Workshops

The workshops

Time	Elbe (Raum 1)	Alster (Raum 2)	Bille (Raum 3)
9:00-13:00	Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day	Let's make hackers cry ... with deception	Understanding Modern Application Security - Training Update 2026
14:00-18:00	MacOS Investigation Workshop	Exploiting and Securing AI Applications on AWS

Understanding Modern Application Security - Training Update 2026

Trainers

Juliane Reimann
Michael Helwig

Length

8 hours

Room

BILLE (Raum 3)

Abstract

The field of application security has evolved rapidly. Cloud-native architectures, APIs, AI-assisted development, increasing regulation and risks to the software supply chain have fundamentally changed the way we build and secure applications. Nevertheless, a secure software development lifecycle remains a best practice, and many traditional tools and processes continue to be relevant, even in the context of AI. This training course provides a structured, high-level overview of modern application security across the secure software development lifecycle (SSDLC). Rather than delving deeply into one specific tool or vulnerability class, we explore the key elements, including today’s threat landscape, common vulnerabilities in web, API, and AI-based systems, secure architecture fundamentals, security-by-design principles, security tools, vulnerability management, and basic SDLC governance and cultural principles. We will share our insights and experiences, and also facilitate discussions with participants to identify effective strategies and lessons learned. To gain hands-on experience, we will conduct a practical threat modelling exercise and consider how to build our own SSDLC based on our threat model, as well as how to secure our CI/CD pipeline. We will explore common vulnerabilities in a vulnerable web application and attempt to relieve an LLM of its secrets. During the training, we will also consider the ways in which AI can enhance and automate processes throughout the SSDLC.

Participants will gain:

A clear overview of how modern application security works
An understanding of the basics of secure architecture and threat modelling
Insight into how security tools fit into CI/CD, and how to address problems in vulnerability management
Practical experience through threat modelling and hands-on hacking
Guidance on how to structure AppSec and Security Champion programmes within their organisation
An understanding that there is rarely a one-size-fits-all solution (let alone tool) to their AppSec problems, but rather tailored solutions for their team

Target audience

Developers, architects, security managers, DevOps engineers, technical leads, and security practitioners who want a compact but structured overview of modern Application Security and practical starting points for their own environments.

Agenda

AppSec: Motivation, Regulation and Business Case
AppSec Threats – What can go wrong?
Secure Architecture Principles
Security By Design
Tools, AI and the AppSec Lifecycle
Vulnerability Management
Building the SSDLC – Program Strategy and Governance
Building Security Culture

Trainer Bios

Juliane Reimann, Founder & Security Community Expert @ FullCyrcle Security.

Juliane Reimann

Juliane has worked as a cybersecurity consultant for large companies since 2019, with a focus on DevSecOps and community building. Her expertise includes building security communities among software developers and establishing developer-centric communication around secure software development topics. Before entering the cybersecurity field, she founded several companies in web development. Her web development background provides her with extensive knowledge of the software development lifecycle. Since 2024, she has been a core member of the OWASP Security Champions Guide Community.

Michael Helwig

Michael Helwig is a senior security consultant, founder and director at the Munich based company secureIO GmbH. With a strong background in application security and building and managing application security programs, he is passionate about all things related to AppSec and DevSecOps. He is a member of the German OWASP Board.

Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day

Trainer

Lisi Hocke

Schedule

4 hours, morning

Room

ELBE (Raum 1)

Abstract

Building valuable solutions is a complex endeavor that requires a breadth of knowledge. That not being enough, we’re also getting asked to build secure solutions in a secure way - yet what does that even mean? How do we incorporate such a vast area of expertise into our everyday workflows?

In this hands-on workshop, I will introduce you to core security concepts, like the CIA triad or defense in depth - and how we can apply them in everyday work. Based on a practical example, we will go through the development lifecycle with security in mind. You will learn about threat modeling to uncover risks early on, secure coding principles to bake security in, security testing approaches to make informed decisions depending on your risk appetite, and ways of detecting potentially malicious activity to protect against. Interactive exercises at each step will let you experience how security can neatly fit with what you’re already doing without adding artificial gates.

Whether you want to keep your system secure or get a neglected one back in shape, this session is for you. Join us to gain fundamental security knowledge, hone your security skills, and get tactical advice to secure your development lifecycle. Let’s make things a bit more secure than yesterday every day!

Needed from participant side:

Laptop with internet connection and permission to open a Miro board
At least one of the following two options:
GitHub account for using Codespaces to run the practice app
For local runs:
Git as well as the permission to clone a GitHub repository and run the practice app
A way to run bash scripts on their system (e.g. using git bash on Windows)
Docker and Docker Compose V2 (or an alternative way to run a Docker compose script)
API client (any choice)

Trainer Bio

Lisi Hocke

Lisi Hocke found tech as her place to be in 2009 and has grown as a specialized generalist ever since. Building great products that deliver value together with great people motivates her and lets her thrive. As a security engineer, she’s now fully focusing on all things product security to help build more secure solutions. She’s committed to testing and quality, passionate about whole-team approaches to increase effectiveness and resilience, and enjoys experimenting and learning continuously. Having received a lot from communities, Lisi is paying it forward by sharing her stories and learning in public. She posts on Mastodon as @lisihocke@mastodon.social and blogs at www.lisihocke.com. In her free time, she plays indoor volleyball or delves into computer games and stories of all kinds.

MacOS Investigation Workshop

Trainer

Evgen Blohm

Schedule

4 hours, afternoon

Room

ELBE (Raum 1)

Abstract

The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.

Although macOS devices still account for a smaller share of enterprise environments than Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations’ defensive strategies. Recent industry reports — including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 (Mac Malware) — highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

Creating disk images of macOS devices
Identifying and interpreting key system artifacts
Investigating artifacts for evidence of threat actor activity
Utilizing common forensic tools to support analysis
Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.

Let’s make hackers cry … with deception

Trainer

John Strand, Antisyphon Training

Schedule

4 hours, morning

Room

ALSTER (Raum 2)

Abstract

In this workshop we will be doing multiple hands-on labs that will help detect and halt attackers targeting your environment. The students will also gain access to a full browser-based lab environment and a total of 16 hours of lab time.

We will show how it is important to collect hacker tears. It makes the best wine.

Trainer Bio

John Strand

John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls framework.

Exploiting and Securing AI Applications on AWS

Trainers

Anne Stein, Superluminar
Rebecca Burnside, Superluminar
Robert von Massow, Superluminar

Schedule

4 hours, afternoon

Room

Raum 2 (ALSTER)

Abstract

AI-powered assistants are becoming a standard feature in modern applications - but many are deployed with serious security flaws.

In this interactive workshop, you’ll work with a deliberately vulnerable AI shopping assistant built on AWS. The application looks helpful, but underneath it hides prompt injection weaknesses, excessive permissions, insecure integrations, and other common AI security pitfalls.

Your mission is to exploit it, and then secure it.

Through guided challenges, you’ll learn how attackers target AI systems and how to design safer architectures for real-world AI applications in AWS.

Trainer Bios

Anne Stein

Anne Stein is AWS Community Builder and Cloud Consultant at superluminar. With her passion for software development and cloud, she is always striving to learn more about the latest technologies and trends and to expand her skills.

Rebecca Burnside

Rebecca Burnside is a Cloud Consultant at superluminar. After transitioning into tech from neuropsychology, she now builds modern cloud infrastructure, with a growing focus on generative AI and its security challenges.

Robert von Massow

Robert von Massow is a cloud consultant at superluminar working on cloud-native architectures and systems on AWS. His projects range from IoT platforms to data and AI workloads, which means he regularly encounters the full spectrum of modern tech buzzwords. At heart, he still considers himself a software engineer and prefers building real systems over just drawing architecture diagrams.

Logistics

The closest bus stops to Jungheinrich are Helbingtwiete and Am Stadtrand, both of which are a short walk away (300 m.) The 171 and the 16 buses both run to these stops every 10 mins. Both bus routes connect with multiple S- and U-Bahn lines across the city. You can catch either bus from the U1 station Straßburger Straße, or you can catch the 16 (Rentenversicherung Nord) directly from Hauptbahnhof Hamburg. Here’s a link to the hvv trip planner which you can use to find the best route from where you’re staying.

You can park in the parking garage of the UCI Cinema across the street. Address: UCI Wandsbek, Friedrich-Ebert-Damm 134, 22047 Hamburg.

The workshops will be hosted by Jungheinrich AG, a leading company in the field of intralogistics and material handling equipment. We are grateful for their support in hosting the workshops and providing a space for attendees to learn and collaborate.