OWASP Global AppSec USA 2026

1-Day Training: November 4, 2026
Level: Intermediate
Trainers: Pranav Saji

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

SaaS integrations are now a primary path for privilege creep, token sprawl, and silent exposure across an organization. In this hands-on training, participants learn how to assess and continuously monitor SaaS integrations using practical security signals such as over-scoped OAuth grants, non-expiring API tokens, dormant but valid credentials, admin privilege duration, environment token reuse, and public sharing risk.

We will turn these signals into an actionable review rubric and then into automation: how to pull audit-ready evidence from common SaaS APIs, normalize it into a consistent model, and generate security findings that are explainable to engineering and compliance teams. Participants will leave with a reusable signal checklist, a prioritization approach, and reference architectures to operationalize continuous monitoring without breaking least-privilege principles.

1-Day Training: November 4, 2026
Level: Intermediate
Trainers: Juliane Reimann and Marisa Fagan

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Do you feel a disconnect between your cybersecurity efforts and engineering activities? If so, a Security Champions Program could bridge the gap. By involving engineers in security topics that align with their work, a Security Champions program not only enhances security awareness but also fosters a culture of security across your organization. However, creating such a program requires careful planning, innovative strategies, and a solid understanding of what drives individuals to champion security initiatives.

This training will equip you with practical tools and actionable insights to design and launch a successful Security Champions Program. You'll explore key concepts, including how to:
- Develop a foundational understanding of what a Security Champions Programs is
- Plan and navigate the phases of program development, from launch to long-term growth.
- Learn about strategies to engage and motivate diverse personality types within the organization
- Acquire practical tools and a structured approach to establish a scalable and trackable Security Champions Program

Whether you're a security engineer, architect, or manager, this training will provide you with the tools and frameworks to collaborate effectively with your engineering teams and establish a thriving Security Champions Program.

The session is highly interactive, featuring hands-on exercises and team-based activities to encourage collaboration and networking with fellow professionals. Join us to gain the confidence and strategies you need to kickstart your journey toward a more secure organization.

1-Day Training: November 4, 2026
Level: Intermediate
Trainers: Marco Morana and Matteo Meucci

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

The OWASP AI Testing Guide (AITG) provides a structured, comprehensive framework for validating Trustworthy AI systems across their entire lifecycle. Designed to support QA teams, security engineers, developers, auditors, and governance stakeholders, AITG establishes practical testing methodologies to assess AI security, privacy, and responsible AI behaviors.

The framework defines Trustworthy AI as the integration of:
1) Security AI (SecAI): Testing resilience against adversarial attacks such as prompt injection, model poisoning, evasion, and extraction.
2) Privacy AI (PrivacyAI): Validating protection against sensitive data leakage, membership inference, and model inversion risks.
3) Responsible AI (RespAI): Assessing fairness, safety, harmful output prevention, hallucination risks, explainability, and alignment with ethical policies.

AITG organizes testing coverage across four core AI product domains:
1. Application & Agent Testing
2. Model Testing
3. Infrastructure Testing
4. Data Testing

This structured approach ensures that AI systems are evaluated holistically, not just at the model layer, but across agents, RAG pipelines, APIs, infrastructure components, and data flows.

The AITG Comprehensive AI Testing Suite maps AI-specific threats to recognized standards such as OWASP Top 10 for LLMs and the OWASP AI Exchange, providing actionable, test-driven validation methods rather than abstract principles.

By combining adversarial testing, privacy validation, and responsible AI assessments, supported by governance, transparency, and monitoring, AITG enables organizations to transition from experimental AI deployments to validated, production-ready, and defensible AI systems.

1-Day Training: November 4, 2026
Level: Intermediate
Trainers: Joseph Katsioloudes

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Artificial Intelligence (AI) is no longer a futuristic concept. It's embedded in the systems we use daily. At the core of these innovations are Large Language Models (LLMs) and Autonomous AI Agents. These innovations have unlocked new capabilities but have also introduced novel security challenges due to their non-deterministic behavior and autonomous outputs, causing issues like data leakage and unintended model behavior from attacks such as prompt injection and rogue agents.

This training equips participants with the skills they need to build secure agentic and LLM-based applications through interactive, challenge-based exercises that gamify core security concepts. Prepare to level up your understanding of LLM security in a practical and fun way!