Name: OWASP Operational Technology (OT) Top10 Vulnerabilities
Start: 2025-12-16T17:30:00Z
End: 2025-12-16T19:00:00Z

Operational Technology (OT) encompasses a wide variety of programmable systems and devices that have direct or indirect interactions with the physical environment. These technologies are integral to numerous sectors such as manufacturing, energy, transportation, medical, and utilities, where they play a crucial role in the operation and management of physical processes. As OT systems become more interconnected and integrated with Information Technology (IT) networks, they face increased vulnerability to large-scale cyber attacks. This integration, while beneficial for operational efficiency and data sharing, exposes OT systems to the same cyber threats that typically target IT environments. The goal of the OWASP OT Top 10 is to raise awareness about the top security risks and vulnerabilities specific to OT environments. By providing actionable recommendations, we aim to improve the security posture of OT systems and protect critical infrastructure from cyber threats. This talk presents the new release of the initial OWASP OT Top 10 to a broader audience to achieve awareness if its existence, alignment with the state-of-the-art and applicability in the OT domain.

**Event Agenda:**

17:15 - Webinar waiting lobby opens
17:30 - Start of Presentation
18:30 – Questions & Answers
19:00 – Estimated Finish

Adrian Winckles

OWASP Cambridge Chapter

OWASP® Foundation 

Technology

Open Source

White Hat Hacking

OWASP

Information Security

Software Security

Ethical Hacking

Penetration Testing

Cybersecurity

Web Application Security

Application Security

**Siegfried Hollerer** 

Siegfried has seven years of experience as a penetration tester, focusing on the analysis of web applications, IT/OT infrastructures, and social engineering attacks. In addition to his practical experience, he has obtained an OSCP certificate. Furthermore, Siegfried has gained experience in incident response. During this time, he also carried out security management consultations, audits and certifications based on the OT security standard IEC 62443 and the IT security standard ISO 27000. Since 2020, he has conducted scientific research into the integrated modelling of IT and OT security requirements in combination with functional safety and quality requirements. This has resulted in several publications, which are accessible via IEEE, ACM, Elsevier and Springer. During his research, he identified the vulnerabilities CVE-2021-47662, CVE-2021-47663, and CVE-2021-47664. In 2023, Siegfried joined the Federal Ministry of the Interior (BMI) in Austria as a security architect and analyst to enforce the “Netz- und Informationssystemsicherheitsgesetz” (NISG), which is the national implementation of the NIS EU directive [cf. Directive (EU) 2016/1148] . He also works as a lecturer at St. Pölten University of Applied Sciences, delivering lectures on web application and infrastructure penetration testing, network traffic analysis and reverse engineering, and supervising bachelor's and master's theses. Siegfried has been OWASP OT Top 10 Project Leader since 2025. 

**Andreas Happe** 

Andreas started out as software developer but got lured into pen-testing by the offer of free coffee. After 10 years of pen-testing, he started a PhD focusing on the use of LLMs for offensive security and started to freelance as pen-tester, app-sec professional, and ISO27001 auditor. During this journey, he collected some certifications (e.g., OSCP, CRTE, CARTP, PNPT, COSP), taught web-security at the University of Applied Sciences in Vienna, and became co-leader of three OWASP projects/chapters, the most recent one being the OWASP OT Top 10. Still loves coffee.

OWASP Cambridge Chapter

OWASP Operational Technology (OT) Top10 Vulnerabilities

OWASP Cambridge Chapter

Details

Members are also interested in