OWASP 2025 Global AppSec EU

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

The OWASP Web Honeypot Project is an open-source (Proof of Concept PoC) initiative designed to deploy deceptive security mechanisms that lure, detect, and analyze cyber threats targeting web applications. It aims to provide security professionals with actionable intelligence on attack patterns, tools, and techniques used by adversaries.

The goal of the project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks. Within this project, we are leading the collection, storage and analysis of threat intelligence data.

The purpose of this part of the project is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks. Honeypots are an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them.

Originally the honeypots were VM, Docker or small computing profile based like Raspberry Pi, employed ModSecurity based Web Application Firewall (WAF) technology using OWASP’s Core Rule Set (CRS) pushing intelligence data back to a console to be converted to STIX/TAXII format for threat intelligence or pushed into ELK for visualisation.

Further enhancement and research-based work has been undertaken this year to enhance the container based approach (Docker) to introduce key features which include 

• Capability of dynamically switching web server profiles to mimic popular platforms like WordPress and Drupal for example.

• Utilise an alternative approach to using mlogc log output pushed into Logstash/ELK for visualisation and threat intelligence formats with MiSP via JSON format.

• Creation of a publicly available dataset within an AWS S3 bucket of JSON to store web threat intelligence in. a searchable JSON format feed, allowing the use of tools like JSON Crack for pattern recognition.

The intention is to be able to deploy these enhanced honeypots within key locations in the Internet community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed.
Overall having an open rich standard format-based quality dataset with real threat intelligence-based information based on the lure for scanning detected “fake” vulnerabilities by industry standard tools (which can easily be dynamically changed or updated) available to the global security community, allows for better web application security and to be able predict evolving cyber threats.

In this 100% slide-free demo session you will embark on a journey through the popular OWASP Juice Shop vulnerable web application!

You will experience firsthand how easy it is to set up, get started, and solve your first hacking & coding challenges. In a quick mob-hacking session, you will gain your first points on Juice Shop's extensive score board!

The demo also includes a glimpse into Juice Shop's CTF tool and its multi-user hosting environment MultiJuicer! You will witness how fast a CTF event can be launched with OWASP Juice Shop, how great documentation really makes a difference, and even how to make
the application look like an in-house app of your own company.

Due to the nature of this small group demo session, you are welcome to ask questions during and between the different topics - ad libitum! There is time for clarification and dipping into special topics.

If time permits, this session can also cover interesting behind-the-scenes topics, such as cheat detection, start-up validations, webhook integrations, and a pro-level Grafana dashboard for observability!

Even if you know and have used OWASP Juice Shop yourself already, there's no chance you've already seen everything that will be covered in this session!

OWASP KubeFIM
Securing Kubernetes from the Inside Out: File Integrity Monitoring with eBPF

1. Introduction to Kubernetes Security & File Integrity Monitoring - The growing security challenges in Kubernetes.
- Why malicious containers inside clusters pose a huge risk.
- Real-world security incidents where attackers modified critical files (e.g., cryptojacking, rootkits).
- Why do traditional security tools fail in Kubernetes? (e.g., host-based FIM doesn’t work well).

2. What is OWASP KubeFIM & Why It Matters? - Overview of OWASP KubeFIM as an eBPF-based File Integrity Monitoring (FIM) solution.
- How eBPF helps detect file changes inside Kubernetes clusters without performance overhead.
- Use cases: Detecting malware, unauthorized file modifications, rootkit infections.

3. How OWASP KubeFIM WorksThe key components of KubeFIM:
- Kernel-level hooks
- Alerting system
- Policy-based file integrity monitoring

4. Setting Up KubeFIM in Your Cluster - Quick installation guide using Helm & Kubernetes YAML manifests.
- Configuring policies to monitor specific files (e.g., /bin, /etc, /var)
- Live demo of KubeFIM detecting unauthorized file changes.

5. Q&A + Discussion

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology-agnostic.

In this demo room session, we will learn to play the game in an all-new way as the gamemaster presents you with an interesting scenario...

Confronted with a grumpy old senior developer who refuses to shift-left due to too many hours working overtime on his incredibly sophisticated pet project, what will you do? Will you be able to teach him a lesson about why security is important, or will he be laughing all the way to his developer cave? Only skilled and passionate application security engineers will succeed!

Expect confetti, swag, (yes, you read right, swag, valued just below the corruption limit) and illegal bribes as you venture into the dark side of OWASP Cornucopia.

Ever looked at a CycloneDX file and thought, there’s gotta be a better way to read this? You're not alone. Introducing Sunshine — a first-of-its-kind visualization tool that transforms static CycloneDX SBOM files into intuitive, interactive experiences.
Join us for a hands-on walkthrough of Sunshine, where you’ll get to see it in action — not just slides. This live demo will show how Sunshine helps developers, security pros, and even less-technical stakeholders actually understand what's in a software bill of materials.
GitHub repo: https://github.com/CycloneDX/Sunshine/

Sunshine announcement: https://www.linkedin.com/posts/owasp-cyclonedx_github-cyclonedxsunshine-sunshine-sbom-activity-7277371020246663168-5WNx

The OWASP Top 10 for LLM and Generative AI Security Project, has rapidly expanded from its initial scope, of providing the Top 10 list of Risks and Mitigations, now to address the lifecycle of Generative AI Security through initiatives producing key industry guidance spanning, Secure AI adoption, Red Teaming, Agentic App security, Gen AI Security Solution Landscape, Gen AI Incident response guidance and more. The project's value in providing practical guidance was recognized by the UK Government's recent publication of the UK, AI Security Code of Practice and implementation guides which include multiple resources, and will be submitted as part of the UK's European Telecommunications Standards Institute ETSI standardization efforts.

In this session we will review recent publications, discuss key project findings, review the upcoming roadmap of guidance being delivered by the initiative working groups, provide an outlook on what best practices may influence and support upcoming standards of practice and outline how you too can participate in the project and contribute your expertise.

This is a great opportunity to meet the project board and lead contributors.

Tired of the slow, manual grind of ASVS assessments? This live demo introduces the OWASP ASVS Security Evaluation Templates—an open-source toolkit built on Nuclei to streamline and scale your web application security testing. Designed for security practitioners, this session walks through real-world use cases, showing how to plug these templates into your existing workflows for faster, more accurate ASVS evaluations.
We’ll cover customization, integration, and key considerations for operationalizing the templates—plus, how you can contribute back to the project. Whether you're looking to boost testing efficiency or reduce human error, this session gives you the tools to level up your appsec approach in a fraction of the time.

Join OWASP project leader Sebastien for an engaging and interactive introduction and update on the OWASP Software Assurance Maturity Model (SAMM). We will cover SAMM's purpose and application in jumpstarting and accelerating your software assurance roadmap.

This session will provide valuable insights and practical knowledge on leveraging SAMM as secure development framework:

Tools and Assessment Guidance: Discover the range of SAMM tools available to support your software assurance efforts. We will explain the latest assessment guidance, providing you with the knowledge to utilize these tools to their fullest potential.

Mapping to Other Frameworks: Learn how SAMM maps to other frameworks, such as the NIST Secure Software Development Framework (SSDF) and OpenCRE. This will enable you to leverage SAMM for demonstrating compliance and enhancing your software security posture for any compliance requirement.

Benchmark yourself against peers: The OWASP SAMM Benchmark enables organizations to anonymously compare their software security practices against industry peers, providing insights to identify improvement areas, prioritize security efforts, and track progress over time.

1. Recap of Day 1 + What’s Next?  
- Quick summary of how KubeFIM detects file changes in Kubernetes.
- Why KubeFIM is unique compared to traditional FIM solutions.

2. Advanced Use Cases: Detecting Real-World Threats - Detecting tampered application binaries & unauthorized config changes.
- Show how KubeFIM detects & alerts security teams in real time.

3. Integrating KubeFIM into Security Workflows - How to forward alerts to SIEM tools (Splunk, ELK Stack, OpenSearch)
  - Using KubeFIM with SOAR platforms (automating threat response).
- Best practices for using KubeFIM in production Kubernetes clusters.

4. Roadmap & Future Improvements - What’s next for KubeFIM?

5. Closing Remarks & Q&A

Join OWASP project leader Sebastien for an engaging and interactive introduction and update on the OWASP Software Assurance Maturity Model (SAMM). We will cover SAMM's purpose and application in jumpstarting and accelerating your software assurance roadmap.

This session will provide valuable insights and practical knowledge on leveraging SAMM as secure development framework:

Tools and Assessment Guidance: Discover the range of SAMM tools available to support your software assurance efforts. We will explain the latest assessment guidance, providing you with the knowledge to utilize these tools to their fullest potential.

Mapping to Other Frameworks: Learn how SAMM maps to other frameworks, such as the NIST Secure Software Development Framework (SSDF) and OpenCRE. This will enable you to leverage SAMM for demonstrating compliance and enhancing your software security posture for any compliance requirement.

Benchmark yourself against peers: The OWASP SAMM Benchmark enables organizations to anonymously compare their software security practices against industry peers, providing insights to identify improvement areas, prioritize security efforts, and track progress over time.

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

Tired of the slow, manual grind of ASVS assessments? This live demo introduces the OWASP ASVS Security Evaluation Templates—an open-source toolkit built on Nuclei to streamline and scale your web application security testing.

Designed for security practitioners, this session walks through real-world use cases, showing how to plug these templates into your existing workflows for faster, more accurate ASVS evaluations. We’ll cover customization, integration, and key considerations for operationalizing the templates—plus, how you can contribute back to the project.

Whether you’re looking to boost testing efficiency or reduce human error, this session gives you the tools to level up your appsec approach in a fraction of the time.

Join us for an engaging session where we'll demonstrate OWASP Cumulus, a card game tailored for threat modeling the Ops of DevOps. Dive into a cloud scenario with us and uncover potential threats while having fun.

Let's play and explore the intricacies of DevOps security together!

In this 100% slide-free demo session you will embark on a journey through the popular OWASP Juice Shop vulnerable web application!

You will experience firsthand how easy it is to set up, get started, and solve your first hacking & coding challenges. In a quick mob-hacking session, you will gain your first points on Juice Shop's extensive score board!

The demo also includes a glimpse into Juice Shop's CTF tool and its multi-user hosting environment MultiJuicer! You will witness how fast a CTF event can be launched with OWASP Juice Shop, how great documentation really makes a difference, and even how to make
the application look like an in-house app of your own company.

Due to the nature of this small group demo session, you are welcome to ask questions during and between the different topics - ad libitum! There is time for clarification and dipping into special topics.

If time permits, this session can also cover interesting behind-the-scenes topics, such as cheat detection, start-up validations, webhook integrations, and a pro-level Grafana dashboard for observability!

Even if you know and have used OWASP Juice Shop yourself already,
there's no chance you've already seen everything that will be covered in this session!