OWASP Global AppSec EU 2026 Vienna

In security, it is important to understand the whole chain: from regulation to business risk, to requirement, to code example, to vulnerability, to test method, to tool configurations. However, so far there hasn’t been a solid way to interconnect standards, documentation, and tooling. Standards writers often work in isolation, and tooling authors rightly focus on quality results instead of comprehensive information about those results.

The open source initiative OpenCRE.org connects all these sources of information: It links topics across multiple standards, including the Top 10, ASVS, Pro-active controls, Testing guide, Cheat sheets, SAMM, SSDF, ISO27001, CSA CCMv3, CWE, CAPEC, PCI-DSS, NIST 800-53 and 63b. It further links code samples and offensive tooling configurations or rules. That way it serves as a universal translator, to connect every role involved: executive, compliance officer, procurement, architect, developer,and tester.

This talk takes you through how openCRE.org works, how we have brought all these standards together, how we used AI in a revolutionary way, and how you can benefit in your work as a manager, builder, breaker, buyer, or standard maker!

The intended audience for this talk is anyone involved with Application Security and looking for an easy-to-use guide, mapping standards to regulations to code and configurations.

This talk presents the OWASP AI Testing Guide as a practical extension of traditional application security methodologies for AI and LLM-based systems. It shows how AppSec engineers can systematically identify, model, and test AI-specific risks using an OWASP-aligned approach, rather than relying on ad hoc assessments or vendor claims.

The session starts with an architecture-driven threat modeling process for AI systems, decomposing LLM applications into application, model, data, and infrastructure layers. Using OWASP LLM Top 10 and threat modeling of AI System and Agent AI architectures, the talk demonstrates how AI attack surfaces and threat scenarios can be identified and mapped to concrete security risks. These threats are then mapped to testable hypotheses using the OWASP AI Testing Guide, bridging the gap between threat modeling and hands-on security testing.

Through real-world examples, the talk explores how common AI vulnerabilities manifest in practice, including prompt injection, jailbreak techniques, sensitive data exposure, model misalignment, hallucinations, RAG pipeline abuse, and agent workflow exploitation.
The audience will see how these issues can be tested in LLM-based applications using OWASP AITG test cases, OWASP LLM Top 10 payloads, and common AppSec and AI toolings.

The session concludes by showing how AI security testing can be integrated into MLSecOps. It highlights how organizations can move from intuition-based AI security to evidence-based risk validation, positioning OWASP AITG as a foundational methodology for securing AI systems within modern application security programs.

The key message of the talk is that trustworthy AI is not achieved through design assumptions or policy statements, but through systematic, repeatable testing aligned with OWASP principles.

AI systems face threats that traditional application security standards weren't built to address. This includes prompt injection, training data poisoning, model extraction, agentic autonomy risks, and more. The OWASP AI Security Verification Standard (AISVS) provides 400+ testable requirements across 14 chapters, covering everything from input validation and model lifecycle management to MCP protocol security and autonomous agent controls. This lightning talk introduces the standard's structure, its three verification levels, and how security teams can use it today to assess and harden AI-powered applications. We'll show where AISVS fits alongside existing frameworks like ASVS, NIST AI RMF, and ISO 42001 and where it deliberately doesn't overlap.

As the cornerstone of open-source Web Application Firewalls, OWASP ModSecurity has protected the web for decades. However, maintaining its relevance in today’s evolving threat landscape requires more than just incremental updates—it requires a fundamental modernization. This presentation dives deep into the recent engineering efforts aimed at transforming the ModSecurity codebase into a leaner, more robust, and future-proof security engine.

Key highlights include:

* Code Quality & Refactoring: How we addressed technical debt and implemented stricter development standards.

* New Features: A look at the latest functionalities designed to counter sophisticated web attacks.

* Dependency Management: The rationale behind removing abandoned libraries and the technical challenges involved.

* The Path to a New Version: Why a major version update became necessary and what it means for the community.

* Beyond the Code: A brief look at the supporting ecosystem, including the complete renewal of the official website and documentation.

Attendees will gain a clear understanding of the architectural decisions shaping the next era of ModSecurity and what to expect from the upcoming releases.

Introduction

File Integrity Monitoring is still a critical part of runtime security, but in Kubernetes it comes with new challenges. A single cluster can generate thousands of file system events per second across containers, nodes, and workloads. While eBPF allows us to safely and efficiently capture these events at the kernel level, interpreting them remains a hard problem.

OWASP KubeFIM AI is built to address this gap.

This session presents how KubeFIM AI sits on top of the OWASP KubeFIM Agent and analyzes kernel-level File Integrity Monitoring events collected via eBPF. Instead of treating each event as an alert, KubeFIM AI focuses on reasoning over events by correlating them with Kubernetes context such as pods, namespaces, images, and workload behavior.

Technical Details and Future Roadmap

The talk will cover:

1. Why raw eBPF-based FIM events are difficult to use at scale

2. What kernel-level file operations actually tell us during real attacks

3. How KubeFIM AI models file behavior over time instead of reacting to single events

4. Using Kubernetes context to distinguish expected behavior from suspicious activity

5. How AI can reduce noise, explain intent, and improve triage without hiding technical details

Rather than using a generic large language model, KubeFIM AI is designed around a domain-specific approach, trained to understand file system behavior, container lifecycles, and Kubernetes runtime patterns. The focus is on producing human-readable security insights.

The session will also discuss the roadmap for the project, including plans to improve detection accuracy, reduce alert fatigue, and assist security teams with faster incident response in cloud-native environments.

Explain why KubeFIM AI Is Not a SIEM Replacement

KubeFIM AI is not designed to replace a SIEM. It solves a different problem at a different layer of the stack.

SIEM platforms focus on collecting, storing, and correlating logs and alerts from many sources across an organization. They are built for visibility, compliance, long-term retention, and investigation across applications, cloud services, networks, and users.

KubeFIM AI operates much closer to the system. It works at the Linux kernel level using eBPF to observe file system behavior inside Kubernetes nodes and containers. Its primary role is to generate high-quality runtime security signals, not to aggregate logs or manage incidents.

The project intentionally avoids becoming a central log store or alerting platform. Instead, it focuses on understanding why a file change occurred, whether it matches expected workload behavior, and whether it may indicate a security issue. This analysis happens before data is sent anywhere else.

In practice,

In this session, I´ll show you how to sreamline the identification of security requirements associated with user stories in agile methodologies Using OWASP Cornucopia. Here you´ll se how to integrate User Stories with Cornucopia Cards and with ASVS as an security requirements and the defects that may arise if the security requirements are not properly considered or implemented. At the beginning ,we will explore two concepts I used to create this different way of playing OWASP Cornucopia and scaling it in agility, complementing the architecture-based threat model: Evil User Stories Modeling and Secure Scrum. All of this to apply the principle Security Just in Time for design a single product backlog that integrates security functionalities and controls into user stories avoiding the creation of a cybersecurity parallel backlog.

The OWASP MCP Top 10 identifies the most critical security risks in MCP-enabled ecosystems. At the top of that list sits MCP Top 01: Untrusted Context Injection, a class of vulnerabilities where malicious inputs manipulate the context provided to AI agents, influencing their reasoning and actions.

Unlike traditional vulnerabilities that exploit deterministic code paths, MCP attacks target the decision-making layer of AI systems.

In this session, we explore how attackers can manipulate agent context, poison tool outputs, or inject instructions that cause AI systems to leak sensitive data, perform unintended actions, or bypass security controls.

Through real-world examples and architectural analysis, we will walk through the emerging MCP threat model and discuss defensive patterns organizations must adopt to secure the next generation of agentic AI systems.

The future of application security may depend on securing not just code but the context that AI thinks with.

OWASP's flagship project, AI Exchange, is the world's AI security guide.

300+ pages of free, constantly-evolving, practical guidance on securing AI systems. It covers the fundamentals and represents the closest publicly available alignment of global expert consensus, feeding directly into the AI Act and ISO standards through a unique SDO partnership.

Historically (pun intended) the OWASP Top 10 has been a standard awareness document for developers and web application security. However its mitigation strategies can transcend history and be applied to critical infrastructures under attack, *exempli gratia* museums.

In this talk, we’ll explore the newest OWASP Top 10 (released in November MMXXV) through the lens of famous Museum heists (Louvre, you are not alone) — a narrative journey through security blind spots, sneaky exploits, and lack of awareness.

Are you looking to strengthen your organization’s software assurance program, prove compliance with industry frameworks, or simply level up your AppSec game? Join OWASP project leaders Sebastien and Aram for an engaging introduction and the latest updates on OWASP Software Assurance Maturity Model (SAMM) — the open, community-driven standard for building and measuring software security practices.

This session will highlight how SAMM helps organizations jumpstart, assess, and accelerate their software assurance roadmap, with practical takeaways you can apply right away:

• Tools and Assessment Guidance – Learn about the growing ecosystem of SAMM tools and the latest assessment techniques that make measuring and improving your maturity more approachable than ever.
• Framework Mapping – See how SAMM connects with industry standards like the NIST Secure Software Development Framework (SSDF) and OpenCRE, helping you demonstrate compliance and align with external requirements while maintaining a developer-friendly approach.
• Benchmarking with Peers – Discover the OWASP SAMM Benchmark, which allows organizations to compare their security practices against peers and industry trends anonymously—helping you spot strengths, identify gaps, and track progress over time.

Whether you’re new to SAMM or already using it, you’ll gain actionable strategies, practical insights, and a clear roadmap to achieving security excellence.

Security is widely recognized as one of the top global risks, yet many organizations struggle managing that risk effectively. One of the key reasons is that application security efforts often consist of fragmented tools and isolated practices rather than a coherent program focused on people, processes, and tools.
Within the OWASP community, two mature models exist to support application security programs, OWASP Software Assurance Maturity Model (SAMM) and OWASP DevsSecOps Maturity Model (DSOMM). However, practitioners frequently struggle to understand how these models differ, where they overlap, and how they should be applied in practice. As a result, SAMM and DSOMM are often perceived as competing frameworks. Moreover, their breadth and depth can be overwhelming for teams encountering them for the first time, reinforcing the myth that they must choose one or the other.

This talk provides a structured, high level introduction to both OWASP SAMM and OWASP DSOMM, focusing on their shared principles as well as their key differences. By introducing a simple taxonomy of security scopes, the session explains why multiple security frameworks are necessary and clarifies where SAMM and DSOMM each fit. SAMM is positioned as a model focused on organizational security capabilities and application program maturity, supporting management and strategic decision making, while DSOMM focuses on DevSecOps implementation and operational practices, providing concrete guidance for technical teams and engineering workflows.

This session concludes with a practical case study of a SaaS organization, illustrating how SAMM and DSOMM can be used together to create a coherent improvement roadmap. The case study demonstrates how organizations can start small, avoid boiling the ocean, and use both models in tandem to achieve structured, practical, and sustainable improvements in application security.

In this talk, Carlos Holguera and Sven Schleier, the OWASP Mobile Application Security (MAS) Project Leaders, will take a hands-on look at some of the latest OWASP MAS developments.

This session will provide key updates on the latest advancements in the Mobile Application Security (MAS) project, including the MASWE (Mobile Application Security Weakness Enumeration) Beta and the MASTG (Mobile Application Security Testing Guide) v2. We’ll share the progress on the creation of new weaknesses, atomic tests, and demos designed to help developers and security researchers enhance their testing methodologies.

A major highlight will be a new Frida-based tool for dynamic analysis of Android and iOS apps. It is based on JSON hook files which allows a consistent and simple test approach of the OWASP MAS demos and during assessments.

Whether you're a security researcher, developer, or just doing it for fun, this talk will equip you with the latest tools and insights to boost your mobile application security skills to stay ahead in mobile security!

Kubernetes features are moving fast, and its networking layer is constantly adapting for all new kinds of workloads. However we still lack a basic but essential feature: a way to filter and protect incoming web traffic.

The Gateway API is the natural place to add security, and many enterprises mandate such a thing. In this session, we introduce a new project that connects OWASP Coraza WAF directly with Kubernetes.

Join us to learn more on how Coraza Kubernetes Operator is proposing to bring the well known CoreRuleSet (CRS) filtering approach to Kubernetes, on a structured way, allowing cluster and gateway admins to provide traffic filtering on Gateway API and lift the security features to another level.

Project leaders Colin Watson and Tin Zaw announced the official release of the version 1.3 of the OWASP Automated Threat Handbook on March 12, 2026.

Even after ten years, this handbook remains the go-to resource for security pros who want actionable information and resources to help defend against automated threats to web applications which abuse valid functionality. The handbook still defines twenty-one unique, unordered, OWASP Automated Threats (OATs). This latest update ensures it stays ahead of the curve in our rapidly shifting threat landscape.

In this session, I will share updates on version 1.3 and, more importantly, discuss our progress toward version 2.0 of the handbook.

With the rise of Agentic AI—which is automated by nature—the project is seeking to better understand how this specific traffic impacts web applications. Audience participation and input are highly encouraged

OWASP Nettacker project (a portmanteau of "Network Attacker") is a relatively new yet an awesome and powerful 'swiss-army-knife' automated penetration testing framework fully written in Python. Nettacker recently gained a lot of interest from the penetration testing community and was even included in the specialist Linux distribution for penetration testers and security researchers. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example an ability to chain different scan methods. This talk will feature a live demo and several practical usage examples of how organisations can benefit from this OWASP project for automated security testing

Stay tuned