OWASP Global AppSec EU 2026 Vienna

1-Day Training: June 24, 2026
Level: Intermediate
Trainer: Rob van der Veer

You may attend this training course either in person or virtually

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

The record-breaking Master AI security training is back!

This training broke the OWASP record online and on-site.

Your trainer is Rob van der Veer, Chief AI Officer at Software Improvement Group, with 33 years of AI experience, founder of the OWASP AI Exchange, co-editor for the AI Act security standard, member of the ISO/IEC 27090 for AI security, co-founder of OpenCRE, and main author of ISO 5338 on AI engineering.

Master AI security is a unique opportunity to become proficient in the intricate and rapidly evolving field of AI security.

The disruption by AI presents a significant challenge, regardless of whether you are a security professional, a developer, AI engineer, or a red teamer. What are your responsibilities? What constitutes the new AI attack surface, and what threats emerge from it? What measures can you take to mitigate these emerging risks?

This one-day intensive training program will equip you with the knowledge to tackle these AI-related challenges effectively, enabling you to apply what you learn immediately. Starting with a pragmatic overview of AI, the course then delivers an exhaustive exploration of the distinctive vulnerabilities AI introduces, the possible attack vectors, and the most current strategies to counteract threats like prompt injection, data poisoning, model theft, evasion, and more. Through practical exercises, you will gain hands-on experience in enacting strong security measures, attacking AI systems, conducting threat modelling on AI, and targeted vulnerability assessments for AI applications.

By day's end, you will possess a thorough comprehension of the core principles and techniques critical to strengthening AI systems. You will have gained practical insights and the confidence to implement cutting-edge AI security measures.

A key resource that is used in the training is the OWASP AI Exchange - the flagship project located at owaspai.org - which forms the foundation of ISO standard 27090 and the security standard of the AI Act.

The training is designed for all levels of attendees. as the material is new from the cutting edge of research and standardization. No in-depth security or AI knowledge is required, although some experience with either AI or security is helpful.

Attendees will be provided with handout slides and afterwards they can retrieve the unique Master AI security certificate.

• Stephan Cohen – BNP Paribas: “This training has significantly enhanced my understanding of both the challenges and controls in securing AI. Looking forward to applying these insights in my work. Thank you Rob for this course.”
• Ramesh Krishnasaga - British Petroleum:  “The training was enlightening. This experience went beyond just training—it provided a strategic roadmap for securing AI applications in practical scenarios."
• Jedidiah Y - S&P global: “A timely and essential training. The session was truly eye-opening! As a data scientist, I’ve always focused on building and optimizing models—accuracy, performance, and deployment. But this training completely shifted my perspective on the importance of security in AI systems."

As organizations grow, application security often becomes more painful but not more effective. Vulnerabilities recur, engineers feel blocked, and security teams struggle to scale. These failures are rarely caused by careless engineers or missing tools — they are symptoms of broken systems.

In this talk, we examine why AppSec fails to scale, particularly in growing teams and startups, and why adding more guidelines, scanners, or training usually makes the problem worse. Instead, let's approach application security as a sociotechnical system shaped by incentives, defaults, ownership boundaries, and feedback loops.

In this session, you will hear about common failure modes such as compliance-driven security, misplaced responsibility, and metrics that reward activity instead of risk reduction. Then hear about practical strategies for fixing the system: shifting security into platforms and defaults, reducing cognitive load for engineers, and aligning AppSec goals with delivery pressure and business constraints.

If you’ve ever wanted to make AppSec relatable to your developers, your business stakeholders, etc…

If you want to hear an example of security flaws in a digital-physical system and how AppSec practices apply…

If you want to hear a funny story about my student-years shenanigans and maybe reminisce about your own…

Then this is the talk for you.

Security is often taught through theory, but some of the most powerful lessons come from lived experience even when that experience involves some very questionable ethics.

I will share with you the story of how I, a broke university student, reverse engineered and exploited a parking system to get free parking for a whole school year.

But this talk isn’t just a funny story, it’s about the lessons about AppSec that it taught me. And the realization that AppSec failures can have an impact on the physical world, and will even more so in the future as our physical environments become more intertwined with technology. The current example is minor and relatively harmless, but the implications of AppSec failures could have been far more serious in a different setting.

We’ll dissect this real-world exploit and how the vulnerabilities directly map to application security. Then each aspect will be mapped to the relevant CWEs, OWASP Top 10 categories and OWASP SAMM practices.

I will leave you with one activity that would have likely prevented the issues in the aforementioned system, and that I believe should be implemented in all organizations without exception.

Many AppSec programs fail because they try to run before they can walk. But in the world of ever changing attack surface, the truth is - Slow is smooth, smooth is fast, and 'smooth' is how we actually ship secure software at the speed of business.

This presentation outlines our multi-phased methodology for establishing an AppSec program. This approach emphasizes incremental, measurable, and sustainable goals throughout the journey. I will share ‘why, what and how’ of each major business-tailored adoption of frameworks like OWASP SAMM, Security Champions Guide and open source solutions. This talk will cover both cultural and technical aspects of the program, ranging from pushback from development to customization of language-specific-SAST policies to measuring the value with KPIs.

Application security practitioners will be able to use the strategy shared in this talk to build and scale the AppSec program aligned with their business goals.

Application Security engineers face a critical challenge: information overload from disparate security tools create “decision paralysis”. How do you balance design reviews, threat modeling, code reviews, monitoring alerts and managing your bug bounty program in an intentional instead of ad-hoc or reactive way?

This presentation demonstrates a novel approach using AI agents combined with Model Context Protocol (MCP) servers to automate work discovery and prioritize intelligently. Through practical examples, I'll show how Claude Code integrates with existing enterprise infrastructure—including issue tracking systems, content management platforms, Cloud Security Posture Management (CSPM) tools, and version control systems—to create an autonomous triage and prioritization engine.

You'll see how AI agents can pull together security data from all your different tools, figure out what actually matters based on your business context and threat intel, and spit out a prioritized to-do list that makes sense. I'll walk through real examples showing how this approach cuts down remediation times and helps you cover more ground with the same resources.

Agile software development and IT security share the goal of delivering reliable, robust software, yet they often collide in practice. Security validation is still frequently deferred to the end of the development lifecycle, producing findings too late to be effectively addressed. Under delivery pressure, this can lead to defensive reactions toward security activities and tools. This talk explores why security issues are detected yet may not be processed soon and shows how integrating security early and continuously can transform friction into collaboration.

Most AppSec programs fail not because people disagree with security, but because security competes with habits that are already winning. Developers don’t wake up wanting to threat-model or review alerts - they wake up wanting to ship.

In this talk, we’ll stop trying to “convince” people to care about security and instead learn how to design AppSec activities so they naturally stick. Using proven techniques from behavioural science, you’ll learn how to create a quiet, behind-the-scenes plan that turns security tasks into habits - without mandates, enforcement, or friction-heavy processes.

We’ll explore how to reduce friction, align incentives, and embed security into existing workflows, so secure behavior becomes the default. This is not about more policies or awareness training. It’s about building a deliberate, ethical “secret plan” that makes AppSec activities feel wanted, automatic, and hard to avoid - in the best possible way.

Enforcing security policies at enterprise scale is challenging, and it's becoming more so with rapid delivery cycles and AI-assisted development. Many organisations adopt policy-as-code to improve security and compliance but realise that, despite the solution’s technical soundness, exceptions multiply and teams quietly work around enforcement to meet delivery targets, with little real improvement in security outcomes.

This talk shares a real-world story of rolling out policy-as-code enforcement across an organisation with several thousand developers. It highlights not only the technical architecture of the enforcement system but also the organisational changes required to ensure its sustainability.

You’ll find out how security policies were defined, versioned, and consistently enforced across CI/CD pipelines. This talk also covers how enforcement points were designed and how feedback loops were built and embedded in the organisation to reduce friction. The session also explores how bypasses and exceptions were handled consistently at scale, and how validation was treated as an organisational assurance problem rather than just a tooling concern.

The talk offers vendor-neutral solutions and practical patterns, lessons learned, and design principles that attendees can adapt to their own environments.

Have you heard about “security champions programs” that seem to be gaining popularity these days? Maybe your company is running such a program, yet you doubt its effectiveness, wondering if it’s worth sustaining? The thing is, you might not be the only one asking these questions. Let’s hear from security and champions alike.

Mireia is a security engineer focused on application security who has created and run security champions programs, and has seen them both fail and succeed. Lisi worked in development teams for a long time, became a security champion and later switched gears to security engineering. Both of us were in the trenches, on opposite sides - and both of us tried to build a strong bridge between security and engineering teams.

In this talk, we’ll have our two perspectives merge and draw lessons from our attempts. Both security engineers and champions need clarity on what’s expected from them to sustain the program. Both benefit from nurturing a strong community to increase resilience. Both need to dare to be vulnerable in acknowledging what’s wrong in our systems and processes so we can grow.

None of us can operate effectively alone. Tossing a rope from security to development teams is not enough to establish security champions. Instead, let’s build this bridge together from both ends to make it strong, sustainable and scalable.

This session highlights our 6-year journey of building and sustaining a Security Community of Practice (CoP) from the ground up. We shifted from a project-centric organization with detailed, mandatory quality gates to an Agile model. This challenged us to scale and approach our self-reliant tribes in a new way. We will share which concepts worked and which were scrapped after initial trials. Additionally, we will deep dive into how we used CTFs for continuous content creation usingself developed and readily available challenges. We evolved from a manual "mail-in your solutions" approach to leveraging platforms like OWASP Juice Shop and OWASP UnCrackable Apps, creating a consistent content source and an engaging game experience for all our Security Champions.

Drawing on large-scale telemetry from real-world production environments, this talk examines what modern application and supply-chain security actually look like in 2025–2026. The data paints a clear picture: many organizations ship vulnerable dependencies, exposed secrets remain surprisingly common, infrastructure logging is frequently incomplete, and malicious packages can reach production environments.

We’ll connect these observations to recent supply-chain incidents, from SolarWinds to self-replicating npm worms, and explore why vulnerabilities often persist long after disclosure. More importantly, we’ll discuss which security controls measurably reduce risk in practice, and which tend to generate noise without improving outcomes.

This talk focuses on the gap between defensive effort and attacker leverage - where defenders lose time, and where attackers gain scale.