• Most recent
• Conferences
• For organizers
• The rig
• Buy me a Mate
• Search
• Fundraiser
• Bluesky

• Lisbon
• Dublin
• Amsterdam

OWASP Global AppSec Lisbon

• 

  ►

  Will Machine Learning Replace The WAF?
  - John Graham-Cumming
• 

  ►

  AI Package Hallucination: Spreading Malicious Packages Using Generative AI
  - Bar Lanyado
• 

  ►

  OWASP ModSecurity
  - Ervin Hegedüs
• 

  ►

  Paved Roads To Express RBAC In Threat Models
  - Eden Yardeni
• 

  ►

  A Race To The Bottom: Database Transactions Undermining Your AppSec
  - Viktor Chuchurski
• 

  ►

  Tracking And Hacking Your Career
  - Leif Dreizler & Misha Yalavarthy
• 

  ►

  OWASP IoT Security Testing Guide (ISTG)
  - Luca Pascal Rotsch
• 

  ►

  Back To The Future: Old Tricks Invading A New Attack Surface
  - Uriya Elkayam
• 

  ►

  OWASP Mobile Application Security (MAS)
  - Sven Schleier & Carlos Holguera
• 

  ►

  From Zero To Hero: Rollout Your Hardcoded Secrets Detection And Prevention With Minimal Effort And Maximum Impact!
  - Yassine Ilmi & Arbër Salihi
• 

  ►

  Modern Appsec vs. GenAI Application: Is Your Appsec Ready?
  - Balachandra Shanabhag
• 

  ►

  Security Champions And Experiments: Building Blocks For Cultural Change
  - Mads Andersen
• 

  ►

  Gridlock: The Dual-Edged Sword Of EV And Solar APIs In Grid Security
  - Vangelis Stykas
• 

  ►

  OWASP DefectDojo
  - Matt Tesauro
• 

  ►

  OWASP Privacy Toolkit: Bringing Privacy Awareness In The Digital Age
  - Stefano Di Paola & Martino Lessio
• 

  ►

  Start Covering Your Bases And Stop Chasing APT Headlines
  - Avishay Zawoznik
• 

  ►

  Cryptographic Governance: Software Supply Chain Security With CBOM
  - Nicklas Körtge
• 

  ►

  OWASP Open Common Requirement Enumeration (OpenCRE)
  - Spyros Gasteratos & Paola Garcia Cardenas
• 

  ►

  Hacker Traction Through GitHub Actions: Is Your (Open Source) Project Safe?
  - Stephen Giguere
• 

  ►

  OWASP Low-Code/No-Code Top 10 (LCNC)
  - Michael Bargury
• 

  ►

  API Security By Design
  - Jose Haro Peralta
• 

  ►

  Transitive Vulnerabilities Exploit In Real-life
  - Liad Cohen & Eyal Paz
• 

  ►

  Maturing SDLC At A Fortune 500 Company Based On OWASP SAMM: Successes And Pitfalls
  - Jasyn Voshell
• 

  ►

  Leaders Meeting
  - OWASP Leaders
• 

  ►

  In The Same Site We Trust: Navigating The Landscape Of Client- Side Request Hijacking On The Web
  - Soheil Khodayari
• 

  ►

  Automating Security Test Cases Based On ASVS
  - Aram Hovsepyan
• 

  ►

  DOM Jungle - Can We Trust The UI?
  - Gal Weizman
• 

  ►

  What Makes Them Happy? Leveraging Psychological Needs For Building A Security Culture Amongst Developers
  - Juliane Reimann
• 

  ►

  Trust Cards For AI
  - Isabel Praça
• 

  ►

  AI Is Just Software, What Could Possibly Go Wrong?
  - Rob Van Der Veer
• 

  ►

  Malice In Chains: Supply Chain Attacks Using Machine Learning Models
  - Tom Bonner & Marta Janus
• 

  ►

  OWASP Coraza Web Application Firewalls Revisited
  - José Carlos Chávez
• 

  ►

  Traceability In Cyber Security: Lessons Learned From The Medical Sector
  - Dr Konstantinos Papapanagiotou
• 

  ►

  What Can Traditional Web App Security Learn From Browser Wallet Extensions?
  - Gal Weizman
• 

  ►

  Winning Buy-In: Mastering The Art Of Communicating Security To Management
  - Ida Hameete
• 

  ►

  OWASP Dependency Track Fortifying The Supply Chain
  - Aravind Parappil & Vinod Anandan
• 

  ►

  From Theory To Practice: Navigating The Challenges Of Vulnerability Research
  - Raphael Silva
• 

  ►

  OWASP Cornucopia
  - Johan Sydseter
• 

  ►

  I Can’t Cope! How OWASP Is Helping To Manage Vulnerability Overload
  - Anthony Harrison
• 

  ►

  Cloud-Squatting: The Never-ending Misery Of Deleted And Forgotten Cloud Assets
  - Abdullah Al-Sultani
• 

  ►

  5 AppSec Stories, And What We Can Learn From Them
  - Paul Molin
• 

  ►

  Exploiting Client-Side Path Traversal: CSRF Is Dead, Long Live CSRF
  - Maxence Schmitt
• 

  ►

  OWASP Software Assurance Maturity Model (SAMM) Interactive Introduction And Update
  - Seba Deleersnyder & Bart De Win
• 

  ►

  Assessing 3rd Party Libraries More Easily With Security Scorecards
  - Niels Tanis
• 

  ►

  XZ Backdoor: Navigating The Complexities Of Supply Chain Attacks Detected By Accident
  - Yoad Fekete
• 

  ►

  Harnessing Nature's Wisdom: Growing A Security Champion Program Into A Security Powerhouse
  - Bonnie Viteri
• 

  ►

  OWASP Dep-scan
  - Prabhu Subramanian
• 

  ►

  How (Not) To Implement Secure Digital Identity: Case Study Of Poland's Digital ID System
  - Szymon Chadam
• 

  ►

  OWASP Developer Guide
  - Shruti Kulkarni
• 

  ►

  Designing Security And Privacy: A Developer's Guide To Threat Modeling With OWASP SAMM
  - Seba Deleersnyder
• 

  ►

  Dawn Of The Dead: The Tale Of The Resurrected Domains
  - Pedro Fortuna
• 

  ►

  Building An Effective Application Penetration Testing Team
  - Ryan Armstrong
• 

  ►

  OWASP SamuraiWTF
  - Kevin Johnson
• 

  ►

  OWASP Top-25 Parameters
  - Lütfü Mert Ceylan
• 

  ►

  Token It Up A Notch: Elevating Payment Security
  - Yadi Abdalhalim & Jovon Itwaru
• 

  ►

  Securing The Gateway And Mitigating Risks In LLM API Integration
  - Ayush Agarwal & Avneesh Hota
• 

  ►

  'The Rise And Fall' Of ModSecurity And The OWASP Core Rule Set
  - Davide Ariu
• 

  ►

  Build Strong Defenses By Participating In Standards!
  - Daniel Ehrenberg
• 

  ►

  OWASP API Security Project
  - Paulo Silva & Erez Yalon
• 

  ►

  Deterministic GenAI Outputs With Provenance
  - Dinis Cruz
• 

  ►

  Closing Ceremony And Raffle
  - OWASP Board