Elevate your skills with hands-on AppSec training

Fabio Cerullo

Managing Director at Cycubix

Design and build secure AI/LLM applications by defending against prompt injection, model poisoning, and data leakage, following the OWASP Top 10 for LLM Applications 2025.
Through labs and real-world case studies, the course provides practical skills for threat modeling, RAG and agent security, and secure design and governance for deploying compliant AI capabilities at scale.

Vandana Verma

Global Board of Directors at Owasp

Hands-on workshop to build and defend AI-powered applications through an "attack, understand, defend" approach.
Participants will develop a mental model of LLM and agent-based threat surfaces, build a hardened mini-agent, and obtain a reusable MCP server security checklist. The session provides practical playbooks and patterns for real environments, requiring a laptop with Docker, Python, Node, and an LLM (Ollama or cloud API) to work on provided lab repositories for injection demos and agent tools.

Marco Morana

Field CISO at Avocado Systems

An AI-augmented approach to threat modeling that leverages LLMs and tools like StrideGPT to scale and accelerate the analysis of cloud-native and distributed systems. Based on the AI-Powered Threat Modeling eBook and online course, the presentation demonstrates how generative AI supports system decomposition, generates threat scenarios from architectural descriptions, and assists in risk-based prioritization using CVEs and telemetry. The focus is on streamlining documentation into repeatable outputs through proper data preparation and preprocessing, while preserving expert judgment.

Krishnendu Dasgupta

Founder of AXONVERTEX AI

Agentic workflows for triage and remediation expand the attack surface through prompt injection, data leakage, and control bypasses. This training covers building and deploying Secure AppSec Triage & Remediation Swarms in a decentralized, trustless ecosystem. The focus is on a policy-governed, privacy-preserving multi-agent system powered by open-source foundation models (4B–20B range), with an explicit emphasis on EU policy-driven controls.

Sven Schleier

OWASP MAS Project Co-lead

Hands-on course covering security vulnerability analysis for Android applications through dynamic testing, static analysis, and reverse engineering. Based on the OWASP Mobile Application Security Testing Guide (MASTG) and taught by a project co-leader, the training utilizes the Model Context Protocol (MCP) to automate workflows. The methodology includes detailed technical test cases and attack techniques, providing hands-on experience with open-source tools and advanced methodologies across real-world scenarios.