{ } NDC Conferences
About us
Dark
Light
Course Calendar
Sort after topic
Jan 26
NDC London 2026
26 - 30 January 2026
100
Speakers
50
Technologies
12
Workshops
110
Talks
Jan 29
Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain
Niels Tanis
1 hour
Queen Elizabeth II Centre
-
Mar 2
NDC Security Oslo 2026
2 - 5 March 2026
50
Speakers
Technologies
8
Workshops
60
Talks
Mar 4
25 Years of the Microsoft SDL
Michael Howard
1 hour
-
Mar 4
MITRE ATT&CK for Developers
Chris Ayers
1 hour
-
Mar 4
Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance
Michele Leroux Bustamante
1 hour
-
Mar 4
An AppSec Tale: From Zero to 250+ Champions
Even Tillerli, Nicole Silva
1 hour
-
Mar 4
ASP.NET Core meets OWASP Top 10 2025
Anders Abel
1 hour
-
Mar 4
Part 1/2: Games as tools for scaling your application security program
Johan Sydseter
1 hour
-
Mar 4
How to Know Your Client Is Real: Hardware-Backed Authentication Patterns
Victor Lyuboslavsky
1 hour
-
Mar 4
Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain
Niels Tanis
1 hour
-
Mar 4
Part 2/2: Games as tools for scaling your application security program
Johan Sydseter
1 hour
-
Mar 4
Securing Code in the Age of AI
Simona Toader
1 hour
-
Mar 4
Have I Been Pwned - A Passkey Journey
Stefán Jökull Sigurðarson
1 hour
-
Mar 4
Demystifying CSP for modern applications
Philippe De Ryck
1 hour
-
Mar 4
Lightning Talks 1
Mackenzie Jackson, Cody Burkard, Håvard Eide, Patricia R
1 hour
-
Mar 4
Prompt Hardening - Secure Code Generation Using AI
Sean Sinclair
1 hour
-
Mar 4
Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities
Bodhisattva Das
1 hour
-
Mar 5
app.alert(1) is the new alert(1): PDFs as a vector to inject JavaScript code in web applications
Luigi Gubello
1 hour
-
Mar 5
Part 1/2: Securing your AI code generation workflow
Armin Buescher
1 hour
-
Mar 5
Is Your Approach to Pipeline Security Flawed? Rethinking CI/CD Security
Patricia R
1 hour
-
Mar 5
Zero-Knowledge Proofs: Simultaneously ensuring integrity and privacy
Tjerand Silde
1 hour
-
Mar 5
Prompt Injection Attacks in LLM-Powered Applications
Magno Logan
1 hour
-
Mar 5
Part 2/2: Securing your AI code generation workflow
Armin Buescher
1 hour
Radisson Blu Scandinavia Hotel
-
Mar 5
MCP Security: Keep Your AI Agents from Spilling the Tea
Awar Abdulkarim, Manfred Bjørlin
1 hour
-
Mar 5
Post-quantum cryptography for .NET developers
Filip W.
1 hour
-
Mar 5
Hijacking Google’s CI/CD Through Prompt Injection: The New Era of AI-Based Exploits
Mackenzie Jackson
1 hour
-
Mar 5
Part 1/2: Introduction to the new post-quantum standards
Tjerand Silde
1 hour
-
Mar 5
Part 2/2: Introduction to the new post-quantum standards
Tjerand Silde
1 hour
-
Mar 5
The TPM and You - How (and why) to actually make use of your TPM
Mathias Tausig
1 hour
-
Mar 5
Secure and Compliant APIs - By Design
Daniel Sandberg, Tobias Ahnoff
1 hour
-
Mar 5
Lightning Talks 2
Inge Amdal Halvorsen, Bendik Schartum Thorbjørnsen, Karim El-Melhaoui, Even Tillerli, Sean Sinclair
1 hour
-
Mar 5
Has your flight been cancelled? You might be eligible for a cybersec session!
Konstantinos Fouzas
1 hour
-
Mar 5
BOLA, BOPLA, and BFLA: Let’s get rid of broken authorization!
Eivind Jahr Kirkeby
1 hour
-
Apr 22
NDC Sydney 2026
22 - 24 April 2026
60
Speakers
8
Workshops
40
Technologies
70
Talks
May 5
NDC Toronto 2026
5 - 8 May 2026
8
Workshops
65
Speakers
90
Talks
Jun 1
NDC Copenhagen 2026
1 - 4 June 2026
70
Speakers
40
Technologies
80
Talks
10
Workshops
Sept 14
NDC Oslo 2026
14 - 18 September 2026
150
Speakers
45
Technologies
12
Workshops
160
Talks
Sept 21
NDC TechTown 2026
21 - 24 September 2026
50
Speakers
15
Technologies
10
Workshops
60
Talks
On demand courses
Flipping Bits: Your Credentials Are Certainly Mine
Stök ., Joona Hoikkala
-
Contact us
The AppSec Poverty Line: Minimal Viable Security
Tanya Janca
-
Contact us
The question is not when to start threat modeling. It's when to stop
Georges Bolssens
-
Contact us
Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls
Gareth Heyes
-
Contact us
Improving the Chances of Success in Secure Software Development
Daniela Cruzes, Espen Agnalt Johansen
-
Contact us
What I learnt about automating security
George Coldham
-
Contact us
Test Driven Application Security
Tobias Ahnoff, Martin Altenstedt
-
Contact us
Is this okay!? How to review code for security issues.
Rouan Wilsenach
-
Contact us
Using WebAssembly to run, extend, and secure your .NET application
Niels Tanis
-
Contact us
Defendable Products: How we try to improve security in our products
Ståle Pettersen
-
Contact us
OPA everywhere! Exploring new opportunities in policy evaluation
Anders Eknert
-
Contact us
Attacking through the Software Supply Chain
Felix Leder
-
Contact us
Running system tests with active authn/z
Lars Skjorestad
-
Contact us
A data driven approach to application security
Petter Kvalvaag, Kristian Reed
-
Contact us
How hacking works - Web Edition
Espen Sande-Larsen
-
Contact us
Building a sustainable security requirements process with the ASVS
Josh Grossman
-
Contact us
In Defence of PHP
Stephen Rees-Carter
-
Contact us
What happens if I change this URI… oooooh
Halvor Sakshaug
-
Contact us
Cyber Security vs. Statistics: Fighting False Positives to Automate your Security Operations
Christopher Van Der Made
-
Contact us
Security as Code: A DevSecOps Approach
Joseph Katsioloudes
-
Contact us
Block DNS exfiltration with L7 filter
Magnus Longva
-
Contact us
Agile Whiteboard Hacking – aka Hands-on Threat Modeling
Georges Bolssens
-
Contact us
Hacker vs Azure Web Application Firewall
Laura Kokkarinen
-
Contact us
Developing secure software with GitHub
Laura Kokkarinen, Thomas Vochten
-
Contact us
Assessing NuGet Packages more easily with Security Scorecards
Niels Tanis
-
Contact us
Code Security Reinvented: Navigating the era of AI
Joseph Katsioloudes
-
Contact us
Panda to gibbon is the least of your worries: why securing AI is not what you think
Sarah Young
-
Contact us
Supply Chain Attacks:- Focused on NPM attacks. (Includes, demonstrations of research and prevention
Danish Tariq
-
Contact us
Detecting Malicious Activity: Unveiling the Secrets of MS-SQL Logging
Tristan Bennett
-
Contact us
Effects Malware hunting in Cloud environment
Filipi Pires
-
Contact us
Prompt Injection: When Hackers Befriend Your AI
Vetle Hjelle
-
Contact us
Sandboxing in Linux with zero lines of code
Ignat Korchagin
-
Contact us
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Jonathan Birch
-
Contact us
OWASP Juice Shop - An Open Source Software and security Fairytale
Björn Kimminich
-
Contact us
Passwords are Dead, Long live Passkeys!
Stephen Rees-Carter
-
Contact us
OAuth2/OIDC security weaknesses and pitfalls
Tobias Ahnoff, Pontus Hanssen
-
Contact us
Passwords don't have to be so hard!
Stefán Jökull Sigurðarson
-
Contact us
The Hidden Risk in Undocumented API Behavior
Bahaa Naamneh
-
Contact us
No Size Fits All: Empowering Engineers with Custom Application Security tests
Michal Kamensky
-
Contact us
Threat Modelling for ML/AI systems
Andrea Brambilla, Benjamin Løkling
-
Contact us
Part 1/2: Hands-on grand tour of GPU Graph AI for security event correlation
Leo Meyerovich, Alex Morrise
-
Contact us
Incidents and incident handling @ VG.no
Audun Ytterdal
-
Contact us
Part 2/2: Hands-on grand tour of GPU Graph AI for security event correlation
Leo Meyerovich, Alex Morrise
-
Contact us
Using developer-centric data to predict, prioritize, and improve Application Security Outcomes
Laura Bell
-
Contact us
Security Champion Worst Practices
Tanya Janca
-
Contact us
Practical cryptography with Tink
Neil Madden
-
Contact us
Inside Google's Discovery and Remediation of a Critical CPU Vulnerability
Yousif Hussin
-
Contact us
Secure System Integrations
Tobias Ahnoff
-
Contact us
Container Security with Falco: A Quick Start Guide
Ayesha Kaleem
-
Contact us
LIVE DEMO: Supply Chain Attacks in the Terraform Registry
Kyle Kotowick
-
Contact us
(Ab)user Experience: The dark side of Product and Security
Lianne Potter, Jeff Watkins
-
Contact us
RCE via legacy dependency in Python
Andrea Brambilla
-
Contact us
Building antifragile systems using Secure by Design
Anders Kofoed, Eivind Jahr Kirkeby
-
Contact us
Part 1: Stop Firefighting Vulnerabilities, Start Eliminating Bug Classes at Scale: A Hands-On Workshop
Javan Rasokat
-
Contact us
Improve your threat modelling through the science of simplicity
Dave Soldera
-
Contact us
Breaking and securing OAuth 2.0 in frontends at NDC Security
Philippe De Ryck
-
Contact us
Using GenAI on your code, what could possibly go wrong?
Niels Tanis
-
Contact us
I don't need privacy, I got confidentiality!
Kim Wuyts
-
Contact us
Challenges and Opportunities from Quantum-Safe Cryptography
Tjerand Silde
-
Contact us
Tales of OAuth2/OIDC in the wild
Anders Abel
-
Contact us
Securing React: Prompt Engineering for Robust and Secure Code Generation
Jim Manico
-
Contact us
From DevSecOops to Security Success: The Bug Bounty Effect at FINN.no
Emil Vaagland
-
Contact us
Beyond the origin - secure media provenance with C2PA
Charlie Halford
-
Contact us
Building a High-Value AppSec Scanning Programme
Josh Grossman
-
Contact us
Level Up Your AppSec Game: SAMM's Roadmap to Security Excellence
Sebastien Deleersnyder
-
Contact us
Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain
Niels Tanis
-
Contact us
Supercharging DevOps with MCP (Without Opening a Security Hole)
Alex Shershebnev
-
Contact us
Deep dive into data streaming security
Olena Kutsenko
-
Contact us
Trust No Input: Taint Analysis at Compile Time
Matteo Di Pirro
-
Contact us
Beyond the Pink: Data Risks in Femtech You Can’t Ignore
Arohi Naik
-
Contact us
OpenSSF Best Practices for Everyone!
Avishay Balter
-
Contact us
Skill Degradation: An Empirical Analysis of 400+ AI‑Generated Security Fixes
Pedram Hayati
-
Contact us
Prompt Hardening - Secure Code Generation Using AI
Sean Sinclair
-
Contact us
The EU CRA Readiness for Contributors and Maintainers : A Survival Toolkit
Roman Zhukov
-
Contact us
Building Secure Infrastructure for Productive AI Agents
Jiachen Jiang
-
Contact us
MITRE ATT&CK for Developers
Chris Ayers
-
Contact us
ToolShell, Patch Bypass, and the AI That Might Have Seen It Coming
Soroush Dalili, Pedram Hayati
-
Contact us
When Vibes Don’t Build: Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions
Spyros Gasteratos
-
Contact us
Purple is the New Black: Modern Approaches to Application Security
Tanya Janca
-
Contact us
PAR: Securing the OAuth and OpenID Connect Front-Channel
Dominick Baier
-
Contact us
NDC Party - Conference Reception + Panel: Will Application Security eat Cloud Security for lunch?
Shilpi Bhattacharjee, Tanya Janca, Ashish Rajan
-
Contact us
Keynote: Maturing Your Application Security Program
Tanya Janca
-
Contact us
Part 2: Stop Firefighting Vulnerabilities, Start Eliminating Bug Classes at Scale: A Hands-On Workshop
Javan Rasokat
-
Contact us
NDC Conferences uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?
All good!
Don't want it