OWASP 2025 Global AppSec EU

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

As artificial intelligence advances, autonomous AI agents are becoming integral to modern applications, automating decision-making, problem-solving, and even interacting dynamically with users. However, this evolution brings new security challenges that traditional cybersecurity frameworks struggle to address. OWASP’s GenAI Security Project has identified Agentic Security Risks as a critical category of threats that can compromise AI-driven systems, leading to unintended actions, data leaks, model manipulation, and adversarial exploits.

This session will explore Agentic Security Risks—a unique class of vulnerabilities stemming from AI agents’ autonomy, adaptability, and ability to interact with complex environments. We’ll dissect how malicious actors can exploit these systems by influencing their decision-making processes, injecting harmful instructions, or leveraging prompt-based attacks to bypass safety constraints.

Through a deep dive into OWASP’s latest findings, attendees will gain practical insights into risk identification and mitigation strategies tailored for AI-driven agents. The talk will cover:

Understanding Agentic Security Risks: How autonomous AI agents process, reason, and act—and where vulnerabilities emerge.
Threat Modeling for AI Agents: Key security considerations when deploying AI-driven agents in enterprise and consumer applications.
Exploitable Weaknesses in AI Agents: Case studies on prompt injection, adversarial manipulation, data poisoning, and model exfiltration.
OWASP’s Mitigation Framework: Best practices for securing agentic AI systems, including robust validation, policy enforcement, access control, and behavioral monitoring.
Security by Design: How to integrate GenAI security principles into the development lifecycle to preemptively mitigate risks.
By the end of the session, attendees will have a structured approach to assessing and mitigating security risks in agentic AI systems. Whether you’re a developer, security professional, or AI architect, this session will equip you with actionable strategies to secure your AI-powered applications against emerging threats.

Join us to explore the cutting edge of AI security and ensure that autonomous agents work for us—not against us.

Security champion programs are all the rage right now, but they aren’t a magic bullet; they are a lot of work and more than half of them fail. We want to scale our security programs and improve security culture and communication, but what happens when are champions are less-than-enthused? There’s no support from management? We can’t get enough buy in? Let’s look at when things go WRONG with security champions programs, with this list of WORST practices, and how to avoid each one.

This talk is primarily aimed at AppSec practitioners, DevOps & SecOps Engineers as well as Makers and Breakers. If this is not you but you have a professional interest in CI/CD and Security then we’d love you to join us.

Modern software development practices rely entirely on CI/CD systems to deliver change at scale and speed. These systems are highly privileged environments with many actors and entities ( internal, external, human, machine ), and known attack vectors. The risk of compromise is severe because attacks can easily go undetected for extended dwell times resulting in an exponential blast radius. Just ask SolarWinds.

Now that we’ve set the scene it’s time to buckle up because we’re going to share what we’ve learnt, what can be done and what is the art of the possible. And what might the future look like.

This talk will focus on what good security looks like for CI/CD systems and lessons from the field. Spoiler: It’s challenging at scale because security solutions aren’t keeping pace. We will talk about our journey navigating complex CI/CD setups, where we recognise ways these systems can be exploited, and propose ways to tackle with some of the challenges. We’ll also see how signing could get us closer to securing the DevOps environment.

We’ll talk about the need to balance security with engineering imperatives. Enhancing your security posture is an investment that draws down on precious engineering resource, acting as a drag on productivity and cadence. Therefore, expect engineering functions to challenge it, hard and rightly so. Being able to influence key stakeholders so that they are onboard and committed is a must – we’ll show you how we approach this.

This talk will help you prepare for those tough conversations. At the end of the talk we want you to understand how to build a business case for CI/CD Security adoption in your organisation including how to implement in your workplace. The starting point is knowing how much risk your organisation’s build environment is exposed to and how much is tolerable.

How often have you heard developers ask, "Where is Race Condition in OWASP?" or "Why aren’t business workflows part of the Top 10?"

These questions highlight a glaring gap: the OWASP lists often focus on technical implementation vulnerabilities while overlooking the fundamental flaws in business logic—the very backbone of applications. This is why we started the OWASP Business Logic Abuse Top 10 Project: to address the workflow bypasses, logic flaws, and design vulnerabilities that attackers exploit, regardless of whether you’re building a web app, API, firmware, or supply chain system.

This project's foundation in Turing machine principles makes it unique, where business logic is modeled as finite states, transitions, and memory operations. By breaking down vulnerabilities into their computational roots—data handling (tape), access mechanisms (head), workflows (states), and transitions—we not only classify these issues but also provide a clear framework for identifying and mitigating them. Whether it’s race conditions in financial systems or workflow skips in authentication processes, this approach brings business logic vulnerabilities to the forefront.

This Top 10 isn’t just another list; it’s a cross-domain framework that bridges gaps between OWASP categories and provides clarity for developers, architects, and security professionals. If you’ve ever wondered why logic abuse isn’t explicitly addressed in web apps, APIs, or mobile security, this project is your answer. Join us to explore real-world examples, understand the unique methodology, and discover how you can contribute to this open, repeatable framework that empowers teams to tame business logic abuse in any system.