OWASP 2025 Global AppSec EU

The question “What is AI security?” followed by “No, not image classification, LLMs!” has become a frequent conversation for us at conferences around the world. So, we decided to answer the real question.

Having spent the last year actively trying to break LLMs as attackers and defenders, as external entities, and as insider threats, we have gathered and created many techniques to jailbreak, trick, and control LLMs, and have distilled previously complex techniques in a way everyone can understand. We will teach you how to exploit control tokens, much like when we hacked Google’s Gemini for Workspace. You will see how to get an LLM to pop a shell with an image of a seashell, and we’ll even provide the tools to automatically extract pop-culture exploits for your very own KROP gadgets. We will reveal how an insider threat could implant hidden logic or backdoors into your LLM, enabling an attacker to control outputs, change inputs, or even make the LLM refuse to say the word “OWASP”. We will enable you to take full control over their local LLMs, even demonstrating how an LLM can be fully and permanently jailbroken in minutes with a CPU rather than with dozens of hours on multiple GPUs. By the end, our audience will be able to make any LLM say whatever they want.

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

Formally announcing v5.0 of the Application Security Verification Standard (ASVS), the first major release in five years of one of OWASP’s flagship projects. But the project has not been sitting idle for years, it has been under development the entire time.

This talk will cover the big changes and improvements in this recently released version.

This includes:
- Defining and clarifying the scope of the ASVS, and expectations for requirements.
- Mandating documented security decisions to provide some flexibility on implementing and verifying security requirements, to match the differences between organizations and applications.
- Adding several new chapters and making important changes to existing chapters.
- Providing a two-way mapping to make it easier to migrate from v4.x to v5.
- Balancing the levels and reducing the barrier to entry into Level 1.

We will also talk about how you can use the standard more effectively in your organizations, the future plans for ASVS now that version 5.0 is out, and how you can be involved.

It’s time to move forward - start using ASVS v5.0 and come on board to develop it further.

Step into the shadowy world of AI tools and ask yourself: How secure are they? This session dives deep into the architecture of AI models, exposing their most vulnerable points. Moreover, you will learn how malicious actors can weaponize AI, turning powerful tools into threats based on an example of a ‘Malicious Copilot’ IDE plugin. It will reveal how a code-completion model can be trained to embed harmful behavior, target victims, and execute attacks. Finally, you will take home actionable strategies for organizations leveraging generative AI and LLMs, ensuring security isn’t left to chance.

“What gets measured, gets managed” is perhaps an over-simplification, but the quote has its merits. In terms of building an effective application security Program, measurement and metrics go a long way, and by collecting, observing, and presenting actionable AppSec metrics, you can bridge the gap between Security Engineering and leadership’s strategic priorities.

In this session, we will start by speaking about different types of metrics, both qualitative and quantitative, and how these metrics can be categorised to align better with frameworks defining application security Metrics as a required control.
From there, we will start to look at what metrics we should use and how they can be visualised. By visualising these metrics, we can come to conclusions around whether or not the application security program is effective and what we should do to drive improvement.

Last, but not least, we’ll talk about how the data and visualisations can support us in our communication with leadership by supporting our requests and recommendations based on data and looking at trends.

In many areas of life—application security included—what gets measured can be proven, and what gets proven can be improved.

Listen in on how a big energy company from Norway runs a Security Champion Network with 250+ members! Ever wondered about the struggles of managing a 3-year-old network?

This light-hearted talk will give you context on:
- What the AppSec team does in Equinor.
- How our Security Champion program is structured.
- What we've learned so far.
- What challenges we've faced and how we have tried to solve them.
- Our gamification strategy.
- Key take-aways.

You will (hopefully) gain inspiration to bring home on how to run or improve your own Security Champion Network.