OWASP Global AppSec EU 2026 Vienna

Modern codebases are large, fast-moving, and increasingly AI-assisted, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.

Participants will actively work through realistic code security scenarios drawn from modern APIs, cloud-native services, and GenAI-enabled components. Using guided exercises and optional AI prompts, attendees will identify vulnerabilities, reason about exploitability, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control, injection, insecure design, and supply chain issues).

This is not a talk or a tool demo. Participants will do the work themselves through short, practical challenges. Beginners can follow structured steps, while experienced AppSec practitioners can dive into advanced issues such as logic flaws, authorization bypasses, insecure AI integrations, prompt injection risks in code, and unsafe use of AI-generated code.

The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments, with or without AI tools.

Modern codebases are large, fast-moving, and increasingly AI-assisted, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.

Participants will actively work through realistic code security scenarios drawn from modern APIs, cloud-native services, and GenAI-enabled components. Using guided exercises and optional AI prompts, attendees will identify vulnerabilities, reason about exploitability, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control, injection, insecure design, and supply chain issues).

This is not a talk or a tool demo. Participants will do the work themselves through short, practical challenges. Beginners can follow structured steps, while experienced AppSec practitioners can dive into advanced issues such as logic flaws, authorization bypasses, insecure AI integrations, prompt injection risks in code, and unsafe use of AI-generated code.

The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments, with or without AI tools.

OWASP Juice Shop is probably the most modern and sophisticated insecure web application!
Come over with a cup of coffee and pwn the Juice Shop and get points in the Capture the Flag.
If you can show the “AppSec EU 2026” product description flag, you will get a special edition of the AppSec EU Juice Shop sticker.

Get to know how to perform secure coding workshops with the Juice Shop and the Juice Shop ecosystem.

Use our prepared laptops or bring your own (with Browser Developer Tools or ZAP installed)!

Talk with us about latest trends in the Juice Shop.