OWASP 2025 Global AppSec EU

Privacy is hot! This course will teach you this in-demand skillset and give you hands-on experience with privacy challenges, guiding you to combine Privacy by Design with your security practice.

Our lives are becoming more and more digitized, resulting in a lot of personal data floating around in the cloud. Now, many organizations are keen to use personal data for marketing, personalization or monetization, however, all this personal data comes with increased risk and surprising impact. Noone wants to find out that their daughter is pregnant from the department store ads…

Moreover, data protection legislation is forcing companies to integrate a technical approach for privacy into system design. With ever higher demands for privacy-respecting products, security teams have implicitly gained additional responsibilities and are hard pressed to keep up with these emerging requirements and often feel like there is a substantial and growing skills gap. Incorporating privacy into security with a proactive approach is essential to addressing this!

Traditional security approaches have historically not focused on this aspect of data protection, leaving individuals at risk. While common compliance and governance aspects of privacy are important, the technical aspects of privacy engineering are substantially more challenging - and that is the primary focus of this course.

This interactive technical course will teach you privacy analysis skills that are valuable to security teams. You can leverage your existing security skills with just a shift of mindset, since privacy largely shares the same foundation as security. We will teach you how common security techniques, such as architecture specification, threat modeling, and mitigation design, can be adapted for privacy. You will learn to capture how sensitive data flows through the system, and identify and mitigate high impact privacy issues in the software system. This will enable you to build privacy into the core of the product design and development process, while aligning it efficiently with security practices.

The course will cover these main topics:
- Privacy engineering essentials
- Privacy architecture & feature analysis
- Data inventory, mapping, and tagging
- Privacy threats (e.g. LINDDUN)
- Privacy controls, mitigations, and technologies
- Full privacy process

Each of these topics will be taught in an engaging, interactive format, with plenty of hands-on, collaborative exercises. We will teach you both the technical skills and social aspects essential for successful privacy engineering. This will include an assortment of relevant scenarios for each module, realistic simulations of popular upcoming features, diagramming tasks, and open debates. You will gain confidence using proven design techniques in order to improve the privacy posture of your system. In each module, you'll gain hands-on privacy experience through a set of exercises and class discussions.

We received rave reviews on our previous delivery of this course, for example:
- "If you're looking for a challenging, in-depth Privacy course which focuses on the technical aspects, look no further. Yes, it's only a 2-day course, but during that time, you'll take a deep dive into threat modelling, architecture, and other aspects required for ensuring Privacy is included in the SDLC."