DEV Community

Chris Ayers
Chris Ayers

Posted on • Originally published at chris-ayers.com on

NDC Security 2026

#cybersecurity #infosec #news #security

NDC Security 2026 - MITRE ATT&CK for Developers

I’m excited to be speaking at NDC Security 2026 in Oslo, March 2-5! I’ll be presenting MITRE ATT&CK for Developers — showing how developers can go beyond the OWASP Top 10 and use the ATT&CK framework to think like attackers and build stronger defenses.

About NDC Security

NDC Security is a dedicated security conference for software developers, held at the Radisson Blu Scandinavia Hotel in Oslo. With 66 sessions and over 60 speakers, it bridges the gap between development and security — designed for developers who want to build secure software and security professionals who want to understand modern development practices.

This year features an all-new OWASP x NDC Security track, bringing OWASP content directly into the conference lineup.

My Talk: MITRE ATT&CK for Developers

Wednesday, March 4 at 10:20 — Room 3

Most developers know the OWASP Top 10, but fewer know the MITRE ATT&CK framework. In this talk, I’ll cover how ATT&CK complements OWASP, walk through real attack chains with code examples in Python, C#, and JavaScript, and show practical detection patterns you can implement in your applications. The goal: think like an attacker, build like a defender.

For a preview, check out my blog post on MITRE ATT&CK for Developers: Beyond OWASP.

Conference Highlights

Keynote

Michael Howard opens the conference with 25 Years of the Microsoft SDL — a look back at how the Security Development Lifecycle has shaped how we build secure software.

Workshops (March 2-3)

The conference kicks off with two days of hands-on workshops:

  • Bulletproof APIs: Hands-On API Security — Philippe De Ryck
  • Hack Yourself First: How to Go on the Cyber-Offence — Scott Helme
  • Identity and Access Control for Modern Applications using ASP.NET 10 — Anders Abel
  • Building and Deploying Secure AI: Practical Strategies for Developers — Jim Manico
  • Attack and Secure AI Apps - Wargame Edition — Davide Cioccia
  • Full-Stack Pentesting Laboratory — Dawid Czagan

Notable Sessions

A few talks I’m looking forward to:

  • Prompt Injection Attacks in LLM-Powered Applications — Magno Logan
  • ASP.NET Core Meets OWASP Top 10 2025 — Anders Abel
  • Securing Model Context Protocol (MCP) — Jim Manico
  • Getting Authorization Right in .NET — Michele Leroux Bustamante
  • Beyond the Commit: Weaponizing and Hardening GitHub Actions — Niek Palm
  • Your Website Is Running Code You’ve Never Seen — Scott Helme

See You There

If you’re attending NDC Security, come say hello! You can check out the full agenda and grab tickets at ndcsecurity.com.

Top comments (0)