Event schedule

Buy tickets


OWASP AppSec Day is a full week event dedicated entirely to software security. Aimed at providing a welcoming environment for developers, testers, devops engineers and security professionals alike. With pre-conference training courses on the 15th to 18th of October, followed by a full day conference on the 19th of October. The conference schedule below is subject to minor changes. Please check this page closer to the day of the event.

A conference ticket grants access to talks and other events on the 19th of October, including entry to the after party. The training courses between the 15th & 18th of October are sold seperately.


Training - October 15th & 16th

Hands-on DevSecOps and AppSec Automation (15th & 16th) (2 days)
  • Abhay Bhargav we45

Training - October 17th & 18th

Bughunting bootcamp - Discovering 0day (17th & 18th) (2 days)
  • Eldar Marcussen HackLabs

Application Security Essentials (17th & 18th) (2 days)
  • Abhay Bhargav we45

Seth & Ken’s Excellent Adventures in Secure Code Review (17th & 18th) (2 days)
  • Ken Johnson Github

  • Seth Law Security Consultant

Conference - October 19th


Registration will open at 8am sharp, make sure to have your QR code ready, located on your EventBrite ticket (mobile app or printed), to pick up your badge and your complimentary barista made coffee on arrival :)


A quick overview of the events throughout the day, the need to knows and more!

We Broke the Build: How Security Failed the DevOps Movement (Keynote)
  • Keith Hoodlet Thermo Fisher Scientific

Lockpicking Village - Compromising Physical Security (workshop, half day)
  • Topy A Loop Secure

Why 'Positive Security' is the next security game changer
  • Pieter Danhieux Secure Code Warrior

Threat Modeling-as-Code & Automation for DevSecOps wins
  • Abhay Bhargav we45

Operational differences between white and black hats - helping the defender
  • Kevin Manderson Telstra

A Quickstart guide to running a Bug Bounty program
  • Katie Foster Fitbit

Domo Arigato, Mr. Roboto: Security Robots a la Unit-Testing
  • Seth Law Security Consultant

Secure SDLC Speed-run
  • Matt Jones Elttam

The Art of Anti-Exploitation: Defeating RCE Exploits for Good
  • Osama Elnaggar

WAT... Attacking JSON Web Tokens
  • Louis Nyffenegger Pentesterlab

Lunch Break

A diverse selection of complimentary hot and cold lunch options (including Veg & GF) will be provided. Also a great chance to network with the speakers and other like minded passionate attendees.

You want CVE with that? Using components and staying secure
  • Nina Juliadotter

Bolt-on or Built-on? That compliance stick is getting you nowhere
  • Lidia Giuliano Real Estate Australia

Continuous Integration and Delivery with Docker Containers
  • Vasant Kumar Chinnipilli Shelde

Mitigating the risk of SSRF in Java applications
  • David Black Atlassian

Lets breakout!!!
  • Scott Coulton Puppet

Security: where left is the right direction
  • Mario Areias Tyro

Canaries and data breaches
  • Rebecca Trapani Assurance

Challenge accepted: Breaking an enterprise CMS
  • Jeff Thomas Hivint

Coffee Break

Afternoon tea will be provided. Fuel to keep you going!!!

Gamifying Developer Education with CTFs
  • Max Feldman Slack

Software Composition Analysis Deep Dive
  • Ulisses Albuquerque PS&C

Developing Secure iOS Applications
  • Michael Gianarakis Assetnote

Caring for your pen tester friends
  • Brendan Seerup

Security Debate and Q&A
  • Ken Johnson Github

  • Keith Hoodlet Thermo Fisher Scientific

  • Lidia Giuliano Real Estate Australia

  • Liam O Assurance

Wrap Up

A quick wrapup of the day, giveaways, location of the after party and more!

After Party (location TBA)

Located walking distance from the venue, the after party will provide complimentary food and drinks and is a great way to finish off an intense, full day of learning :) All attendees (18+ years) with a conference badge will be granted entry.