Kick off AppSec Days Portugal with a full day of hands-on security training. Six expert-led workshops run in parallel across two time slots, covering offensive techniques, defensive strategies, and security program building. Each session is four hours of focused, practical learning.

4 hours each Hands-on labs Separate ticket required
Defender — build secure systems Breaker — offensive & exploitation Builder — programs & processes
09:00 – 13:00
Morning Sessions
Defender Intermediate
Fabio Cerullo
Fabio Cerullo
Cycubix LTD

Secure Coding for Large Language Model Applications

Deep-dive into the OWASP Top 10 for LLMs with hands-on labs covering Prompt Injection, Sensitive Data Disclosure, Excessive Agency, Improper Output Handling, and RAG Poisoning.

Auditorium 2 4 hours
Defender Beginner
Mike van der Bijl
Mike van der Bijl
DevSecOps Expert

Becoming the Godfather of Threat Modeling

Master the art of anticipating threats before attackers do. Hands-on STRIDE and PASTA exercises, storytelling-based delivery, and practical tools you can apply the moment you leave the room.

Room C 4 hours
Breaker Beginner Free
Björn Kimminich
Björn Kimminich
OWASP Juice Shop

Hands-on Workshop: OWASP Juice Shop for Beginners

Hack the world's most beginner-friendly vulnerable app, then go behind the scenes to see how it's built, tested, and maintained as an open source project. Led by the creator himself.

Room B 4 hours
14:00 – 18:00
Afternoon Sessions
Breaker Beginner
David Sopas
David Sopas
Char49

Hacking BLE 101

From BLE protocol fundamentals to real-world attacks — sniffing, GATT enumeration, replay attacks, MitM, and downgrade exploits. Get hands-on with the tools used by professional IoT security researchers.

Auditorium 2 4 hours
Builder Intermediate
Juliane Reimann
Juliane Reimann & Marisa Fagan
Full Circle Security / OWASP

How to Build a Successful Security Champions Program

Design and launch a Security Champions Program that actually sticks. Covers motivation theory, personality types, gamification, OKRs, and a practical exercise where you build your own program.

Room B 4 hours
Builder Intermediate
Abraham Aranguren
Abraham Aranguren
7ASecurity

Practical Mobile App Attacks By Example

Real-world Android and iOS security flaws from years of pentesting. Vulnerability chains, mobile API attacks, XSS, SQLi, RCE — all with case studies from real engagements. All action, no fluff.

Room C 4 hours

Questions about the trainings?

Each workshop is limited in capacity. Training tickets are separate from the main conference ticket.

Contact the Team