OWASP Italy Day 2026





πŸ“… OWASP Italy Day 2026 – Cagliari, 18 June 2026

OWASP Italy Day 2026 will take place on June 18th, 2026, in Cagliari, Sardinia (Italy) β€” returning to one of the most inspiring locations for cybersecurity innovation and collaboration.
This will be a free, one-day, in-person event focused on application security, AI security, DevSecOps, and secure software development, bringing together researchers, professionals, and students to exchange ideas, share experiences, and strengthen the AppSec community.

The main conference will start on June 18th at 3:30 PM, following a day of training sessions and workshops on June 17th (and optionally the morning of June 18th).

πŸ“Œ Trainings and Conference Programs!

πŸŽ“ AI & Security Trainings 17,18 June – 2026 Program

OWASP continues to strongly invest in advanced training on AI Security, Threat Modeling, and Secure Development.

Below is a selection of official OWASP trainings available in 2026, delivered by international experts and OWASP project leaders.

Please reserve your seat here

Fabio Cerullo Secure Coding for Large Language Model Applications

  • Speaker: Fabio Cerullo
    Cycubix LTD
  • Format: 1.5-day training
  • Level: Introductory / Overview

A practical introduction to secure development of LLM-based applications, covering common vulnerabilities, security patterns, and best practices.

Krishnendu Dasgupta Building, Securing, and Deploying AI Agent Swarms

in a Trustless Decentralized Ecosystem

  • Speaker: Krishnendu Dasgupta
    Founder, AXONVERTEX AI
  • Format: 1-day training
  • Level: Intermediate

An innovative training focused on designing, securing, and deploying AI agent swarms within decentralized and trustless ecosystems.

Key Dates

Item Date
Training Day(s) June 17–18, 2026
OWASP Italy Day Conference June 18, 2026 – from 3:30 PM

Please reserve your seat for the trainings here



Featured Morning Workshop β€” Secure Code with AI (18th June)

It’s Manico Show Time!

A Practical Methodology for Claude Code, Codex, and Machine-Readable Security Rules

  • Speaker: Jim Manico β€” Founder, Manicode Security
  • Format: Hands-on Technical Workshop Β· 3 hours Β· Live demonstrations with open Q&A
  • Date: June 18, 2026 β€” Morning session, before the main conference
  • Track: Application Security Β· Secure Software Engineering Β· AI Engineering Β· Developer Productivity
  • Level: Intermediate to Advanced β€” Developers, Security Engineers, Technical Leads, Architects

Artificial intelligence coding assistants now generate a substantial portion of production code, yet most engineering teams deploy them with poor defaults and no security guardrails. The result is predictable: vulnerabilities, poor quality, and an expanding attack surface.

This hands-on workshop presents a practical, demonstration-driven methodology for secure AI-assisted development. Attendees will observe the configuration of a secure Claude Code environment, the authoring of machine-readable security rules that govern model behavior on a per-repository basis, and a coordinated workflow using Claude Code and Codex together for code generation, security review, and testing.

The session delivers immediately applicable techniques for shipping secure code from the first commit.

Key takeaways

  • Configure a secure Claude Code development environment
  • Use machine-readable security rules at repository level
  • Combine Claude Code and Codex for code generation, security review, and testing
  • Apply secure-by-default AI coding workflows from the first commit

πŸ—“ OWASP ITALY DAY June 18 - Agenda

Please reserve your seat at the Conference here

🟒 15:30 – 16:00

Check-in & Welcome

🟣 16:00 – 16:30

🌟 KEYNOTE SESSION - The AI Security Moment: Why the Next Cybersecurity Crisis Will Be Algorithmic

Vandana Verma Sehgal Vandana Verma β€” Snyk

Abstract We are living through one of the fastest technological shifts in history. AI systems are no longer experimental tools, they are decision-makers, copilots, and increasingly autonomous actors embedded inside our organizations. While AI adoption is accelerating at record speed, security and governance are struggling to keep up.

In this keynote, we explore why AI security is rapidly becoming the defining cybersecurity challenge of this decade. From generative AI assistants to autonomous agents capable of executing workflows, modern AI systems introduce entirely new attack surfaces that traditional security models were never designed to handle.

The challenge is not just about securing models, it is about securing AI ecosystems: data pipelines, agent workflows, APIs, tool integrations, and the complex chain of decisions AI systems now make on our behalf.

Drawing from emerging research, real-world incidents, and global security frameworks, this talk will explore the new threat landscape created by AI and why organizations must rethink how they approach risk, trust, and control in intelligent systems. Because the next major security incident may not be caused by malware or ransomware. It may be caused by an AI that did exactly what it was told to do.

πŸ”΅ 16:30 – 17:00

From Scratch: Building an AppSec Program That Actually Works

Julio Julio Araujo β€” Head of Security @ Rocket.Chat

A real-world blueprint for building an AppSec program with:

  • Limited resources
  • Vulnerability overload
  • Cultural friction

Practical lessons from embedding security into SDLC in a fast-moving open-source environment.

πŸ“Ž https://linkedin.com/in/julio-cfa/

πŸ”΄ 17:00 – 17:30

Spec-Driven Development: The Engineering Discipline That Secures, Economizes, and Certifies AI-Assisted Software

Jim Jim Manico β€” Founder, Manicode Security How do we make AI software secure?

Artificial intelligence now generates a substantial portion of production code, yet most engineering organizations continue to instruct these systems through informal prompts and unstructured tickets. The consequence is predictable and severe: unverifiable output, security regressions, poor quality, and uncontrolled cost. Spec-driven development establishes a different paradigm. By codifying requirements as structured, machine-readable artifacts, engineering teams provide artificial intelligence with a deterministic target and provide auditors, reviewers, and regulators with a verifiable contract. This session presents the methodology, the supporting artifacts, and the measurable advantages across four critical dimensions: security, cost, compliance, and engineering velocity.

πŸ“Ž https://www.linkedin.com/in/jmanico/

πŸ”΅ 17:30 – 18:00

Killing the Noise: AI Triage for High-Volume API Security Findings

Alessio Alessio Dalla Piazza β€” Co-Founder & CTO, Equixly

Why this matters:
Security teams are drowning in false positives. This talk shows how AI can reduce noise without introducing new risks.

What you’ll learn:

  • Algorithmic vs beacon-based detection
  • EPSS prioritization strategies
  • Reachability analysis for filtering
  • Where LLM triage works β€” and where it fails

πŸ“Ž https://linkedin.com/in/alessiodallapiazza/

β˜• 18:00 – 18:30

Coffee Break

πŸ”΅ 18:30 – 19:00

OWASP MAS Project Updates

Sven Sven Schleier β€” OWASP MAS Project Co-Lead

Latest updates from:

  • MASWE
  • MASTG v2 Beta
  • Android & iOS test apps
  • iOS 17+ testing techniques

Hands-on improvements for mobile security testing professionals.

πŸ“Ž https://linkedin.com/in/sven-schleier/

πŸ”΄ 19:00 – 19:30

It’s Giving Insecure Vibes: Secure Coding Literacy for Vibe Coders

Betta Betta Lyon Delsordo β€” Ethical Hacker @ AWS

AI-assisted coding is accelerating development β€” but also vulnerabilities.

This session covers:

  • Common AI-generated vulnerabilities
  • Secure prompting techniques
  • Hybrid AI-assisted secure review
  • Real-world exploitation examples

Speaker at DEF CON 33, ESET World, WiCyS.

πŸ“Ž https://linkedin.com/in/betta-lyon-delsordo/

πŸ”΅ 19:30 – 20:00

Zero-Trust Software Supply Chain at Enterprise Scale

Ritesh RavinderRitesh Ranjan & Ravinder Singh Dafauti β€” Adobe

Securing 100K+ builds per day with:

  • SLSA Level 3 alignment
  • Hardened CI runners
  • Ephemeral build environments
  • Keyless container signing
  • Enterprise-scale provenance

A practical blueprint for real-world supply chain security.

πŸ“Ž https://linkedin.com/in/ritesh-ranjan-1bab2196/
πŸ“Ž https://linkedin.com/in/ravinder-singh-04b781b1/

πŸ”΄ 20:00 – 20:30

LLM Prompt Injection: When Language Models Become an Attack Surface

Matteo Matteo Grollino β€” RED Team Senior Member, Relatech

The #1 risk in the OWASP Top 10 for LLM Applications.

This session explores:

  • Direct vs indirect prompt injection
  • System prompt manipulation
  • AI attack surface expansion
  • Live demonstration

A must-attend for anyone building AI-powered web applications.

🏁 20:30 – 21:00

Final Greetings

🍹 21:00 – 00:00 AM

Dinner & DJ Party

An opportunity to connect with speakers, contributors, and security professionals from across Europe.

πŸ–οΈ Location

Venue: Emerson Beach Club - Cagliari (Italy)

🧭 Organizers

Back to the OWASP Italy Chapter

Watch Star