OWASP® Foundation

✨ Happy New Year! ✨ A new year begins, and a special celebration awaits. Join us in 2026 as we mark our 25th Anniversary together 🎉 #appsec #newyear #owasp #25thanniversary #cybersecurity #community

🥳 New Year, New Goals! Make 2026 the year you take the stage at OWASP! Join our FREE, game-show-style session, “So You Want to Be an OWASP Speaker!” 🎤 Think of it as Who Wants to Be a Millionaire?…but with CfPs instead of cash! Learn to pitch, present, and wow the crowd! https://lnkd.in/eBE_JfcF #appsec #newyearsresolution #cybersecurity #owasp #cfp #publicspeaking

Application Security Professionals – Ready to sharpen your skills in 2026? 📍 Join us at London OWASP Training Days, Feb 25–27 at King’s College London. This multi-day training event is purpose-built for AppSec engineers, developers, architects, and security leaders looking to go hands-on with: ✅ API Security Fundamentals ✅ Security Champions Programs ✅ Privacy Engineering & AI ✅ AI Threat Modeling ✅ Web App & Mobile App Hacking Labs ✅ And more, led by top experts in the field OWASP training is practical, community-driven, and globally respected. Whether you’re solidifying your foundation or advancing into niche areas, this is your space to learn, connect, and lead. 🎟️ Secure your seat: https://lnkd.in/e4vXtacy #OWASP #ApplicationSecurity #CybersecurityTraining #DevSecOps #AI #AppSec #London2026

Dream of speaking at OWASP? Introducing “So You Want to Be an OWASP Speaker", a playful, game-show-inspired experience with the excitement of Who Wants to Be a Millionaire? Whether you're brand-new to presenting or a seasoned security pro, this session will guide you through crafting standout CfP submissions, delivering engaging content, and confidently stepping into the spotlight at OWASP events around the world. https://lnkd.in/eBE_JfcF No lifelines, no pressure, just a fun and supportive space to learn, connect, and level up your speaking journey. #OWASP #AppSec #upskilling #cybersecurity #publicspeaking

🎉 Vienna + AppSec = the perfect match! Early Bird tickets for OWASP Global AppSec Vienna 2026 are now available https://lnkd.in/eBct6_EE Join us as we mark 25 years of OWASP with an immersive week of world-class training and a next-level conference experience. 📅 Training: June 22–24, 2026 📅 Conference: June 25–26, 2026 Expect bold ideas, hands-on learning, and a global community coming together to shape the future of security. 🔐 #appsec #owasp #cybersecurity #earlybird #training #conference

Dream of rocking the OWASP stage? “So You Want to Be an OWASP Speaker” turns the thrill of Who Wants to Be a Millionaire? into a hands-on guide for crafting killer CfPs, delivering talks that wow, and owning the spotlight at OWASP events worldwide. Join this FREE, fun-packed event to help you level up your speaking game! https://lnkd.in/eBE_JfcF

🔥OWASP London Training Days - Trainier spotlight🔥 We are excited to welcome Georges Bolssens, who will host his 2-Day Training: AI Threat Modeling Next Generation: From whiteboard hacking to hands-on prompting. https://lnkd.in/e46zXMY9 Based on the Toreon 10th edition of our Black Hat training, this is a deep, practical dive into modern AI threat modeling. ✨ What you’ll get: ✅ A Threat Modeling Playbook ✅ 1 year access to an online threat modeling learning platform ✅ Build your own threat model with individual expert feedback ✅ A live online group review session one month after the training If you want practical skills, real feedback, and next-gen AI security insight, this one’s for you. #appsec #threatmodeling #owasp #training #cybersecurity

New for Global AppSec Vienna — CFPods are OPEN! We’re introducing PODs (Practical On-Demand activities): 2–3 hour, hands-on, small-group sessions running alongside the main conference. Designed to be interactive, practical, and engaging, less listening, more doing 💡 Have an idea that gets people building, breaking, or learning by doing? We’d love to see it! 👉 Submit here: https://lnkd.in/eperk4UY �� Closes February 16, 2026 #OWASP #AppSec #CyberSecurity #CFP #Workshops

As we approach 2026, here's a peek behind the scenes of AI security standardisation at a pivotal moment, showing OWASP® Foundation's central role. Key initiatives I'm involved in: 1️⃣ prEN18282: the official EU AI act security standard. Status: Final work is ongoing to process comments from the European Commission. After that, it will move into public enquiry, early 2026. If all goes well, publication could be around the end of summer, but let's see how it unfolds. Purpose: This is the normative standard for demonstrating conformity with the AI Act for high-risk AI systems (healthcare, critical infrastructure, HR, etc.). Plus, it serves as a guideline for securing any AI system. I have been working on this standard for two years as elected co-editor of WG5 within CEN and CENELEC JTC 21. A significant part of prEN18282 is built on the OWASP AI Exchange, meaning that organizations already using the Exchange will be broadly aligned with where the standard is heading. 2️⃣ ISO/IEC 27090: the global guideline on AI security Status: The enquiry phase is completed, so this standard can be expected earlier than prEN18282. Through the liaison partnership with OWASP AI Exchange, we submitted 78 pages of comments which were almost completely accepted into the standard, which strongly increased alignment between community practice and multiple international standards. 3️⃣ The OWASP AI Exchange has been selected as a key resource by certification and training institutes such as EXIN and SANS Institute. This matters a lot. It means that training, certification, and standards are grounded in the same framework, instead of pulling practitioners in different directions. I am genuinely proud that this approach worked: using the OWASP AI Exchange as a vehicle for agreement in a field that is fast-moving, critical, and often very opinionated. Many thanks to the great group of AI Exchange authors, and especially to my leadership team, Aruneesh Salhotra and Behnaz Karimi. A special thank-you as well to SANS Institute and Rob T. Lee for being open and constructive in finding common ground. That collaboration is a great experience! Other initiatives: 4️⃣ ETSI EN 304 223 on AI security was adopted as a European Norm. It does not provide AI Act conformity, but it offers a useful high-level overview of key AI security concerns. 5️⃣ ISO/IEC 27091 on AI privacy guidance: a very important topic. I am glad this work leaves the AI security details to the other standards, so it can focus on privacy techniques, and fundamental rights such as fairness. This standard just entered public enquiry. 6️⃣ OpenCRE will serve as the connecting hub between these standards and other AI security work. More on this soon. Happy holidays to everyone. Let's make 2026 the year we benefit from AI in great and responsible ways. #ai #aisecurity Software Improvement Group

OWASP is leading the way in AI security! Check out the new OWASP AI Testing Guide from the brilliant Matteo Meucci and Marco M.! And another interesting tool the OWASP AI Vulnerability Scoring System (AIVSS) to help standardize risk prioritization. Congratulations and thank you to all the contributors! https://lnkd.in/eJq5dP26 https://lnkd.in/eYB9BhUp