EU 2026:- Advanced filters\, to let you focus and prioritize according to your own personal criteria- Ability to easily identify and analyse n-tier dependencies within the SBOM- "Query my SBOM" feature: an integrated full fledged SQL engine to let you literally query your SBOM in a powerful yet simple way - and export results in CSV- Thanks to the invaluable community feedback and support\, compatibility and stability have been largely improved\, now being able to seamlessly analyze big and complex SBOMs- Last but not least: during the conference a brand new exciting feature will be presented: "Chat with my SBOM"\, a privacy-first LLM-based AI chatbot entirely running in your browser (no server side components involved)\, that will empower you to get information from your SBOM in a convenient conversational way.Join us for a hands-on walkthrough of Sunshine\, where you’ll get to see it in action — not just slides. You will see how Sunshine helps developers\, security pros\, and even less-technical stakeholders actually understand what's in a software bill of materials. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:0e3f087a5f43a0e5ad1738e8cb81bf6a URL:http://owaspglobalappseceuvienna20.sched.com/event/0e3f087a5f43a0e5ad1738e8cb81bf6a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T090000Z SUMMARY:When Museums Get Hacked: OWASP Top 10 Lessons from Heists DESCRIPTION:Historically (pun intended) the OWASP Top 10 has been a standard awareness document for developers and web application security. However its mitigation strategies can transcend history and be applied to critical infrastructures under attack\, *exempli gratia* museums.In this talk\, we’ll explore the newest OWASP Top 10 (released in November MMXXV) through the lens of famous Museum heists (Louvre\, you are not alone) — a narrative journey through security blind spots\, sneaky exploits\, and lack of awareness. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:7894f686b6f952327c3e175f4c872b31 URL:http://owaspglobalappseceuvienna20.sched.com/event/7894f686b6f952327c3e175f4c872b31 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T083000Z DTEND:20260626T091500Z SUMMARY:Your Localhost Is Lying to You: Trust Boundary Failures in Enterprise SSO DESCRIPTION:When an attacker lands on a user’s machine\, your SSO should not hand them the keys to your network. Yet many enterprise systems do because they assume localhost subdomains are safe. They are not.This talk shows how a common DNS misconfiguration (localhost.target.com → 127.0.0.1)\, combined with domain-wide cookies (Domain=.target.com)\, allows a locally executed request context to inherit an authenticated session. No XSS. No phishing. Just browser-native behavior.This flaw is rarely detected by scanners or standard penetration tests\, yet it appears in real enterprise deployments today. The session presents a practical testing methodology\, a defensive checklist\, and research-based validation techniques to assess this class of trust boundary failure safely.Attendees will leave able to identify and fix this issue in their own SSO deployments next week. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:82db0b847ad230f912d4e08bf912f79c URL:http://owaspglobalappseceuvienna20.sched.com/event/82db0b847ad230f912d4e08bf912f79c END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T090000Z DTEND:20260626T093000Z SUMMARY:From Maturity to Mastery: Accelerating Software Security with OWASP SAMM DESCRIPTION:Are you looking to strengthen your organization’s software assurance program\, prove compliance with industry frameworks\, or simply level up your AppSec game? Join OWASP project leaders Sebastien and Aram for an engaging introduction and the latest updates on OWASP Software Assurance Maturity Model (SAMM) — the open\, community-driven standard for building and measuring software security practices.This session will highlight how SAMM helps organizations jumpstart\, assess\, and accelerate their software assurance roadmap\, with practical takeaways you can apply right away:• Tools and Assessment Guidance – Learn about the growing ecosystem of SAMM tools and the latest assessment techniques that make measuring and improving your maturity more approachable than ever.• Framework Mapping – See how SAMM connects with industry standards like the NIST Secure Software Development Framework (SSDF) and OpenCRE\, helping you demonstrate compliance and align with external requirements while maintaining a developer-friendly approach.• Benchmarking with Peers – Discover the OWASP SAMM Benchmark\, which allows organizations to compare their security practices against peers and industry trends anonymously—helping you spot strengths\, identify gaps\, and track progress over time.Whether you’re new to SAMM or already using it\, you’ll gain actionable strategies\, practical insights\, and a clear roadmap to achieving security excellence. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:7ebd363a3abc2699ee70c9a752a2b4d0 URL:http://owaspglobalappseceuvienna20.sched.com/event/7ebd363a3abc2699ee70c9a752a2b4d0 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T100000Z SUMMARY:Using OWASP SAMM and OWASP DSOMM together in practice DESCRIPTION:Security is widely recognized as one of the top global risks\, yet many organizations struggle managing that risk effectively. One of the key reasons is that application security efforts often consist of fragmented tools and isolated practices rather than a coherent program focused on people\, processes\, and tools.Within the OWASP community\, two mature models exist to support application security programs\, OWASP Software Assurance Maturity Model (SAMM) and OWASP DevsSecOps Maturity Model (DSOMM). However\, practitioners frequently struggle to understand how these models differ\, where they overlap\, and how they should be applied in practice. As a result\, SAMM and DSOMM are often perceived as competing frameworks. Moreover\, their breadth and depth can be overwhelming for teams encountering them for the first time\, reinforcing the myth that they must choose one or the other.This talk provides a structured\, high level introduction to both OWASP SAMM and OWASP DSOMM\, focusing on their shared principles as well as their key differences. By introducing a simple taxonomy of security scopes\, the session explains why multiple security frameworks are necessary and clarifies where SAMM and DSOMM each fit. SAMM is positioned as a model focused on organizational security capabilities and application program maturity\, supporting management and strategic decision making\, while DSOMM focuses on DevSecOps implementation and operational practices\, providing concrete guidance for technical teams and engineering workflows.This session concludes with a practical case study of a SaaS organization\, illustrating how SAMM and DSOMM can be used together to create a coherent improvement roadmap. The case study demonstrates how organizations can start small\, avoid boiling the ocean\, and use both models in tandem to achieve structured\, practical\, and sustainable improvements in application security. CATEGORIES: LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:0b9e274577a79cac5a40624990736596 URL:http://owaspglobalappseceuvienna20.sched.com/event/0b9e274577a79cac5a40624990736596 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T101500Z SUMMARY:Infrastructure Doesn’t Lie: Using Infrastructure Signals to Detect Shadow AI Built Applications DESCRIPTION:AI app builders now enable production apps to ship without repositories\, CI/CD\, or security review\, often by non-traditional developers outside established engineering workflows. These Shadow AI apps bypass AppSec pipelines and governance\, creating a growing blind spot in enterprise environments. This talk demonstrates how DNS\, TLS\, and hosting signals can detect shadow AI apps that existing controls miss. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:3a54a8c77866ebf0e2004abd5225e398 URL:http://owaspglobalappseceuvienna20.sched.com/event/3a54a8c77866ebf0e2004abd5225e398 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T101500Z SUMMARY:Q-Day is Cancelled: Practical Strategies to Defeat 'Harvest Now\, Decrypt Later' DESCRIPTION:The arrival of cryptographically relevant quantum computers (CRQC) is no longer a theoretical "if"—it is a question of "when." With the "Harvest Now\, Decrypt Later" (HNDL) attack vector\, adversaries are already stockpiling encrypted traffic today to decrypt it once quantum capability matures. In August 2024\, NIST officially finalized the first set of Post-Quantum Cryptography (PQC) standards (FIPS 203\, 204\, and 205)\, marking the starting gun for the greatest cryptographic migration in history.This session moves beyond the math of lattices and isogenies to focus on the immediate engineering reality. we will dissect the current state of PQC adoption across major tech giants and nation-states\, analyzing how entities like Cloudflare\, Google\, and the US Federal Government are operationalizing these new algorithms. We will provide a technical primer on the finalized standards—ML-KEM (Kyber)\, ML-DSA (Dilithium)\, and SLH-DSA (SPHINCS+)—and expose the hidden performance pitfalls and "gotchas" in implementation.Attendees will leave with a combat-tested roadmap for enterprise PQC migration. We will cover how to conduct a cryptographic inventory (discovery)\, the necessity of "hybrid" key exchange (mixing X25519 with Kyber)\, and how security teams can upskill rapidly. This talk bridges the gap between theoretical cryptography and the practical defense required to secure infrastructure against the quantum threat looming on the horizon. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:37bb45fdd5c464adad97f6928ac21aa3 URL:http://owaspglobalappseceuvienna20.sched.com/event/37bb45fdd5c464adad97f6928ac21aa3 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T101500Z SUMMARY:Phishing for Passkeys - An Analysis of WebAuthn and CTAP DESCRIPTION:WebAuthn was supposed to replace passwords on the web: uniform\, secure\, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When Passkeys were introduced\, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach more widespread adoption.This presentation discusses the security of Passkeys against phishing attacks. It explains the possibilities for an attacker to gain access to accounts secured with Passkeys using spear phishing\, and what conditions must be met for this to happen. It also practically demonstrates such an attack and discusses countermeasures.Participants will learn which WebAuthn security principles still apply to Passkeys and which do not. They will learn why Passkeys are no longer completely phishing-proof and how they can evaluate this consideration for their own use of Passkeys. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:9f843ac238adbc35fc2d49a3417ccd44 URL:http://owaspglobalappseceuvienna20.sched.com/event/9f843ac238adbc35fc2d49a3417ccd44 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T101500Z SUMMARY:Enforcing Application Security Policies at Scale: Lessons from an Enterprise Rollout DESCRIPTION:Enforcing security policies at enterprise scale is challenging\, and it's becoming more so with rapid delivery cycles and AI-assisted development. Many organisations adopt policy-as-code to improve security and compliance but realise that\, despite the solution’s technical soundness\, exceptions multiply and teams quietly work around enforcement to meet delivery targets\, with little real improvement in security outcomes.This talk shares a real-world story of rolling out policy-as-code enforcement across an organisation with several thousand developers. It highlights not only the technical architecture of the enforcement system but also the organisational changes required to ensure its sustainability.You’ll find out how security policies were defined\, versioned\, and consistently enforced across CI/CD pipelines. This talk also covers how enforcement points were designed and how feedback loops were built and embedded in the organisation to reduce friction. The session also explores how bypasses and exceptions were handled consistently at scale\, and how validation was treated as an organisational assurance problem rather than just a tooling concern.The talk offers vendor-neutral solutions and practical patterns\, lessons learned\, and design principles that attendees can adapt to their own environments. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:cf6dcc2f953c0b2e5b1d355f40ca0529 URL:http://owaspglobalappseceuvienna20.sched.com/event/cf6dcc2f953c0b2e5b1d355f40ca0529 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T093000Z DTEND:20260626T101500Z SUMMARY:Effort is All You Need: Testing LLM Applications in the Real World DESCRIPTION:Security testing of GenAI systems is often reduced to "LLM red teaming": probing a model in isolation to see what unsafe/offensive content it will generate. In practice\, this approach falls short. As security practitioners\, we need to assess complete LLM application use cases\, focusing on how inputs and outputs propagate through application logic and enable concrete security risks such as data exfiltration\, cross-site scripting\, and authorization bypass.\n\nIn this talk\, we share practical experience and supporting open-source tooling we developed for assessing LLM applications. These focus on testing systems where the LLM is embedded in application logic rather than exposed as a simple inference endpoint.\n\nIt covers approaches for testing non-conversational GenAI workflows\, WebSockets\, and custom APIs\; building scoped prompt injection datasets aligned with application logic and engagement constraints\; applying effort-based jailbreak techniques (e.g. anti-spotlighting\, best-of-n\, crescendo\, ...) to evaluate guardrail robustness and demonstrate practical bypasses\; and conducting meaningful testing in isolated or air-gapped environments.\n\n CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:82d3ce2b5b5ff47cabbdf945f5ca5f6c URL:http://owaspglobalappseceuvienna20.sched.com/event/82d3ce2b5b5ff47cabbdf945f5ca5f6c END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T101500Z DTEND:20260626T111500Z SUMMARY:Lunch in Expo Hall DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:d00efbdd93d01a60296eeba7c8bc3c04 URL:http://owaspglobalappseceuvienna20.sched.com/event/d00efbdd93d01a60296eeba7c8bc3c04 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T101500Z DTEND:20260626T121500Z SUMMARY:AI for Code Security in Modern Codebases DESCRIPTION:Modern codebases are large\, fast-moving\, and increasingly AI-assisted\, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.Participants will actively work through realistic code security scenarios drawn from modern APIs\, cloud-native services\, and GenAI-enabled components. Using guided exercises and optional AI prompts\, attendees will identify vulnerabilities\, reason about exploitability\, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control\, injection\, insecure design\, and supply chain issues).This is not a talk or a tool demo. Participants will do the work themselves through short\, practical challenges. Beginners can follow structured steps\, while experienced AppSec practitioners can dive into advanced issues such as logic flaws\, authorization bypasses\, insecure AI integrations\, prompt injection risks in code\, and unsafe use of AI-generated code.The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments\, with or without AI tools. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:4af21bcf4f8ab39d0d7dfdfb7b66c4d2 URL:http://owaspglobalappseceuvienna20.sched.com/event/4af21bcf4f8ab39d0d7dfdfb7b66c4d2 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T101500Z DTEND:20260626T121500Z SUMMARY:Context & Cringe - Application Privacy through Play DESCRIPTION:Privacy risks are rarely obvious when looking at data\, features\, or apps in isolation. They emerge through changing context and are impacted by user perception.In this POD\, participants play Context & Cringe\, a discussion-driven card game where players build fictional app scenarios using real-world data and features\, then judge how those designs feel from a user’s perspective.Rather than focusing on compliance or checklists\, this session helps participants develop intuition for privacy impact by actively creating\, debating\, and experiencing cringey design choices. The result is a hands-on\, low-barrier way to surface privacy risks that are often missed in a traditional security analysis - and a non-adversarial way to introduce uncomfortable topics into team discussions. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:a19b6a8aa9fd272dfe47aa265678153d URL:http://owaspglobalappseceuvienna20.sched.com/event/a19b6a8aa9fd272dfe47aa265678153d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T101500Z DTEND:20260626T121500Z SUMMARY:OWASP JuiceShop: Come and pwn me DESCRIPTION:OWASP Juice Shop is probably the most modern and sophisticated insecure web application!Come over with a cup of coffee and pwn the Juice Shop and get points in the Capture the Flag.If you can show the “AppSec EU 2026” product description flag\, you will get a special edition of the AppSec EU Juice Shop sticker.Get to know how to perform secure coding workshops with the Juice Shop and the Juice Shop ecosystem.Use our prepared laptops or bring your own (with Browser Developer Tools or ZAP installed)!Talk with us about latest trends in the Juice Shop. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:321af0cfd4c51e0805703b9525a04d00 URL:http://owaspglobalappseceuvienna20.sched.com/event/321af0cfd4c51e0805703b9525a04d00 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T101500Z DTEND:20260626T121500Z SUMMARY:Teaching Security Concepts Using Physical Analogies DESCRIPTION:Understanding security fundamentals doesn’t have to be dry or abstract. In this interactive CF‑Pod\, you’ll explore the core principles of confidentiality\, integrity\, and availability through surprising physical demonstrations and simple “magic‑like” activities that make each concept intuitive and memorable.Each station focuses on one security principle and offers a short\, hands‑on challenge that transforms an abstract idea into something you can see\, touch\, and explain to others. You can drop in for 10–15 minutes\, try an activity\, and walk away with a clear\, practical analogy you can use in real‑world conversations with teammates and stakeholders.Whether you're new to security or looking for better ways to teach it\, this session will give you fun\, effective tools for communicating the foundations of secure systems. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:3a502b832cfb14ee94f21a6ac782019d URL:http://owaspglobalappseceuvienna20.sched.com/event/3a502b832cfb14ee94f21a6ac782019d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T120000Z SUMMARY:The OG OWASP Top 10 Might Be Back Thanks to Agentic Browsers DESCRIPTION:Agentic browsers are quickly becoming one of the most powerful—yet dangerous—applications of agentic AI. By combining web navigation\, content interpretation\, and direct action taking\, they act as a universal gateway to almost any service or application on the internet.That power quietly reintroduces web security risks many teams assumed were behind us. Agentic browsers read and react to untrusted web content\, follow instructions embedded in pages\, images\, and hidden text\, and then execute actions inside real sessions.The result is that classic web attack patterns made popular 20+ years ago when the first OWASP Top 10 was introduced may be back.Things like injection manipulations\, cross-site scripting payload delivery\, CSRF-style action abuse\, broken access control\, and cross-origin boundary failures—now executed by autonomous agents instead of users.This talk examines why current agentic browser designs break core web security assumptions around origins\, cookies\, and session boundaries\, and why common mitigations such as human-in-the-loop controls introduce friction and fatigue without solving the underlying problem. We'll argue that unrestricted multi-site agents are fundamentally unsafe\, and share better approaches based on domain-scoped agents\, strict isolation\, and secure multi-agent orchestration. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:f03ebf4e85521594c7cb3886f451264a URL:http://owaspglobalappseceuvienna20.sched.com/event/f03ebf4e85521594c7cb3886f451264a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T120000Z SUMMARY:AI-Generated Code vs Human Code. Who Really Writes More Vulnerabilities DESCRIPTION:When AI coding tools entered mainstream development\, the application security community reacted fast and loudly. Many warned that AI would dramatically increase vulnerabilities. The most common argument was simple and intuitive. AI models were trained on vast amounts of real-world code\, including insecure and vulnerable code. Garbage in\, garbage out. If AI learned from vulnerable code\, it would inevitably reproduce those vulnerabilities at scale.This claim quickly became accepted wisdom\, despite the fact that almost no one could actually prove it.This session presents a data-driven examination of that assumption. By correlating reported security vulnerabilities with automated line-level code attribution\, we were able to determine whether a vulnerability originated in AI-generated code or human-written code. This allowed us to move the discussion from fear and intuition to measurable evidence.The results are more nuanced and more interesting than the prevailing narrative suggests. In some scenarios\, AI-generated code showed higher vulnerability density. In others\, it performed comparably to\, or even better than\, human-written code. The differences are not accidental. They correlate strongly with the model used\, the tooling\, and how developers interact with AI\, rather than AI usage alone.This talk challenges the notion that AI coding is inherently insecure. It replaces the garbage-in\, garbage-out argument with concrete data\, identifies where the real risks actually emerge\, and explains what this means for modern AppSec strategy. Attendees will leave with evidence they can use to recalibrate policies\, controls\, and conversations around AI-assisted development\, without slowing teams down or relying on assumptions. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c5853a09689c88eebb262e47eba8e5b1 URL:http://owaspglobalappseceuvienna20.sched.com/event/c5853a09689c88eebb262e47eba8e5b1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T120000Z SUMMARY:Security Champions: Lessons from Opposite Trenches DESCRIPTION:Have you heard about “security champions programs” that seem to be gaining popularity these days? Maybe your company is running such a program\, yet you doubt its effectiveness\, wondering if it’s worth sustaining? The thing is\, you might not be the only one asking these questions. Let’s hear from security and champions alike.Mireia is a security engineer focused on application security who has created and run security champions programs\, and has seen them both fail and succeed. Lisi worked in development teams for a long time\, became a security champion and later switched gears to security engineering. Both of us were in the trenches\, on opposite sides - and both of us tried to build a strong bridge between security and engineering teams.In this talk\, we’ll have our two perspectives merge and draw lessons from our attempts. Both security engineers and champions need clarity on what’s expected from them to sustain the program. Both benefit from nurturing a strong community to increase resilience. Both need to dare to be vulnerable in acknowledging what’s wrong in our systems and processes so we can grow.None of us can operate effectively alone. Tossing a rope from security to development teams is not enough to establish security champions. Instead\, let’s build this bridge together from both ends to make it strong\, sustainable and scalable. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:22afe93a5bf23f98d9a34971dac4ca5a URL:http://owaspglobalappseceuvienna20.sched.com/event/22afe93a5bf23f98d9a34971dac4ca5a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T130000Z SUMMARY:CHAMELEON-REN: Advancing the OWASP Web Application Honeypot Project with Adaptive\, Education-Sector (Workshop) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\nZone 2\n\nThe OWASP Web Application Honeypot Project provides foundational tooling to observe attacker activity against simulated web interfaces. CHAMELEON-REN extends this work with a stimulus-driven\, Dockerised honeypot framework that dynamically adapts its identity\, exposed paths\, and technology stack in response to probing behaviours. By rotating realistic education-sector personas — including virtual learning environments\, student records\, finance/ERP\, and research portals — CHAMELEON-REN aims to sustain engagement from automated scanners and adversaries that would otherwise abandon static honeypots. The demonstration will showcase the framework in action\, discuss telemetry capture and structured logging\, and invite participants to explore deployment recipes and community integration options. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:6bfdd3f5d6cc7d92136552447c1b2035 URL:http://owaspglobalappseceuvienna20.sched.com/event/6bfdd3f5d6cc7d92136552447c1b2035 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T130000Z SUMMARY:Finding strange things in binaries (Workshop) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\nZone 1\n\nInternal development teams and external suppliers love producing binaries for ease of deployment and distribution. Binary formats\, however\, make security analysis and compliance more complex for the security and OSPO teams. The good news is that the team behind OWASP dep-scan maintains a couple of binary analysis tools (OWASP blint and OWASP dosai). We show how these two tools can help defenders find strange things in binaries and help with your software transparency journey.\n\nThe session will be technical showcasing blint and dosai to analyse complex binaries to identify capabilities\, risks\, and threats. Users can walk away with new knowledge about modern techniques related to binary SBOM generation\, Source line to Assembly instruction mapping\, security capabilities analysis\, and more.https://github.com/owasp-dep-scan/blinthttps://github.com/owasp-dep-scan/dosai CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c295280d8b62f58704dd411d87ba8d6b URL:http://owaspglobalappseceuvienna20.sched.com/event/c295280d8b62f58704dd411d87ba8d6b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T130000Z SUMMARY:Let's Play: OWASP Cumulus (Workshop) DESCRIPTION:OWASP Demo Lab - Hands-On Workshop / Small Group Session\nZone 3\n\nIn this hands-on session we will demonstrate the threat modeling card game "Cumulus" and show how it can help you start threat modeling your cloud and DevOps processes.Using a real live example scenario\, we will discuss\, laugh and increase security. And maybe the winner will even get a prize! :) CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c5e4b257c11a3d96b09d42598972054a URL:http://owaspglobalappseceuvienna20.sched.com/event/c5e4b257c11a3d96b09d42598972054a END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T114500Z SUMMARY:OWASP Mobile Application Security (MAS) Project Updates DESCRIPTION:In this talk\, Carlos Holguera and Sven Schleier\, the OWASP Mobile Application Security (MAS) Project Leaders\, will take a hands-on look at some of the latest OWASP MAS developments.This session will provide key updates on the latest advancements in the Mobile Application Security (MAS) project\, including the MASWE (Mobile Application Security Weakness Enumeration) Beta and the MASTG (Mobile Application Security Testing Guide) v2. We’ll share the progress on the creation of new weaknesses\, atomic tests\, and demos designed to help developers and security researchers enhance their testing methodologies.A major highlight will be a new Frida-based tool for dynamic analysis of Android and iOS apps. It is based on JSON hook files which allows a consistent and simple test approach of the OWASP MAS demos and during assessments.Whether you're a security researcher\, developer\, or just doing it for fun\, this talk will equip you with the latest tools and insights to boost your mobile application security skills to stay ahead in mobile security! CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:55d96801e45218c3c7b30f1245ef4a46 URL:http://owaspglobalappseceuvienna20.sched.com/event/55d96801e45218c3c7b30f1245ef4a46 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T111500Z DTEND:20260626T120000Z SUMMARY:What Our Pen Tests Never Found — And How Attackers Did DESCRIPTION:Penetration testing is a crucial part of application security practices\, yet attackers often succeed in ways no test ever reported. No injection\, no memory corruption\, no failed authentication. The applications behaved exactly as designed — and that was enough.\nIn this talk\, we will explore what penetrating testing is intended to detect and how attackers actually compromise the systems. This talk will address why well-scoped penetration testing frequently revealed "no critical findings" while attackers later leveraged legitimate workflows\, permission assumptions\, and trust boundaries to cause serious harm.Based on real world examples and post incident analysis\, this talk will walk through security issues that were frequently overlooked during testing\, not because testers lacked skills\, but because the testing process made assumptions that attackers did not follow. We will focus on examining the blind spots in the penetration testing process\, which include behaviors that only appear in production\, cross-feature chaining\, abuse of business logic\, and trust assumptions built into system architecture.\nThe objective of this talk will be to comprehend where pen testing ends and how defenders might modify their testing tactics accordingly\, rather than to replace it. This talk will break down the classes of issues pen tests routinely miss\, how attackers discover them post-deployment\, and what changed when testing strategies shifted from endpoint coverage to adversary-aware validation.\nAttendees will leave with practical techniques to evolve their AppSec testing without increasing cost or abandoning penetration testing. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5913e0319b4e0cbd558f811d9b1f5f01 URL:http://owaspglobalappseceuvienna20.sched.com/event/5913e0319b4e0cbd558f811d9b1f5f01 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T114500Z DTEND:20260626T121500Z SUMMARY:Cloud Native Web Application Firewalls - How OWASP Coraza is coming to Kubernetes world DESCRIPTION:Kubernetes features are moving fast\, and its networking layer is constantly adapting for all new kinds of workloads. However we still lack a basic but essential feature: a way to filter and protect incoming web traffic.The Gateway API is the natural place to add security\, and many enterprises mandate such a thing. In this session\, we introduce a new project that connects OWASP Coraza WAF directly with Kubernetes.Join us to learn more on how Coraza Kubernetes Operator is proposing to bring the well known CoreRuleSet (CRS) filtering approach to Kubernetes\, on a structured way\, allowing cluster and gateway admins to provide traffic filtering on Gateway API and lift the security features to another level. CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:203dec2ef5d7e9883fe46391ee039bbc URL:http://owaspglobalappseceuvienna20.sched.com/event/203dec2ef5d7e9883fe46391ee039bbc END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T130000Z SUMMARY:Marketplace Takeover: One Bug Away from Pwning 10 Million Developer Machines DESCRIPTION:This is the story of a single CI bug with the potential of compromising more than 10 million workstations - with a full takeover - for anyone using popular tools like Cursor and Windsurf (so every developer\, really).Learn about a critical flaw - that will be shared by the team who first identified it - in [open-vsx.org](http://open-vsx.org/)\, the open-source marketplace powering nearly every VSCode fork\, including Cursor\, Windsurf\, Gitpod\, StackBlitz\, and Google Cloud Shell Editor.The vulnerability sat in the project's GitHub Actions workflow\, which automatically builds and publishes extensions using a privileged service token. By triggering the workflow with a crafted dependency\, an attacker could run arbitrary code during npm install\, exfiltrate the marketplace's OVSX_PAT token\, and use it to overwrite or republish any extension in the registry. From there\, the blast radius is absolute and devastating.Any developer using a VSCode fork that auto-updates extensions would receive malicious payloads without interaction — compromising local machines\, CI/CD environments\, and downstream software.This session breaks down the exploit path\, the disclosure timeline\, and the architectural weaknesses that made it possible. It highlights the systemic risk of ungoverned extension ecosystems and how "app store" mechanics in developer tooling have quietly become high-value attack surfaces.But don't panic. We'll wrap with concrete mitigations like: isolating build runners from publishing credentials\, auditing workflow environments for untrusted dependency execution\, and implementing continuous marketplace governance to prevent similar full-ecosystem takeovers. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:08d3367da94146f52b049996a519e1e1 URL:http://owaspglobalappseceuvienna20.sched.com/event/08d3367da94146f52b049996a519e1e1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T130000Z SUMMARY:How to (Not) Isolate Untrusted Code in Scripting Languages DESCRIPTION:The need to isolate untrusted code or user-provided expressions is ubiquitous\, even in backend systems\, and there are many misconceptions around this practice. Workflow automation platforms allow users to provide complex constraints evaluated on the server\, AI agents must securely execute synthesized code\, and reused untrusted UI components might render on the server-side. In practice\, many developers gravitate toward lightweight eval-based shortcuts instead of robust isolation primitives like OS-level or runtime-based sandboxing\, often unaware of the security pitfalls. These dangerous language-features are still very prevalent across OSS ecosystems and they are the culprit of many recent vulnerabilities. While there exist legitimate use cases for eval-like APIs\, developers continue to abuse them when attempting to isolate the execution of untrusted code\, despite years of warnings from the security and programming language communities. If you really need to use these features\, this talk can help you understand what can go wrong and how to mitigate these risks.I will first motivate the need for lightweight\, language-based isolation in scripting languages and highlight the fundamental challenges in this space\, grounding the empirical work in several top-tier academic publications I co-authored on the topic. I will then present four misconceptions around language-based sandboxing\, underlying more than 20 zero-day vulnerabilities I discovered in the past six months in popular projects across JavaScript and Python\, revealing fundamental flaws in isolation approaches. We will examine why built-in isolation primitives like Node.js's vm module and Python's Pysandbox fail to provide adequate security\, and explore the real-world consequences through case studies involving major platforms. The talk will then shift to practical solutions\, covering best practices and emerging isolation features\, including the permission model in modern runtimes like Deno. Attendees will gain a deeper understanding of the isolation landscape and leave with actionable guidance on how to safely handle untrusted code execution in their applications. While this talk is not an endorsement for using eval-like features in scripting languages\, it is a guide about the things that work in practice and about the ones that fail spectacularly in production. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:e378f3166f0295892faa93b1fc96ae7d URL:http://owaspglobalappseceuvienna20.sched.com/event/e378f3166f0295892faa93b1fc96ae7d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T130000Z SUMMARY:Teaching AI Agents Like Guide Dogs: A Progressive Trust Framework DESCRIPTION:Your AI agent has access to your database\, your APIs\, and your users' data. But would you give a new hire admin credentials on day one? We do this with AI agents constantly - deploying them with full system access before they've proven they won't hallucinate a DROP TABLE or leak sensitive data to a prompt injection attack.\nGuide dog training programs solved this problem decades ago. They take untested puppies and transform them into autonomous agents trusted to make life-or-death decisions - through a systematic process of graduated trust. A guide dog doesn't get to navigate traffic until it's mastered basic commands. It doesn't work unsupervised until it's proven reliable across thousands of scenarios. And critically\, it's trained in "intelligent disobedience" - knowing when to refuse a direct command because following it would cause harm.\nIn this talk\, I'll introduce the Progressive Trust Framework - a practical approach to AI agent deployment inspired by 90+ years of service animal training. You'll learn how to implement graduated permission systems where agents earn expanded access through demonstrated reliability. We'll explore the "3 D's" testing methodology (Distance\, Duration\, Distraction) for validating agent behaviour before promotion. And we'll tackle the hardest problem: training agents that refuse harmful requests without becoming unhelpfully paranoid.\nWhether you're building autonomous coding assistants\, customer service bots\, or internal automation tools\, you'll leave with concrete patterns for deploying AI agents that earn trust instead of demanding it. Because the question isn't whether your AI agent will make mistakes - it's whether you've built the guardrails to catch them before they hit production. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:c3dc18f95213f3ab194c6d70ccfc34d7 URL:http://owaspglobalappseceuvienna20.sched.com/event/c3dc18f95213f3ab194c6d70ccfc34d7 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T130000Z SUMMARY:Using CTFs as a Community of Practice Content Machine DESCRIPTION:This session highlights our 6-year journey of building and sustaining a Security Community of Practice (CoP) from the ground up. We shifted from a project-centric organization with detailed\, mandatory quality gates to an Agile model. This challenged us to scale and approach our self-reliant tribes in a new way. We will share which concepts worked and which were scrapped after initial trials. Additionally\, we will deep dive into how we used CTFs for continuous content creation usingself developed and readily available challenges. We evolved from a manual "mail-in your solutions" approach to leveraging platforms like OWASP Juice Shop and OWASP UnCrackable Apps\, creating a consistent content source and an engaging game experience for all our Security Champions. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:b3e5218f58887b36d89a758dff717805 URL:http://owaspglobalappseceuvienna20.sched.com/event/b3e5218f58887b36d89a758dff717805 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T124500Z SUMMARY:Updates on the OWASP Automated Threats Project DESCRIPTION:Project leaders Colin Watson and Tin Zaw announced the official release of the version 1.3 of the OWASP Automated Threat Handbook on March 12\, 2026.Even after ten years\, this handbook remains the go-to resource for security pros who want actionable information and resources to help defend against automated threats to web applications which abuse valid functionality. The handbook still defines twenty-one unique\, unordered\, OWASP Automated Threats (OATs). This latest update ensures it stays ahead of the curve in our rapidly shifting threat landscape. In this session\, I will share updates on version 1.3 and\, more importantly\, discuss our progress toward version 2.0 of the handbook.With the rise of Agentic AI—which is automated by nature—the project is seeking to better understand how this specific traffic impacts web applications. Audience participation and input are highly encouraged CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:c080ae0679eaafb5521be8aa45609019 URL:http://owaspglobalappseceuvienna20.sched.com/event/c080ae0679eaafb5521be8aa45609019 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T121500Z DTEND:20260626T130000Z SUMMARY:Trust No History: Why Every "Remembered" Interaction is a Potential Backdoor DESCRIPTION:As AI transitions from stateless tools to autonomous agents\, the context window has become the primary attack surface. By giving agents the ability to remember\, summarize\, and collaborate\, we have created a machine that can be gaslit. This session moves beyond transient prompt injections into the realm of persistent memory corruption. We explore how an adversary can rewrite an agent’s history\, bias its knowledge base\, and plant sleeper instructions that trigger long after the initial interaction. We will dissect the systematic subversion of the agentic memory stack and demonstrate why developers must stop treating agent memory as a passive data store and start defending it as the engine of the agent’s survival CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:6ad0660d466e4d5967405b80f9cc2842 URL:http://owaspglobalappseceuvienna20.sched.com/event/6ad0660d466e4d5967405b80f9cc2842 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T123000Z DTEND:20260626T131500Z SUMMARY:CfP/CfTs for the Newcomer: How To Write A Good Submission DESCRIPTION:Ready to showcase your expertise? Don’t miss the chance to submit for a Call for Trainers or Call for Papers! Join the dynamic Izar Tarandach and Avi Douglen as they take you through the submission process and reveal insider tips on what the review team is looking for when selecting papers. This is your opportunity to shine and make a lasting impact—let’s make it happen! CATEGORIES:BONUS TRACK LOCATION:Vienna\, Austria SEQUENCE:0 UID:e64632d1752ad06ec2f80a2b6dced7b1 URL:http://owaspglobalappseceuvienna20.sched.com/event/e64632d1752ad06ec2f80a2b6dced7b1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T123000Z DTEND:20260626T143000Z SUMMARY:Hands-On: Building Security Guardrails for AI-Generated Code DESCRIPTION:AI-assisted development is now responsible for a significant and growing portion of production code. However\, most AppSec programs still treat AI as an external input to be scanned after code is written\, rather than as a system that can be guided to produce safer code up front.\n\nIn this Practical On-Demand session\, participants will explore a secure-by-construction approach to AI coding using Cursor-style rules and hooks. The POD is structured around short\, repeatable activities rather than a linear workshop. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:a49d8096f2b0a501dcf4b2a2d93cefa6 URL:http://owaspglobalappseceuvienna20.sched.com/event/a49d8096f2b0a501dcf4b2a2d93cefa6 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T123000Z DTEND:20260626T143000Z SUMMARY:The Old But Unforgettable Key DESCRIPTION:Application security failures often stem from small\, everyday oversights that quietly accumulate into serious risk. This Practical On-Demand (POD) activity lets participants explore how those issues surface in real applications by actively engaging with a deliberately vulnerable web app.Attendees can drop in at any time and participate in a self-paced\, Capture the Flag (CTF) style challenge centred on investigation\, experimentation\, and problem solving. Starting from a minimal application with limited guidance\, participants uncover and connect security weaknesses to progressively increase their level of access.The activity is designed to be accessible to all experience levels. Newcomers can engage with individual challenges and learn core AppSec concepts\, while more experienced practitioners can pursue deeper exploration and more complex exploitation paths. All scenarios are inspired by issues commonly encountered in real world development environments.Facilitators are present throughout the session to support participants\, answer questions\, and provide short\, optional walkthroughs for those without laptops. The emphasis remains on doing\, discovery\, and practical takeaways\, ensuring participants leave with a stronger intuition for identifying risk and concrete guidance they can apply in their own applications. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:0dc912befc47f89eca155b32bab4dd1b URL:http://owaspglobalappseceuvienna20.sched.com/event/0dc912befc47f89eca155b32bab4dd1b END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T123000Z DTEND:20260626T143000Z SUMMARY:“2001: Agentic Odyssey” When threat modelling meets HAL\, agentic AI\, testing and safety engineering DESCRIPTION:“2001: Agentic Odyssey” is a hands-on\, drop-in POD where we threat model the HAL 9000 system from 2001: A Space Odyssey as if it were a modern agentic AI system (LLM + tools + permissions + side effects). I bring a HAL DFD\, and together we mark trust boundaries and do classic “what can go wrong?” threat identification. Participants then split into small groups to build attack-tree branches and translate them into Fault Tree Analysis (FTA) using AND/OR logic and minimal cut sets\, including lightweight probability estimates to prioritise the most likely failure chains. We finish by turning those failure paths into automation-ready test ideas (fault injection\, invariants\, evidence)\, and optionally drafting a structured HAL threat model for submission to the OWASP Threat Model Library. Designed so anyone can contribute in 10-15 minutes\, while advanced participants can go deep on FTA and prioritisation. Every stage is split into a way to enable drop-ins at any time. CATEGORIES:PODS (HANDS-ON ACTIVITIES) LOCATION:Room -2.92 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:7265ced314f8cfe74e20e1e1013bacad URL:http://owaspglobalappseceuvienna20.sched.com/event/7265ced314f8cfe74e20e1e1013bacad END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T124500Z DTEND:20260626T131500Z SUMMARY:OWASP Nettacker Project DESCRIPTION:OWASP Nettacker project (a portmanteau of "Network Attacker") is a relatively new yet an awesome and powerful 'swiss-army-knife' automated penetration testing framework fully written in Python. Nettacker recently gained a lot of interest from the penetration testing community and was even included in the specialist Linux distribution for penetration testers and security researchers. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks\, including services\, bugs\, vulnerabilities\, misconfigurations\, default credentials and many other cool features - for example an ability to chain different scan methods. This talk will feature a live demo and several practical usage examples of how organisations can benefit from this OWASP project for automated security testing CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:d1cec1fe7cd535da58d0561381490721 URL:http://owaspglobalappseceuvienna20.sched.com/event/d1cec1fe7cd535da58d0561381490721 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T130000Z DTEND:20260626T133000Z SUMMARY:PM Break in Expo Hall DESCRIPTION: CATEGORIES:MEALS PROVIDED BY OWASP LOCATION:Expo Hall X1\, Vienna\, Austria SEQUENCE:0 UID:2c4620e4ff69b70ae935d95ec76feef1 URL:http://owaspglobalappseceuvienna20.sched.com/event/2c4620e4ff69b70ae935d95ec76feef1 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T131500Z DTEND:20260626T141500Z SUMMARY:From Maturity to Mastery: Accelerating Software Security with OWASP SAMM (Workshop) DESCRIPTION:Are you looking to strengthen your organization’s software assurance program\, prove compliance with industry frameworks\, or simply level up your AppSec game? Join OWASP project leaders Sebastien and Aram for an engaging introduction and the latest updates on OWASP Software Assurance Maturity Model (SAMM) — the open\, community-driven standard for building and measuring software security practices.This session will highlight how SAMM helps organizations jumpstart\, assess\, and accelerate their software assurance roadmap\, with practical takeaways you can apply right away:• Tools and Assessment Guidance – Learn about the growing ecosystem of SAMM tools and the latest assessment techniques that make measuring and improving your maturity more approachable than ever.• Framework Mapping – See how SAMM connects with industry standards like the NIST Secure Software Development Framework (SSDF) and OpenCRE\, helping you demonstrate compliance and align with external requirements while maintaining a developer-friendly approach.• Benchmarking with Peers – Discover the OWASP SAMM Benchmark\, which allows organizations to compare their security practices against peers and industry trends anonymously—helping you spot strengths\, identify gaps\, and track progress over time.Whether you’re new to SAMM or already using it\, you’ll gain actionable strategies\, practical insights\, and a clear roadmap to achieving security excellence. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5fb3e67a879c319bb101b121c5089e51 URL:http://owaspglobalappseceuvienna20.sched.com/event/5fb3e67a879c319bb101b121c5089e51 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T131500Z DTEND:20260626T141500Z SUMMARY:Hack Your Own Dockerfiles (Before Someone Else Does): Hands-On Container Security with OWASP DockSec (Workshop) DESCRIPTION:Most teams don’t have a "container security problem." They have a "Dockerfile hygiene" problem that quietly becomes a supply chain problem. Dockerfiles are often treated as simple build instructions\, but in practice they introduce real security risk. Even teams with mature AppSec programs regularly ship Dockerfiles that run as root\, rely on untrusted base images\, or hide supply-chain risks inside multi-stage builds. Scanners catch many of these issues\, yet the same mistakes keep showing up.In this talk I will share lessons learned from building and using DockSec\, an open-source Dockerfile security analysis tool adopted by OWASP\, in real development pipelines. The focus is not on introducing a new scanner\, but on understanding why Dockerfile issues persist and what actually helps developers fix them.Using real examples from production pipelines\, I’ll walk through common Dockerfile patterns that lead to security problems and explain how those risks translate into real attack paths. I’ll also discuss what worked\, and what didn’t\, when trying to integrate Dockerfile security checks into CI/CD without slowing teams down or turning security into a constant blocker. I will also cover what "good" looks like in CI: turning findings into developer-friendly feedback\, using policy gates sparingly (and correctly)\, and keeping scan noise under control.This is not a product demo or a sales talk. It’s a practical discussion about Dockerfile security\, developer behavior\, and how AppSec teams can reduce repeat mistakes using clearer feedback\, better explanations\, and OWASP-aligned guidance. Attendees should leave with concrete ideas they can apply immediately\, even if they never use DockSec. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:bd998a97a5e41068f8b407794ede0a96 URL:http://owaspglobalappseceuvienna20.sched.com/event/bd998a97a5e41068f8b407794ede0a96 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T131500Z DTEND:20260626T141500Z SUMMARY:Shaping International Security Standards: Get Involved with OWASP's ISO Working Group (Call for Contributors) DESCRIPTION:The OWASP ISO Liaison Working Group is the bridge between OWASP's practitioner-driven security guidance and the international standards that govern how organizations worldwide implement security controls. Stop by to learn how ISO standards like 27034 (Application Security) and 27002 are developed\, where OWASP is actively shaping that process as an official liaison organization\, and — most importantly — how you can get involved. Whether you've never heard of ISO/IEC JTC 1/SC 27 or you've been curious about how standards actually get written\, this is your chance to ask questions\, see the current work program\, and find out where your expertise fits. CATEGORIES:PROJECT DEMO LAB (HANDS-ON) LOCATION:Room -2.33 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:45d4002d2e7f7f332cef2bf64fd0b1fb URL:http://owaspglobalappseceuvienna20.sched.com/event/45d4002d2e7f7f332cef2bf64fd0b1fb END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T141500Z SUMMARY:From Safety to Policy: Enforcing Organizational Rules in LLMs and AI Agents DESCRIPTION:Organizations deploying GenAI systems quickly discover that safety controls do not automatically enforce organizational policies. Real environments operate under large and evolving sets of domains\, organization-specific and external policies driven by legal requirements\, industry regulations\, and internal governance rules\, and they change periodically. Enforcing these rules in production is not a one-time setup problem\; it is a continuous governance and operations challenge.\nExisting guardrail solutions are not designed to handle custom\, large-scale\, and continuously evolving organizational policies. When AI agent developers or AI security teams attempt to stretch these safety-oriented systems into general policy enforcement\, their underlying design assumptions no longer hold because they assume a small\, static policy space rather than a broad and heterogeneous one. Static rules such as regex become unmaintainable and produce unreliable detection at scale\, fine-tuned classifiers require constant retraining\, and LLM-as-a-judge pipelines\, even when carefully calibrated\, are expensive to run\, introduce non-trivial latency and are difficult to audit.\nThis talk describes how we stress-tested existing compliance approaches\, including static guardrails\, fine-tuned detectors\, and LLM-as-a-judge pipelines\, and analyzed how they degrade under realistic policy complexity.We present a reframing of the problem: instead of relying solely on output-level judgments\, policy violations can also be detected directly in the model’s internal space with a training-free approach. We explain what this shift enables in practice\, including continuous compliance monitoring\, policy updates without retraining loops\, and improved auditability. We also discuss the limitations of this advanced approach.\nWe also address a deeper conceptual issue that emerged from our error analysis: in practice\, the boundary between “policies” and “instructions” is often unclear\, and treating instructions as if they were policies leads to confusing and brittle failure modes. Today\, both alignment boundaries and performance or business objectives are commonly expressed using the same mechanism—rules or instructions—blurring fundamentally different concerns under a single notion of “policy.” This separation is critical: some instructions define organizational and alignment constraints\, while others encode task goals and performance requirements. Conflating these concepts results in misaligned controls\, as they require different enforcement strategies and\, in many cases\, different ownership and roles within the organization.\nThe goal of this talk is to provide AppSec and GRC teams with a clearer mental model for operating LLM policy compliance in production\, a checklist of questions to ask about existing guardrail solutions\, and a better understanding of what it actually takes to keep LLM systems compliant over time. CATEGORIES:DEPLOYMENT AND MAINTENANCE LOCATION:Hall K1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:3f914113e7b6961c7db36f878735b033 URL:http://owaspglobalappseceuvienna20.sched.com/event/3f914113e7b6961c7db36f878735b033 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T141500Z SUMMARY:The TPM and You - How (and why) to actually make use of your TPM DESCRIPTION:There is a common saying that "every problem in cryptography can be reduced to key management problem". OWASP's Cheat Sheet series even has a whole document dedicated to "Cryptographic Storage". What if we could make life easier for us in this area?TPMs (Trusted Platform Modules) have been a fixed part of every standard PC for many years\, providing all users with a "free" hardware that can be used for all kinds of cryptography.They are already widely in use by most operating systems and firmwares\, but haven't really found usage for userspace applications yet.This talk elaborates why this is the case and how to change this fact. We are going to discuss the capabilities of a TPM and demonstrate them live with a sample application\, a TOTP client which stores its secrets securely. CATEGORIES:IMPLEMENTATION LOCATION:Hall G1 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:e49376008e3bd046b93d3eb4352e322d URL:http://owaspglobalappseceuvienna20.sched.com/event/e49376008e3bd046b93d3eb4352e322d END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T141500Z SUMMARY:Why IAM Remains a Challenge and What We Can Do About It DESCRIPTION:Everyone expects Identity & Access Management to be a "set it and forget it" problem. But the reality looks quite different: the same challenges keep resurfacing\, they are technically demanding\, time-consuming\, and frequently create friction between teams\, ultimately resulting in significant costs. And the rise of AI agents makes it even worse.Over the years\, I explored these recurring issues\, which led to a multi part blog series (https://www.innoq.com/en/blog/2025/07/whats-wrong-with-the-current-owasp-microservice-security-cheat-sheet/) published in 2025\, initially aimed at updating the OWASP Microservice Security Cheat Sheet. My goal was to show how well known IAM building blocks can be combined into pragmatic\, coherent\, and operationally realistic solutions. That work eventually grew beyond the original scope and is becoming multiple new OWASP Cheat Sheets plus an entirely new architectural-level cheat sheet format.In this talk I'll share the essence of the patterns and the strategies I identified and documented\, show how to avoid the usual traps\, and how to reduce IAM complexity in distributed systems to create the space to focus on what we're actually building - the product. CATEGORIES:PLANNING AND DESIGN LOCATION:Hall D (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:5cc15749e9f14f96032c3997aaba63a0 URL:http://owaspglobalappseceuvienna20.sched.com/event/5cc15749e9f14f96032c3997aaba63a0 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T141500Z SUMMARY:Insecurity as Code: How Modern Software Scaled the Attack Surface DESCRIPTION:Drawing on large-scale telemetry from real-world production environments\, this talk examines what modern application and supply-chain security actually look like in 2025–2026. The data paints a clear picture: many organizations ship vulnerable dependencies\, exposed secrets remain surprisingly common\, infrastructure logging is frequently incomplete\, and malicious packages can reach production environments.We’ll connect these observations to recent supply-chain incidents\, from SolarWinds to self-replicating npm worms\, and explore why vulnerabilities often persist long after disclosure. More importantly\, we’ll discuss which security controls measurably reduce risk in practice\, and which tend to generate noise without improving outcomes.This talk focuses on the gap between defensive effort and attacker leverage - where defenders lose time\, and where attackers gain scale. CATEGORIES:PROCESS AND CULTURE LOCATION:Hall K2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:0548e09dc884c991814d51e995e3ae51 URL:http://owaspglobalappseceuvienna20.sched.com/event/0548e09dc884c991814d51e995e3ae51 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T140000Z SUMMARY:OWASP GenAI Security Project (Placeholder) DESCRIPTION:Stay tuned CATEGORIES:PROJECT SHOWCASE (LIGHTNING TALKS) LOCATION:Room -2.82 (Level 2)\, Vienna\, Austria SEQUENCE:0 UID:e2a8f177105a26524640aa7844d5b7a6 URL:http://owaspglobalappseceuvienna20.sched.com/event/e2a8f177105a26524640aa7844d5b7a6 END:VEVENT BEGIN:VEVENT DTSTAMP:20260510T085308Z DTSTART:20260626T133000Z DTEND:20260626T141500Z SUMMARY:Rewriting DAST Playbook: AI Agents and the Future of Web App Security DESCRIPTION:The landscape of DAST (Dynamic Application Security Testing) tools is evolving to address modern web application complexities. While these tools are effective at detecting classic vulnerabilities like injection flaws\, misconfigurations\, and broken access control\, they struggle with JavaScript-heavy SPAs\, complex workflows\, file upload/download analysis\, and second-order vulnerabilities. To improve\, modern DAST solutions are beginning to integrate AI-driven agentic browsers (e.g.\, Playwright + AI)\, out-of-band payloads\, timing-based testing\, and workflow-aware automation to better simulate real user behavior and detect deeper\, context-sensitive issues. CATEGORIES:TESTING LOCATION:Hall G2 (Level -2)\, Vienna\, Austria SEQUENCE:0 UID:ade2153747285aa693aaed4141cab271 URL:http://owaspglobalappseceuvienna20.sched.com/event/ade2153747285aa693aaed4141cab271 END:VEVENT END:VCALENDAR