Welcome

by OWASP German Chapter

09:05 – 09:45  in  Track 1

Keynote: Code Dark Age

by Eva Wolfangel

09:50 – 10:15  in  Track 1

The Surprising Complexity of Finding Known Vulnerabilities

by Dustin Born, Matthias Göhring

10:15 – 10:40  in  Track 1

From Startup to Scale: Choosing the Right AppSec Path

by Javan Rasokat, Vanessa Sutter

11:10 – 11:55  in  Track 1

LangSec for AppSec folks

by Lars Hermerschmidt

11:55 – 12:20  in  Track 1

Introducing Passkeys - Strategies and Challenges for Developers

by Clemens Hübner

12:20 – 12:45  in  Track 1

Phishing for Passkeys: An Analysis of WebAuthn and CTAP

by Michael Kuckuk

13:45 – 14:30  in  Track 1

The Automation Illusion? What Machines Can't Do in Threat Modeling

by Sebastian Deleersnyder, Georges Bolssens

14:30 – 14:55  in  Track 1

Extract: A PHP Foot-Gun Case Study

by Jannik Hartung, Martin Johns, Simon Koch

14:55 – 15:20  in  Track 1

"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers

by Shubham Agrawal

15:50 – 16:35  in  Track 1

A CISO's Adventures in AI Wonderland

by Holger Mack

16:35 – 17:00  in  Track 1

Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann

by Dominik Pataky

OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt

by Torsten Gigler

17:15 – 17:40  in  Track 1

News from the Juice Shop ecosystem

by Björn Kimminich

Closing

by OWASP German Chapter

09:50 – 10:15  in  Track 2

Attacking PDFs: From XFA Forms to Signature Exploits

by Sören Borgstedt, Titus Vollbracht

10:15 – 10:40  in  Track 2

How the EU created Electronic Invoices without considering Security

by Hanno Böck

11:10 – 11:55  in  Track 2

All the WAF power to the devs - why it reduces friction… and where it backfires

by Lukas Funk

11:55 – 12:20  in  Track 2

Continuous Vulnerability Scanning with OWASP secureCodeBox

by Jannik Hollenbach

12:20 – 12:45  in  Track 2

OWASP Cumulus: Threat Modeling the Ops of DevOps

by Christoph Niehoff

13:45 – 14:30  in  Track 2

Pwn My Ride: Jailbreaking Cars with CarPlay

by Avi Lumelsky

14:30 – 14:55  in  Track 2

MCP security hot potato: how to stay secure integrating external tools to your LLM

by Mateusz Olejarka, Dawid Nastaj

14:55 – 15:20  in  Track 2

How we hacked Y Combinator companies' AI agents

by René Brandel

15:50 – 16:35  in  Track 2

The Trust Trap - Security von Coding Assistants

by Clemens Hübner

16:35 – 17:00  in  Track 2

YuraScanner: Leveraging LLMs for Task-driven Web App Scanning

by Aleksei Stafeev