OWASP Italy Day 2026





πŸ“… OWASP Italy Day 2026 – Cagliari, 18 June 2026

OWASP Italy Day 2026 will take place on June 18th, 2026, in Cagliari, Sardinia (Italy) β€” returning to one of the most inspiring locations for cybersecurity innovation and collaboration.
This will be a free, one-day, in-person event focused on application security, AI security, DevSecOps, and secure software development, bringing together researchers, professionals, and students to exchange ideas, share experiences, and strengthen the AppSec community.

The main conference will start on June 18th at 3:30 PM, following a day of training sessions and workshops on June 17th (and optionally the morning of June 18th).

πŸ“Œ OWASP Italy Day 2026

18 June 2026 – Cagliari

πŸŽ“ AI & Security Trainings 17,18 June – 2026 Program

OWASP continues to strongly invest in advanced training on AI Security, Threat Modeling, and Secure Development.

Below is a selection of official OWASP trainings available in 2026, delivered by international experts and OWASP project leaders.

Please reserve your seat here

Marco Morana AI-Powered Threat Modeling

Modernizing Security Analysis with LLM Augmentation

  • Speaker: Marco Morana
    Field CISO – Head of Application & Product Security Architecture, Avocado Systems Inc.
  • Format: 1.5-day training
  • Level: Intermediate

An advanced training focused on modernizing Threat Modeling by leveraging Large Language Models and AI augmentation techniques to improve security risk analysis.

Fabio Cerullo Secure Coding for Large Language Model Applications

  • Speaker: Fabio Cerullo
    Cycubix LTD
  • Format: 1.5-day training
  • Level: Introductory / Overview

A practical introduction to secure development of LLM-based applications, covering common vulnerabilities, security patterns, and best practices.

Vandana Verma Sehgal AI Security Training

  • Speaker: Vandana Verma Sehgal
    Member, OWASP Global Board of Directors
  • Format: 1-day training
  • Level: Introductory / Overview

An introductory training covering the fundamentals of AI security, designed for professionals looking to understand threats, risks, and mitigation strategies in real-world environments.

Krishnendu Dasgupta Building, Securing, and Deploying AI Agent Swarms

in a Trustless Decentralized Ecosystem

  • Speaker: Krishnendu Dasgupta
    Founder, AXONVERTEX AI
  • Format: 1-day training
  • Level: Intermediate

An innovative training focused on designing, securing, and deploying AI agent swarms within decentralized and trustless ecosystems.

Sven Schleier The Mobile Playbook

A Guide for Android Security

  • Speaker: Sven Schleier
    OWASP MAS Project Co-Lead
  • Format: 1-day training
  • Level: Advanced

An advanced guide to Android mobile security, based on real-world experience from the OWASP Mobile Application Security (MAS) project.

Key Dates

Item Date
Training Day(s) June 17–18, 2026
OWASP Italy Day Conference June 18, 2026 – from 3:30 PM

Please reserve your seat here

πŸ—“ OWASP ITALY DAY June 18 - Agenda

🟒 15:00 – 15:45

Registration & Welcome Coffee

🟒 15:45 – 16:00

🎀 Opening Remarks

OWASP Italy Leadership

Setting the stage for an evening focused on modern attack surfaces, AI-native threats, and secure engineering at scale.

🟣 16:00 – 16:45

🌟 KEYNOTE SESSION

Vandana Verma Sehgal Vandana Verma β€” Snyk

Abstract and bio coming soon.

πŸ”΅ 16:45 – 17:15

Killing the Noise: AI Triage for High-Volume API Security Findings

Alessio Alessio Dalla Piazza β€” Co-Founder & CTO, Equixly

Why this matters:
Security teams are drowning in false positives. This talk shows how AI can reduce noise without introducing new risks.

What you’ll learn:

  • Algorithmic vs beacon-based detection
  • EPSS prioritization strategies
  • Reachability analysis for filtering
  • Where LLM triage works β€” and where it fails

πŸ“Ž https://linkedin.com/in/alessiodallapiazza/

πŸ”΅ 17:45 – 18:15

From Scratch: Building an AppSec Program That Actually Works

Julio Julio Araujo β€” Head of Security @ Rocket.Chat

A real-world blueprint for building an AppSec program with:

  • Limited resources
  • Vulnerability overload
  • Cultural friction

Practical lessons from embedding security into SDLC in a fast-moving open-source environment.

πŸ“Ž https://linkedin.com/in/julio-cfa/

β˜• 18:15 – 18:30

Coffee Break

πŸ”΄ 18:30 – 19:00

It’s Giving Insecure Vibes: Secure Coding Literacy for Vibe Coders

Betta Betta Lyon Delsordo β€” Ethical Hacker @ AWS

AI-assisted coding is accelerating development β€” but also vulnerabilities.

This session covers:

  • Common AI-generated vulnerabilities
  • Secure prompting techniques
  • Hybrid AI-assisted secure review
  • Real-world exploitation examples

Speaker at DEF CON 33, ESET World, WiCyS.

πŸ“Ž https://linkedin.com/in/betta-lyon-delsordo/

πŸ”΄ 19:00 – 19:30

LLM Prompt Injection: When Language Models Become an Attack Surface

Matteo Matteo Grollino β€” RED Team Senior Member, Relatech

The #1 risk in the OWASP Top 10 for LLM Applications.

This session explores:

  • Direct vs indirect prompt injection
  • System prompt manipulation
  • AI attack surface expansion
  • Live demonstration

A must-attend for anyone building AI-powered web applications.

πŸ”΄ 19:30 – 20:00

Agentic AI Under Siege: Verifiable Safety Envelopes for Micro-LLMs

Vaishnavi Vaishnavi Gudur β€” Senior Software Engineer, Microsoft

How do we make AI agents provably safe?

Topics include:

  • Zero-trust AI boundaries
  • Policy-as-code guardrails
  • Signed tool invocation
  • Adversarial CI testing
  • Immutable audit logs

Regulated environments. Multi-tenant safety. Practical architectures.

πŸ“Ž https://linkedin.com/in/vaishnavi-gudur

πŸ”΅ 20:00 – 20:30

OWASP MAS Project Updates

Sven Sven Schleier β€” OWASP MAS Project Co-Lead

Latest updates from:

  • MASWE
  • MASTG v2 Beta
  • Android & iOS test apps
  • iOS 17+ testing techniques

Hands-on improvements for mobile security testing professionals.

πŸ“Ž https://linkedin.com/in/sven-schleier/

πŸ”΅ 20:30 – 21:00

Zero-Trust Software Supply Chain at Enterprise Scale

Ritesh RavinderRitesh Ranjan & Ravinder Singh Dafauti β€” Adobe

Securing 100K+ builds per day with:

  • SLSA Level 3 alignment
  • Hardened CI runners
  • Ephemeral build environments
  • Keyless container signing
  • Enterprise-scale provenance

A practical blueprint for real-world supply chain security.

πŸ“Ž https://linkedin.com/in/ritesh-ranjan-1bab2196/
πŸ“Ž https://linkedin.com/in/ravinder-singh-04b781b1/

🏁 21:00 – 21:30

Closing Remarks & Community Announcements

🍹 21:30 – 01:00

Dinner Networking & OWASP Community Aperitivo

An opportunity to connect with speakers, contributors, and security professionals from across Europe.

🀝 Sponsorship & Community

Interested in sponsoring OWASP Italy Day 2026?
Contact the OWASP Italy Board for partnership opportunities.

πŸ–οΈ Location

Venue: Emerson Beach Club - Cagliari (Italy)

🧭 Organizers

Back to the OWASP Italy Chapter

Watch Star