German OWASP Day 2025

The German Chapter of the Open Worldwide Application Security Project (OWASP) holds its annual OWASP conference. We are pleased to announce that this year's event will be held in Düsseldorf on November 25-26, 2025!

Tickets are available on Eventbrite!

Get your ticket

Program

The main event on November 26, 2025, will feature a variety of engaging technical and non-technical presentations focused on application security. The day before, on November 25, 2025, attendees can participate in various seminars and an evening event for networking and experience sharing. You can earn up to 14 CPE credits by attending the event.

Time Track 1 Track 2
09:00 - 13:00
Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense
🇬🇧 | Javan Rasokat

Details
Workshop Cyber Resilience Act
🇩🇪 | Michael Helwig

Details
14:00 - 17:00
German Chapter Meeting
🇩🇪 | German OWASP Chapter
Threat Modeling with AI
🇬🇧 | Georges Bolssens

Details
from 18:00
Evening Event
Time Track 1 Track 2
08:15 - 09:00
Registration
09:00 - 09:05
Welcome
🇩🇪
09:05 - 09:50
Keynote: Code Dark Age
🇬🇧 | Eva Wolfangel

Details
09:50 - 10:15
The Surprising Complexity of Finding Known Vulnerabilities
🇬🇧 | Dustin Born | Matthias Göhring

Details
Attacking PDFs: From XFA Forms to Signature Exploits
🇬🇧 | Sören Borgstedt | Titus Vollbracht

Details
10:15 - 10:40
From Startup to Scale: Choosing the Right AppSec Path
🇬🇧 | Javan Rasokat | Vanessa Sutter

Details
How the EU created Electronic Invoices without considering Security
🇬🇧 | Hanno Böck

Details
10:40 - 11:10
Break
11:10 - 11:55
LangSec for AppSec folks
🇩🇪 | Lars Hermerschmidt

Details
All the WAF power to the devs - why it reduces friction… and where it backfires
🇬🇧 | Lukas Funk

Details
11:55 - 12:20
Passkeys einführen - Strategien und Herausforderungen für Entwickler:innen
🇩🇪 | Martina Kraus

Details
Continuous Vulnerability Scanning with OWASP secureCodeBox
🇬🇧 | Jannik Hollenbach

Details
12:20 - 12:45
Phishing for Passkeys: Eine Analyse von WebAuthn und CTAP
🇬🇧 | Michael Kuckuk

Details
OWASP Cumulus: Threat Modeling the Ops of DevOps
🇬🇧 | Christoph Niehoff

Details
12:45 - 13:45
Lunch
13:45 - 14:30
The Automation Illusion? What Machines Can't Do in Threat Modeling
🇬🇧 | Sebastian Deleersnyder | Georges Bolssens

Details
tbd
  • tbd
14:30 - 14:55
Extract: A PHP Foot-Gun Case Study
🇬🇧 | Jannik Hartung | Simon Koch | Martin Johns

Details
MCP security hot potato: how to stay secure integrating external tools to your LLM
🇬🇧 | Mateusz Olejarka | Dawid Nastaj

Details
14:55 - 15:20
"I have no idea how to make it safer”: Security and Privacy Mindsets of Browser Extension Developers
🇬🇧 | Shubham Agrawal

Details
How we hacked Y Combinator companies' AI agents
🇬🇧 | René Brandel

Details
15:20 - 15:50
Break
15:50 - 16:35
A CISO's Adventures in AI Wonderland
🇬🇧 | Holger Mack
Details
The Trust Trap - Security von Coding Assistants
🇬🇧 | Clemens Hübner
Details
16:35 - 17:00
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann
🇩🇪 | Dominik Pataky
Details
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
🇬🇧 | Aleksei Stafeev
Details
17:05 - 17:15
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt
🇩🇪 | Torsten Gigler
Details
17:15 - 17:40
News from the Juice Shop ecosystem
🇬🇧 | Björn Kimminich
Details
17:40 - 17:45
Closing

Our Sponsors

The following companies and organizations are supporting this year's German OWASP Day.









Sponsoring opportunities around German OWASP Day 2025

We anticipate approximately 200 participants from a range of industries. By sponsoring the German OWASP Day 2025, you will be making a strong statement:

Your support for this key event in the German-speaking Application Security community will significantly bolster your company's expert reputation.

Building on the positive feedback from previous years, we've created several attractive opportunities to maximize your visibility at the conference, alongside your presence online and in official materials.

Price (net): 1.500 €

Perks:

  • your logo* on the conference homepage
  • your logo* in a LinkedIn post by the German OWASP Day page
  • your logo* on the schedule during the conference
  • one (1) Giveaway (e. g. a brochure*) or a promotional gift* for the participants
  • an included conference ticket including the social pre-event

Items marked with * must be provided by the sponsor.

Price (net): 3.800 €

Perks:

All points of the Standard Sponsor Package apply to the Gold Sponsor plus the following:

  • Selection of one of the following sponsorship options based on availability (first come, first serve):
    • Coffee break and lunch catering (max A4-sized table displays*) or
    • Lanyard (lanyard* for conference badges) or
    • Evening event (option to put up to two RollUp-Displays* and hold a short speech) or
    • Conference bags*
  • One additional (two in total) included conference tickets incl. pre-event.

Items marked with * must be provided by the sponsor.

All sponsorship revenue is used solely to cover the costs of the conference and the mission of the independent and non-profit OWASP Foundation (501c3 Not-For-Profit).

Details for sponsors

Call for Presentations

The German OWASP Day 2025 is a security conference focused on expert talks covering secure development, operations, testing, and organizational aspects related to web-based applications. Cross-disciplinary and non-technical topics are also encouraged. The conference is primarily intended for a German-speaking audience, though English presentations are welcome.

To CfP

Location

The event will take place at the Radisson Blu Conference Hotel, Karl-Arnold-Platz 5, in Düsseldorf.

As there is more than one Radisson Blu Hotel in Düsseldorf, please make sure you check the correct address.

We suggest using public transport for your travel:

  • U-Bahn from main train station: U79 to the stop Golzheimer Platz.

Radisson Blu Conference Hotel, Düsseldorf

About

OWASP is an independent, global community committed to making web application security more visible, sharing expertise in developing and operating secure web applications, and offering resources freely available to everyone. All OWASP materials, including documents, videos, slides, and podcasts, can be used for free under an open license.

OWASP is open, inclusive, and vendor-neutral. Everyone is welcome to contribute to projects or simply benefit from the shared knowledge. A great way to get involved is by attending the OWASP Meetups, which regularly take place in many major German cities.

For more details, visit the German OWASP Chapter website and follow us on social media.


Webseite

Mailingliste

GitHub

Youtube

LinkedIn

X

Mastodon

Contact

Christian Dresen

Organisation

christian . dresen [at] owasp . org

Christian Becker

Organisation

christian . becker [at] owasp . org

Lilith Pendzich

Organisation

lilith . pendzich [at] owasp . org

Henrik Willert

Organisation

henrik . willert [at] owasp . org

Jasmin Mair

Organisation

jasmin . mair [at] owasp . org

Dirk Wetter

Organisation

dirk [at] owasp . org

Tobias Glemser

Sponsoring

tobias . glemser [at] owasp . org