OWASP Global AppSec EU 2026 Vienna

AI-assisted development is now responsible for a significant and growing portion of production code. However, most AppSec programs still treat AI as an external input to be scanned after code is written, rather than as a system that can be guided to produce safer code up front.

In this Practical On-Demand session, participants will explore a secure-by-construction approach to AI coding using Cursor-style rules and hooks. The POD is structured around short, repeatable activities rather than a linear workshop.

Understanding security fundamentals doesn’t have to be dry or abstract. In this interactive CF‑Pod, you’ll explore the core principles of confidentiality, integrity, and availability through surprising physical demonstrations and simple “magic‑like” activities that make each concept intuitive and memorable.

Each station focuses on one security principle and offers a short, hands‑on challenge that transforms an abstract idea into something you can see, touch, and explain to others. You can drop in for 10–15 minutes, try an activity, and walk away with a clear, practical analogy you can use in real‑world conversations with teammates and stakeholders.

Whether you're new to security or looking for better ways to teach it, this session will give you fun, effective tools for communicating the foundations of secure systems.

Application security failures often stem from small, everyday oversights that quietly accumulate into serious risk. This Practical On-Demand (POD) activity lets participants explore how those issues surface in real applications by actively engaging with a deliberately vulnerable web app.

Attendees can drop in at any time and participate in a self-paced, Capture the Flag (CTF) style challenge centred on investigation, experimentation, and problem solving. Starting from a minimal application with limited guidance, participants uncover and connect security weaknesses to progressively increase their level of access.

The activity is designed to be accessible to all experience levels. Newcomers can engage with individual challenges and learn core AppSec concepts, while more experienced practitioners can pursue deeper exploration and more complex exploitation paths. All scenarios are inspired by issues commonly encountered in real world development environments.

Facilitators are present throughout the session to support participants, answer questions, and provide short, optional walkthroughs for those without laptops. The emphasis remains on doing, discovery, and practical takeaways, ensuring participants leave with a stronger intuition for identifying risk and concrete guidance they can apply in their own applications.

Learn the foundations of cybersecurity through a card game.

Participate in a tabletop, technology-free “capture the flag” experience where players gain practical insights into protecting digital information, responding to cyberattacks, and understanding core concepts such as the Cyber Kill Chain and the NIST Cybersecurity Framework.

For less experienced practitioners, the game builds a strong foundational mindset to support their ongoing cybersecurity journey. For more experienced practitioners, it offers a fresh, engaging way to communicate and teach core cybersecurity concepts. This makes cybersecurity more accessible and approachable for others.

New CVEs are released constantly, but in practice most teams never go beyond reading the advisory or relying on automated scanning. This POD is designed to change that by giving participants time and platform to hunt and exploit real-world critical CVEs.

Participants will have access to 10 hands-on challenges, each based on a real high or critical severity CVE commonly found in modern applications. Each challenge runs within a limited time window and can be attempted independently of the others.

For each challenge, participants can click a Deploy Lab option to spin up a temporary target system. The deployed application/system contains a previously undisclosed CVE to the participant, and the task is to identify the vulnerability, understand its behavior, and exploit it to demonstrate impact.

There is no fixed order or linear walkthrough. Participants are free to choose which CVEs to attempt, how deep they want to go with each one, and how long they want to stay in the activity. Some CVEs will allow participants to become admin, some might give a reverse shell. Labs are provisioned on demand using infrastructure-as-code, allowing participants to work independently on each challenge.

Some participants may focus on understanding a single CVE and reproducing it reliably. Others may try to exploit multiple issues or explore alternate attack paths. Both approaches are expected and encouraged.

The emphasis of this POD is on building practical intuition: how to read advisories critically, identify vulnerable attack surfaces, validate exploitability, and understand real impact beyond severity scores. The activity is fully hands-on, informal, and designed so people can join and leave at any time without falling behind.

“2001: Agentic Odyssey” is a hands-on, drop-in POD where we threat model the HAL 9000 system from 2001: A Space Odyssey as if it were a modern agentic AI system (LLM + tools + permissions + side effects). I bring a HAL DFD, and together we mark trust boundaries and do classic “what can go wrong?” threat identification. Participants then split into small groups to build attack-tree branches and translate them into Fault Tree Analysis (FTA) using AND/OR logic and minimal cut sets, including lightweight probability estimates to prioritise the most likely failure chains. We finish by turning those failure paths into automation-ready test ideas (fault injection, invariants, evidence), and optionally drafting a structured HAL threat model for submission to the OWASP Threat Model Library. Designed so anyone can contribute in 10-15 minutes, while advanced participants can go deep on FTA and prioritisation. Every stage is split into a way to enable drop-ins at any time.

Modern codebases are large, fast-moving, and increasingly AI-assisted, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.

Participants will actively work through realistic code security scenarios drawn from modern APIs, cloud-native services, and GenAI-enabled components. Using guided exercises and optional AI prompts, attendees will identify vulnerabilities, reason about exploitability, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control, injection, insecure design, and supply chain issues).

This is not a talk or a tool demo. Participants will do the work themselves through short, practical challenges. Beginners can follow structured steps, while experienced AppSec practitioners can dive into advanced issues such as logic flaws, authorization bypasses, insecure AI integrations, prompt injection risks in code, and unsafe use of AI-generated code.

The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments, with or without AI tools.

Privacy risks are rarely obvious when looking at data, features, or apps in isolation. They emerge through changing context and are impacted by user perception.

In this POD, participants play Context & Cringe, a discussion-driven card game where players build fictional app scenarios using real-world data and features, then judge how those designs feel from a user’s perspective.

Rather than focusing on compliance or checklists, this session helps participants develop intuition for privacy impact by actively creating, debating, and experiencing cringey design choices. The result is a hands-on, low-barrier way to surface privacy risks that are often missed in a traditional security analysis - and a non-adversarial way to introduce uncomfortable topics into team discussions.

interactive DDoS competition - player on player!

Each round players chooses to be an attacker or defender, matches up with an opponent and configures their attack/defense. The attack traffic is run (speed run), scores are given based on attack traffic stopped vs let through, and legit traffic blocked.

Players gain points each round, and there is an ongoing scoreboard. Leading attacker and defender configs are published too, so defenders and attackers can adapt.

The game is played on a webapp so can be accessed via mobile or laptop.

LLMs are no longer standalone chatbots—they're increasingly embedded directly into application logic, with access to databases, APIs, file systems, and internal services. This architectural shift means the most dangerous LLM exploits don't just manipulate the model; they use the model as an attack vector to reach traditional AppSec targets. Prompt injection becomes a path to SQL injection. Conversational manipulation enables SSRF. The AI agent becomes an unwitting insider threat.

In this hands-on POD, participants will experience this convergence firsthand through a purpose-built vulnerable web application with an integrated AI agent. Through independent challenges, attendees will discover how attackers chain LLM manipulation with classic web exploitation—and why securing AI-integrated applications requires understanding both domains.

Challenges are designed for drop-in participation and cover multiple difficulty levels:
- Beginner-friendly: Basic prompt manipulation and information disclosure
- Intermediate: Chaining AI misuse with traditional web exploitation
- Advanced: Multi-stage attacks combining indirect prompt injection with server-side vulnerabilities

Each challenge is self-contained (under 15 minutes) with clear objectives, hints available on request, and facilitators ready to guide participants. Whether you're new to AI security or a seasoned pentester curious about LLM attack vectors, you'll walk away with practical techniques applicable to real-world assessments.

Challenges are mapped to multiple OWASP frameworks: the OWASP Top 10 for LLM Applications (covering risks like LLM01: Prompt Injection, LLM07: Insecure Plugin Design), the OWASP API Security Top 10, and the classic OWASP Web Application Top 10, helping participants connect new AI risks to established security knowledge.

No prior AI/ML experience required. Just curiosity and a laptop with a modern browser. All challenges run in-browser against our cloud-hosted lab environment.

Learn the foundations of cybersecurity through a card game.

Participate in a tabletop, technology-free “capture the flag” experience where players gain practical insights into protecting digital information, responding to cyberattacks, and understanding core concepts such as the Cyber Kill Chain and the NIST Cybersecurity Framework.

For less experienced practitioners, the game builds a strong foundational mindset to support their ongoing cybersecurity journey. For more experienced practitioners, it offers a fresh, engaging way to communicate and teach core cybersecurity concepts. This makes cybersecurity more accessible and approachable for others.

interactive DDoS competition - player on player!

Each round players chooses to be an attacker or defender, matches up with an opponent and configures their attack/defense. The attack traffic is run (speed run), scores are given based on attack traffic stopped vs let through, and legit traffic blocked.

Players gain points each round, and there is an ongoing scoreboard. Leading attacker and defender configs are published too, so defenders and attackers can adapt.

The game is played on a webapp so can be accessed via mobile or laptop.

LLMs are no longer standalone chatbots—they're increasingly embedded directly into application logic, with access to databases, APIs, file systems, and internal services. This architectural shift means the most dangerous LLM exploits don't just manipulate the model; they use the model as an attack vector to reach traditional AppSec targets. Prompt injection becomes a path to SQL injection. Conversational manipulation enables SSRF. The AI agent becomes an unwitting insider threat.

In this hands-on POD, participants will experience this convergence firsthand through a purpose-built vulnerable web application with an integrated AI agent. Through independent challenges, attendees will discover how attackers chain LLM manipulation with classic web exploitation—and why securing AI-integrated applications requires understanding both domains.

Challenges are designed for drop-in participation and cover multiple difficulty levels:
- Beginner-friendly: Basic prompt manipulation and information disclosure
- Intermediate: Chaining AI misuse with traditional web exploitation
- Advanced: Multi-stage attacks combining indirect prompt injection with server-side vulnerabilities

Each challenge is self-contained (under 15 minutes) with clear objectives, hints available on request, and facilitators ready to guide participants. Whether you're new to AI security or a seasoned pentester curious about LLM attack vectors, you'll walk away with practical techniques applicable to real-world assessments.

Challenges are mapped to multiple OWASP frameworks: the OWASP Top 10 for LLM Applications (covering risks like LLM01: Prompt Injection, LLM07: Insecure Plugin Design), the OWASP API Security Top 10, and the classic OWASP Web Application Top 10, helping participants connect new AI risks to established security knowledge.

No prior AI/ML experience required. Just curiosity and a laptop with a modern browser. All challenges run in-browser against our cloud-hosted lab environment.

New CVEs are released constantly, but in practice most teams never go beyond reading the advisory or relying on automated scanning. This POD is designed to change that by giving participants time and platform to hunt and exploit real-world critical CVEs.

Participants will have access to 10 hands-on challenges, each based on a real high or critical severity CVE commonly found in modern applications. Each challenge runs within a limited time window and can be attempted independently of the others.

For each challenge, participants can click a Deploy Lab option to spin up a temporary target system. The deployed application/system contains a previously undisclosed CVE to the participant, and the task is to identify the vulnerability, understand its behavior, and exploit it to demonstrate impact.

There is no fixed order or linear walkthrough. Participants are free to choose which CVEs to attempt, how deep they want to go with each one, and how long they want to stay in the activity. Some CVEs will allow participants to become admin, some might give a reverse shell. Labs are provisioned on demand using infrastructure-as-code, allowing participants to work independently on each challenge.

Some participants may focus on understanding a single CVE and reproducing it reliably. Others may try to exploit multiple issues or explore alternate attack paths. Both approaches are expected and encouraged.

The emphasis of this POD is on building practical intuition: how to read advisories critically, identify vulnerable attack surfaces, validate exploitability, and understand real impact beyond severity scores. The activity is fully hands-on, informal, and designed so people can join and leave at any time without falling behind.

Modern codebases are large, fast-moving, and increasingly AI-assisted, making traditional code security approaches hard to scale. This hands-on POD explores how AI can augment secure coding and code review workflows—without replacing human judgment.

Participants will actively work through realistic code security scenarios drawn from modern APIs, cloud-native services, and GenAI-enabled components. Using guided exercises and optional AI prompts, attendees will identify vulnerabilities, reason about exploitability, and prioritize fixes mapped to OWASP Top 10 risks (including broken access control, injection, insecure design, and supply chain issues).

This is not a talk or a tool demo. Participants will do the work themselves through short, practical challenges. Beginners can follow structured steps, while experienced AppSec practitioners can dive into advanced issues such as logic flaws, authorization bypasses, insecure AI integrations, prompt injection risks in code, and unsafe use of AI-generated code.

The POD is drop-in friendly: participants can engage for a few minutes or stay longer to tackle deeper challenges. All techniques are applicable to real-world development environments, with or without AI tools.

Privacy risks are rarely obvious when looking at data, features, or apps in isolation. They emerge through changing context and are impacted by user perception.

In this POD, participants play Context & Cringe, a discussion-driven card game where players build fictional app scenarios using real-world data and features, then judge how those designs feel from a user’s perspective.

Rather than focusing on compliance or checklists, this session helps participants develop intuition for privacy impact by actively creating, debating, and experiencing cringey design choices. The result is a hands-on, low-barrier way to surface privacy risks that are often missed in a traditional security analysis - and a non-adversarial way to introduce uncomfortable topics into team discussions.

OWASP Juice Shop is probably the most modern and sophisticated insecure web application!
Come over with a cup of coffee and pwn the Juice Shop and get points in the Capture the Flag.
If you can show the “AppSec EU 2026” product description flag, you will get a special edition of the AppSec EU Juice Shop sticker.

Get to know how to perform secure coding workshops with the Juice Shop and the Juice Shop ecosystem.

Use our prepared laptops or bring your own (with Browser Developer Tools or ZAP installed)!

Talk with us about latest trends in the Juice Shop.

Understanding security fundamentals doesn’t have to be dry or abstract. In this interactive CF‑Pod, you’ll explore the core principles of confidentiality, integrity, and availability through surprising physical demonstrations and simple “magic‑like” activities that make each concept intuitive and memorable.

Each station focuses on one security principle and offers a short, hands‑on challenge that transforms an abstract idea into something you can see, touch, and explain to others. You can drop in for 10–15 minutes, try an activity, and walk away with a clear, practical analogy you can use in real‑world conversations with teammates and stakeholders.

Whether you're new to security or looking for better ways to teach it, this session will give you fun, effective tools for communicating the foundations of secure systems.

AI-assisted development is now responsible for a significant and growing portion of production code. However, most AppSec programs still treat AI as an external input to be scanned after code is written, rather than as a system that can be guided to produce safer code up front.

In this Practical On-Demand session, participants will explore a secure-by-construction approach to AI coding using Cursor-style rules and hooks. The POD is structured around short, repeatable activities rather than a linear workshop.

Application security failures often stem from small, everyday oversights that quietly accumulate into serious risk. This Practical On-Demand (POD) activity lets participants explore how those issues surface in real applications by actively engaging with a deliberately vulnerable web app.

Attendees can drop in at any time and participate in a self-paced, Capture the Flag (CTF) style challenge centred on investigation, experimentation, and problem solving. Starting from a minimal application with limited guidance, participants uncover and connect security weaknesses to progressively increase their level of access.

The activity is designed to be accessible to all experience levels. Newcomers can engage with individual challenges and learn core AppSec concepts, while more experienced practitioners can pursue deeper exploration and more complex exploitation paths. All scenarios are inspired by issues commonly encountered in real world development environments.

Facilitators are present throughout the session to support participants, answer questions, and provide short, optional walkthroughs for those without laptops. The emphasis remains on doing, discovery, and practical takeaways, ensuring participants leave with a stronger intuition for identifying risk and concrete guidance they can apply in their own applications.

“2001: Agentic Odyssey” is a hands-on, drop-in POD where we threat model the HAL 9000 system from 2001: A Space Odyssey as if it were a modern agentic AI system (LLM + tools + permissions + side effects). I bring a HAL DFD, and together we mark trust boundaries and do classic “what can go wrong?” threat identification. Participants then split into small groups to build attack-tree branches and translate them into Fault Tree Analysis (FTA) using AND/OR logic and minimal cut sets, including lightweight probability estimates to prioritise the most likely failure chains. We finish by turning those failure paths into automation-ready test ideas (fault injection, invariants, evidence), and optionally drafting a structured HAL threat model for submission to the OWASP Threat Model Library. Designed so anyone can contribute in 10-15 minutes, while advanced participants can go deep on FTA and prioritisation. Every stage is split into a way to enable drop-ins at any time.