Sched.com Conference Mobile Apps
OWASP Global AppSec EU 2026 Vienna
OWASP Global AppSec EU 2026 Vienna
Sign up
or
log in
to add sessions to your schedule and sync them to your phone or calendar.
About
Schedule
Venue Map
Search
Menu
About
Schedule
Venue Map
Search
Share your event
Share via
or Copy link
Copy
Event Schedule
My Schedule
0
View
Simple
Expanded
Grid
By Venue
View
Simple
Expanded
Grid
By Venue
Monday
, June 22
Foyer D (Level -2)
8:30am •
Coffee/tea
Tuesday
, June 23
Room -2.11 (Level -2)
9:00am •
Private BOD Meeting
Wednesday
, June 24
Room -2.11 (Level -2)
7:30am •
Private Board Meeting
Thursday
, June 25
Expo Hall X1
8:30am •
Coffee/tea
12:15pm •
Lunch in Expo Hall
3:00pm •
PM Break in Expo Hall
4:15pm •
Networking Reception in Expo Hall and OWASP Jeopardy!
Hall D (Level -2)
9:00am •
Opening Remarks
9:15am •
Keynote: The Reinvention of Software Engineering
10:30am •
AI Explainability Score Card
11:30am •
Authorization Is Where Your App Goes to Lie
1:15pm •
The Map of Artificial Treasures: What to Automate in Security - and Why?
2:15pm •
Human Rights Threat Modeling
3:30pm •
AI and the Threat Modeling Manifesto: Conflicts, Failure Modes, and Better Patterns
Hall G1 (Level -2)
10:30am •
Builders & Breakers Part II: Securing Agentic AI After the Death of LLM Wrappers
11:30am •
The OWASP Top Ten 2025
1:15pm •
Retiring CVE Chasing: Defending Against Application Exploit Techniques
2:15pm •
Beyond the Chatbox: Implementing Guardrails for Autonomous Agents and LLMs Using Tools
3:30pm •
The Devil is in the Defaults - what to do about XSS
Hall G2 (Level -2)
10:30am •
Scanning Agentic AI Systems: Beyond Traditional LLM Red Teaming
11:30am •
Developing Effective Security Testing Skills with Objective Structured Assessments
2:15pm •
This Build can Break You - Evil Runners and eBPF for Detection
3:30pm •
Boiling the Ocean for Signal: Lessons from High-Volume OSS Malware Detection
Hall K1 (Level -2)
10:30am •
Why Isn't the Fix in My Container? Tracking CVE Propagation Across 10,000 Projects
11:30am •
Actionable Continuous SBOM Diffing
1:15pm •
One IDE to Rule Them All - Securing Your Supply Chain’s Weakest Link
2:15pm •
From 0 to SLSA Level 3: A Practitioner's Field Guide
3:30pm •
Pragmatic least-privilege for cloud and Kubernetes: applying good advice to real systems
Hall K2 (Level -2)
10:30am •
Why AppSec Fails at Scale (and How to Fix It)
11:30am •
Admission of Guilt: I Exploited a Parking System for a Year (And What It Taught Me About AppSec)
1:15pm •
The Velocity Paradox: Why Slow is Smooth and Smooth is Fast in AppSec
2:15pm •
Taming the AppSec Data Deluge
3:30pm •
Agile Development and IT Security – From Conflict to Collaboration
Room -2.15 (Level -2)
1:30pm •
Private Board Meeting
3:15pm •
OWASP Leaders Meeting
Room -2.33 (Level -2)
10:30am •
OWASP masCon - Introduction by OWASP MAS team to MAS Con
10:35am •
OWASP masCon - Let's get frooky: Structured Mobile DAST with Frida
11:30am •
OWASP masCon - Unveiling The Internals From Multiplatform Mobile Runtimes
1:15pm •
OWASP masCon - Recent Mobile App Security Incidents from Real-World Cases
Room -2.82 (Level 2)
10:30am •
OpenCRE.org: Uniting all standards and guidelines
11:00am •
OWASP AI Testing Guide in Practice: Securing LLM Applications
11:30am •
OWASP AI Security Verification Standard (AISVS)
1:15pm •
OWASP ModSecurity
1:45pm •
OWASP KubeFIM: Detecting File Integrity Threats with eBPF & AI in Kubernetes
2:15pm •
Evil User Stories Modeling: Ensuring your User Stories in agile playing OWASP Cornucopia
2:45pm •
OWASP MCP Top 10: When AI Agents Go Rogue, Securing the Model Context Protocol
3:30pm •
OWASP AI Exchange Showcase
Room -2.92 (Level -2)
10:05am •
Hands-On: Building Security Guardrails for AI-Generated Code
10:05am •
The Old But Unforgettable Key
10:05am •
Teaching Security Concepts Using Physical Analogies
12:15pm •
Hunting Critical CVEs: A Hands-On, Pick-Your-Own Exploitation POD
12:15pm •
“2001: Agentic Odyssey” When threat modelling meets HAL, agentic AI, testing and safety engineering
12:15pm •
Cybersecurity Awareness Card Game : Let's Play
2:30pm •
From Prompts to Payloads: Exploiting the AI-AppSec Intersection
2:30pm •
DDoS your friends
2:30pm •
Context & Cringe - Application Privacy through Play
2:30pm •
AI for Code Security in Modern Codebases
Terrace G of Austria Center
7:45am •
Women in AppSec Breakfast (Sign up Required)
Friday
, June 26
Expo Hall X1
8:30am •
Coffee/tea
10:00am •
AM Break in Expo Hall
12:15pm •
Lunch in Expo Hall
3:00pm •
PM Break in Expo Hall
Hall D (Level -2)
9:00am •
Opening Remarks
9:15am •
Keynote: We Live in the Future: The Death and Rebirth of Application Security
10:30am •
From ASVS to APVS: What Changes When You Treat Privacy as a System Property?
11:30am •
Phishing for Passkeys - An Analysis of WebAuthn and CTAP
1:15pm •
AI-Generated Code vs Human Code. Who Really Writes More Vulnerabilities
2:15pm •
Teaching AI Agents Like Guide Dogs: A Progressive Trust Framework
3:30pm •
Why IAM Remains a Challenge and What We Can Do About It
Hall G1 (Level -2)
10:30am •
DOMination - Abusing the Permission Model in Web Extensions
11:30am •
Q-Day is Cancelled: Practical Strategies to Defeat 'Harvest Now, Decrypt Later'
1:15pm •
The OG OWASP Top 10 Might Be Back Thanks to Agentic Browsers
2:15pm •
How to (Not) Isolate Untrusted Code in Scripting Languages
3:30pm •
The TPM and You - How (and why) to actually make use of your TPM
Hall G2 (Level -2)
10:30am •
Your Localhost Is Lying to You: Trust Boundary Failures in Enterprise SSO
11:30am •
Effort is All You Need: Testing LLM Applications in the Real World
1:15pm •
What Our Pen Tests Never Found — And How Attackers Did
2:15pm •
Trust No History: Why Every "Remembered" Interaction is a Potential Backdoor
3:30pm •
Rewriting DAST Playbook: AI Agents and the Future of Web App Security
Hall K1 (Level -2)
10:30am •
When AI Attacks AI: Inside the Self-Propagating Botnet Built on Compromised AI Infrastructure
11:30am •
Infrastructure Doesn’t Lie: Using Infrastructure Signals to Detect Shadow AI Built Applications
2:15pm •
Marketplace Takeover: One Bug Away from Pwning 10 Million Developer Machines
3:30pm •
From Safety to Policy: Enforcing Organizational Rules in LLMs and AI Agents
Hall K2 (Level -2)
10:30am •
Keep It Between Us: Manipulating Humans for Better AppSec (Ethically)
11:30am •
Enforcing Application Security Policies at Scale: Lessons from an Enterprise Rollout
1:15pm •
Security Champions: Lessons from Opposite Trenches
2:15pm •
Using CTFs as a Community of Practice Content Machine
3:30pm •
Insecurity as Code: How Modern Software Scaled the Attack Surface
Room -2.33 (Level -2)
10:30am •
OWASP Certified Secure-Software Developer (Call for Contributors)
10:30am •
Hands-On AI Security Assessment with OWASP AISVS (Workshop)
10:30am •
OWASP CycloneDX Sunshine: see CycloneDX SBOMs come to life & chat with them (Workshop)
1:15pm •
Finding strange things in binaries (Workshop)
1:15pm •
CHAMELEON-REN: Advancing the OWASP Web Application Honeypot Project with Adaptive, Education-Sector (Workshop)
1:15pm •
Let's Play: OWASP Cumulus (Workshop)
3:15pm •
Shaping International Security Standards: Get Involved with OWASP's ISO Working Group (Call for Contributors)
3:15pm •
Hack Your Own Dockerfiles (Before Someone Else Does): Hands-On Container Security with OWASP DockSec (Workshop)
3:15pm •
From Maturity to Mastery: Accelerating Software Security with OWASP SAMM (Workshop)
Room -2.82 (Level 2)
10:30am •
When Museums Get Hacked: OWASP Top 10 Lessons from Heists
11:00am •
From Maturity to Mastery: Accelerating Software Security with OWASP SAMM
11:30am •
Using OWASP SAMM and OWASP DSOMM together in practice
1:15pm •
OWASP Mobile Application Security (MAS) Project Updates
1:45pm •
Cloud Native Web Application Firewalls - How OWASP Coraza is coming to Kubernetes world
2:15pm •
Updates on the OWASP Automated Threats Project
2:45pm •
OWASP Nettacker Project
3:30pm •
OWASP GenAI Security Project (Placeholder)
Room -2.92 (Level -2)
10:05am •
Cybersecurity Awareness Card Game : Let's Play
10:05am •
From Prompts to Payloads: Exploiting the AI-AppSec Intersection
10:05am •
DDoS your friends
10:05am •
Hunting Critical CVEs: A Hands-On, Pick-Your-Own Exploitation POD
12:15pm •
OWASP JuiceShop: Come and pwn me
12:15pm •
Context & Cringe - Application Privacy through Play
12:15pm •
Teaching Security Concepts Using Physical Analogies
12:15pm •
AI for Code Security in Modern Codebases
2:30pm •
Hands-On: Building Security Guardrails for AI-Generated Code
2:30pm •
The Old But Unforgettable Key
2:30pm •
“2001: Agentic Odyssey” When threat modelling meets HAL, agentic AI, testing and safety engineering
TBA
10:00am •
Bob the Breaker: Welcome to the Jungle! (Sponosored by Nokod Security)
Filter By Date
Jun 22
-
26, 2026
Monday
, June 22
Tuesday
, June 23
Wednesday
, June 24
Thursday
, June 25
Friday
, June 26
Filter By Venue
Vienna, Austria
All
Expo Hall X1
Foyer D (Level -2)
Hall D (Level -2)
Hall G1 (Level -2)
Hall G2 (Level -2)
Hall K1 (Level -2)
Hall K2 (Level -2)
Room -2.11 (Level -2)
Room -2.15 (Level -2)
Room -2.33 (Level -2)
Room -2.82 (Level 2)
Room -2.92 (Level -2)
TBA
Terrace G of Austria Center
Filter By Type
1-Day Training
2-Day Training
3-Day Training
Bonus Track
Deployment and Maintenance
Implementation
Keynote
Meals Provided by OWASP
Meeting
MobileAppSecCon
Planning and Design
PODS (Hands-on Activities)
Process and Culture
Project Demo Lab (Hands-on)
Project Showcase (Lightning Talks)
Project User Day
Sponsored Happy Hour
Testing
Audience
Advanced
All
AppSec Engineers
Beginner
Developers
Intermediate
Introductory and Overview
Private Meeting
Security Champions
Students and newcomers in AppSec
Subject
AI
CRA
Dependancies
DevSecOps
Gamification
Kubernetes
Mobile Security
Network Security
Pentesting
SBOM
SSDLC
Standards
Threat Modeling
WAF
Share Modal
Share this link via
Or copy link
Copy
Filter sessions
Apply filters to sessions.
close
Dates
Monday
, June 22
Tuesday
, June 23
Wednesday
, June 24
Thursday
, June 25
Friday
, June 26
Session Type
1-Day Training
2-Day Training
3-Day Training
Bonus Track
Deployment and Maintenance
Implementation
Keynote
Meals Provided by OWASP
Meeting
MobileAppSecCon
Planning and Design
PODS (Hands-on Activities)
Process and Culture
Project Demo Lab (Hands-on)
Project Showcase (Lightning Talks)
Project User Day
Sponsored Happy Hour
Testing
Other Filters
Audience
Advanced
All
AppSec Engineers
Beginner
Developers
Intermediate
Introductory and Overview
Private Meeting
Security Champions
Students and newcomers in AppSec
Subject
AI
CRA
Dependancies
DevSecOps
Gamification
Kubernetes
Mobile Security
Network Security
Pentesting
SBOM
SSDLC
Standards
Threat Modeling
WAF
