OWASP AppSec Italy 2026 - Trainings
OWASP Italy Day 2026 will take place on June 17th-18th, 2026, in Cagliari, Sardinia (Italy).
OWASP Italy Day 2026 will take place on June 18th, 2026, in Cagliari, Sardinia (Italy) — returning to one of the most inspiring locations for cybersecurity innovation and collaboration.
This will be a free, one-day, in-person event focused on application security, AI security, DevSecOps, and secure software development, bringing together researchers, professionals, and students to exchange ideas, share experiences, and strengthen the AppSec community.
The main conference will start on June 18th at 3:30 PM, following a day of training sessions and workshops on June 17th (and optionally the morning of June 18th).
Tickets for the training sessions and workshops starting on June 17th can be purchased directly through this Eventbrite page. These tickets grant access to the hands-on training activities taking place on June 17th (and, where applicable, on the morning of June 18th).
Registration for the public OWASP Italy Day event on June 18th (afternoon) is handled separately. Tickets for the main conference are available on the official OWASP Italy website at: https://owasp.org/www-chapter-italy/events/OWASPItalyDay2026-06-18
OWASP Italy Day 2026 will take place on June 17th-18th, 2026, in Cagliari, Sardinia (Italy).
OWASP Italy Day 2026 will take place on June 18th, 2026, in Cagliari, Sardinia (Italy) — returning to one of the most inspiring locations for cybersecurity innovation and collaboration.
This will be a free, one-day, in-person event focused on application security, AI security, DevSecOps, and secure software development, bringing together researchers, professionals, and students to exchange ideas, share experiences, and strengthen the AppSec community.
The main conference will start on June 18th at 3:30 PM, following a day of training sessions and workshops on June 17th (and optionally the morning of June 18th).
Tickets for the training sessions and workshops starting on June 17th can be purchased directly through this Eventbrite page. These tickets grant access to the hands-on training activities taking place on June 17th (and, where applicable, on the morning of June 18th).
Registration for the public OWASP Italy Day event on June 18th (afternoon) is handled separately. Tickets for the main conference are available on the official OWASP Italy website at: https://owasp.org/www-chapter-italy/events/OWASPItalyDay2026-06-18
Good to know
Highlights
- 9 hours
- In person
Refund Policy
Location
Hotel Regina Margherita
44 Viale Regina Margherita
09124 Cagliari
How do you want to get there?
Agenda
-
Introductory - AI Security Training
This hands-on workshop is designed for security engineers, AppSec teams, DevSecOps practitioners, senior developers, and software architects building or defending AI-powered applications. By the end, you’ll walk away with: A clear mental model of LLM and agent-based threat surfaces A hardened mini-agent you’ll build during the session A reusable MCP server security checklist Practical playbooks and patterns you can apply immediately in real environments This isn’t theory — it’s attack → understand → defend. Attendee Requirements (Prepare Beforehand) Laptop with: Docker, Python 3.11+, Node 18+ One LLM: Ollama (llama3.1/phi3) or a cloud API key (OpenAI/Azure/OpenRouter) Git installed, plus pipx or venv Browser with DevTools (VS Code recommended but optional) Sample lab repos (provided ahead of time): - basic-llm-injection-demo - mini-agent-tools-demo - mcp-server-minimal (FastAPI/Express versions)
-
Introductory - Secure Coding for LLM Applications
Description AI-driven applications are rapidly transforming products, developer workflows, and customer experiences. But these systems introduce unique security risks that traditional AppSec practices don’t address. This 1.5 days hands-on course teaches developers, AppSec engineers, and architects how to design and build secure AI/LLM applications. Participants learn to defend against prompt injection, insecure output handling, model poisoning, data leakage, and other risks from the updated OWASP Top 10 for LLM Applications 2025. Through labs and real-world case studies, attendees gain practical skills for deploying safe, trustworthy, and compliant AI capabilities at scale. Course Outline Part I: Foundations of AI and LLM Security Part II: Threat Modeling and Architecture Threat Modeling for LLM Systems RAG Security: Retrieval, Embeddings, and Index Integrity Agent and Tool Security Part III: The OWASP Top 10 for LLM Applications 2025 Part IV: Secure AI/LLM Design and Governance
-
Intermediate - Secure AI Agent Swarm
Modern AppSec teams are using agentic workflows to triage vulnerability reports and incident tickets that contain logs, stack traces, and chat transcripts often with PII, secrets, and sensitive internal context. Once these workflows add RAG and autonomous tool use (function calling), the attack surface expands: prompt injection can trigger unsafe actions, sensitive data can leak through memory/RAG/tool outputs, agents can be spoofed, and controls can be bypassed. You will understand the need of building, securing and deploying AI Agent Swarms in a decenetralized and trustless ecosystem. In this training you will build a Secure AppSec Triage & Remediation Swarm: a policy-governed, privacy-preserving multi-agent system powered by open-source foundation models in the 4B–20B range (Mistral/Qwen-class), with an explicit focus on EU policy-driven controls.