I attended Troy Hunt's pre conference workshop entitled "Hack Yourself First". If you haven't heard of Troy go and look at his blog.
As a regular attendee of DevWeek I was interested to know how NDC would compare and I was pleasantly surprised. I was beginning to find that DevWeek was suffering from the recycling courses from the previous year, so I was hoping NDC would bring something new. Looking at the speakers NDC appeared to have the high caliber and judging from the pre-conference I will be going back next year.
Troy's course covered the main attacking methods that exist against websites, including SQL injection (the number one risk according to OWASP), cross site scripting and others. I knew these risks existed but it was interesting to see how quickly and easy it is for these to be exploited and mostly the attacks are from bored children.