What Happened at OWASP MAScon Vienna?
The inaugural OWASP MAScon in Vienna, Austria, demonstrated what many in the mobile application security community already suspected: demand for a dedicated, deeply technical mobile AppSec conference is strong.
Held as part of OWASP Global AppSec EU 2026 at the Austria Center Vienna, MAScon brought together mobile security researchers, developers, testers, AppSec leaders and standards contributors for a focused conference dedicated to the future of mobile application security. OWASP Global AppSec EU ran June 22–26, with the main conference on June 25–26, and this year also marked OWASP’s 25th anniversary.

For NowSecure, MAScon marked an important moment for both the OWASP Mobile Application Security (MAS) project and the continued evolution of mobile AppSec.
MAScon Vienna showed exactly why the OWASP MAS community matters. The room was full of practitioners who wanted deep technical content, practical guidance, and open discussion about where mobile application security is headed.
Full Room and Deep Technical Focus
The MAScon room stayed full throughout the event, with strong engagement across sessions, Q&A and hallway discussions that continued beyond the scheduled talks.
The program was designed for practitioners who wanted substance: mobile runtime internals, dynamic instrumentation, offensive research, real-world incidents and practical mobile application security testing techniques. OWASP MAS described the event as a high-value program for practitioners seeking “substance, not fluff,” with sessions spanning Frida-powered DAST, multiplatform runtime internals with radare2, real-world mobile incidents, the new Frida frontend and Android Runtime attacks.
For a first edition, MAScon successfully created the kind of technical forum the mobile AppSec community has long been missing.
MAScon was more than a place to talk about mobile security. It brought together the people building the standards, methodologies, and tools used across the industry to move the field forward.

How Did NowSecure Participate in MAScon?
NowSecure was proud to sponsor MAScon and maintain a strong presence throughout the event.
Three NowSecure team members presented:
- Carlos Holguera, OWASP MAS Global Lead, presented “Let’s get frooky: Structured Mobile DAST with Frida”
- Sergi Alvarez, creator of radare2, presented “Unveiling the Internals of Multiplatform Mobile Runtimes”
- Ole André Vadla Ravnås, creator of Frida, presented “Meet the New Frida Frontend on the Block”
Carlos Holguera also organized MAScon alongside Sven Schleier as OWASP MAS Global Leaders, reinforcing NowSecure’s role in shaping mobile security standards and community direction.



What Does Four Years as an OWASP MAS Advocate Mean?
MAScon also marked four years of NowSecure as an OWASP MAS Advocate.
OWASP MAS recognizes NowSecure for sustained contributions across the Mobile Application Security Verification Standard (MASVS), Mobile Application Security Testing Guide (MASTG), Mobile Application Security Weakness Enumeration (MASWE), the MAS Task Force, and support for MAS test apps for Android and iOS.
Those contributions reflect a long-term commitment to open, measurable mobile security standards. NowSecure has helped move OWASP MAS from guidance into operational reality: standards that developers can build against, testers can verify, security leaders can measure and organizations can map to risk and compliance needs.
In April last year, OWASP celebrated NowSecure’s three-year MAS Advocate milestone, including:
- 320+ pull requests
- 230+ reviews
- 42,000+ additions
- 29,500+ deletions
That partnership continues to accelerate.
What Is MASTG v2 and Why Does It Matter?
The timing of MAScon was significant. During the event week, the community highlighted the pending release of OWASP MASTG v2.0, a major milestone for mobile application security testing.
MASTG v2.0 transforms the guide from a narrative reference into a structured, machine-readable knowledge graph of 860+ components, including atomic tests, demos, techniques and remediation guidance. Read more about NowSecure’s contribution to MASTG v2.0.

Together, MASVS, MASTG and MASWE now provide a more precise way to define, test, automate and demonstrate mobile app security. The framework gives CISOs, auditors and regulators a clearer answer to a critical question: “How do you know your mobile apps are secure?”
For enterprise security teams, this shift improves how organizations validate mobile risk at scale through continuous testing, CI/CD integration, MASVS-aligned assessments and audit-ready reporting.
Why Does MAScon Matter for Mobile Application Security?
Mobile apps now underpin financial services, healthcare, retail, government and nearly every digital business. They handle authentication, transactions and sensitive data, making mobile application security too important to remain a niche discipline.
MAScon showcased how the OWASP MAS community is advancing that mission by turning research, standards and tools into practical security guidance. As a sponsor, speaker contributor and long-standing MAS Advocate, NowSecure proudly supports the community’s work to make mobile AppSec more measurable, scalable and effective.
What’s Next for MAScon?
MAScon returns October 7–9, 2026, in Berlin as part of next.app devcon.
The Call for Speakers is open and includes keynotes, workshops, panels and unconference formats. Submissions are welcome from practitioners with real-world mobile security research, testing experience or standards implementation work.
If you’re attending, we’d love to connect. NowSecure will be on site discussing how organizations operationalize OWASP MASVS, MASTG and MASWE through continuous mobile app security testing, automation and risk-based remediation.
Why Is the OWASP MAS Community Important?
Congratulations to the OWASP MAS team, organizers, speakers and volunteers who made MAScon Vienna a success.
The first MAScon showed what happens when a community that has shaped the industry through MASVS, MASTG and MASWE comes together in person.
NowSecure is proud to continue helping organizations turn OWASP MAS standards into measurable mobile AppSec programs.
See you in Berlin.