OWASP MAScon is here!
For the very first time, the OWASP MAS team is organizing OWASP MAScon, a dedicated event built around the people, research, and practical work that drive mobile app security forward.
OWASP MAS has become a reference point for mobile app security through projects like MASVS, MASWE, and MASTG. Those resources shape how organizations assess mobile security, how testers run engagements, how developers build more securely, and how the industry talks about mobile risk. Now, for the first time, the team behind that work is bringing the community together for a focused conference experience, MAScon.
Even more importantly, MAScon is being held within OWASP Global AppSec EU 2026 in Vienna, Austria, on June 25 to 26, 2026, a flagship event that also celebrates 25 years of OWASP. The main conference page highlights the anniversary, the Vienna venue, and the June 25 to 26 conference dates, with training running June 22 to 24. Tickets are already available through the official event registration page. (Glue Up)
Organized by Carlos Holguera and Sven Schleier, OWASP MAS Leaders, MAScon is designed as a compact, high value program for practitioners who want substance, not fluff. The schedule brings together talks on offensive research, runtime internals, dynamic instrumentation, real world incidents, and the evolving tooling around mobile application testing.
The event opens with an introduction by the OWASP MAS team, with Carlos Holguera and Sven Schleier appearing as the organizers and opening speakers. From there, the program dives straight into technical depth:
-
Carlos Holguera and Stefan Bernhardsgrütter will present Let’s get frooky, Structured Mobile DAST with Frida, a session focused on the practical challenges of mobile penetration testing and how structured, Frida powered instrumentation can help assess hardened applications at runtime.
-
Sergi Alvarez (aka "pancake") will present Unveiling The Internals From Multiplatform Mobile Runtimes, taking attendees into the internals of frameworks such as Flutter, React, and Unity, and showing how low level reverse engineering techniques can recover code and data from release binaries.
-
Jan Seredynski will present Recent Mobile App Security Incidents from Real World Cases, walking through concrete incidents from real mobile applications and extracting practical lessons on what fails in production and which secure practices actually hold up.
-
Ole André Vadla Ravnås will present Meet the New Frida Frontend on the Block, introducing a new Frida frontend for macOS and iOS and exploring a more persistent, interactive, GUI driven workflow for live process analysis.
-
Jeroen Beckers will present Attacking ART, a talk centered on a lesser known technique targeting the Android Runtime through ODEX and VDEX manipulation, especially relevant when dealing with applications protected by strong resiliency controls.
The day concludes with a closing session by the OWASP MAS team, rounding out a memorable first edition.
What makes this launch especially exciting is that MAScon is not just another security event. It is a conference created by a community that has already had a real impact on the mobile ecosystem. The people involved are not just talking about mobile security, they are actively building the standards, methodologies, demos, and tooling that the industry uses.
That is why this first edition matters.
If you care about mobile app security, whether from the perspective of testing, research, engineering, product security, or standards, MAScon is the kind of event you want to watch closely. The first edition sets the tone, and it already looks like a strong one.
You can find more information here: