OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.
OWASP AppSec conferences are true security conferences, with expected talks and presentations all around (web) application security. Non-technical talks (see below) are welcome too. Please refrain from submitting marketing talks or having sales pitches in your talk.
We are interested in all topics related to Web Application Security and OWASP, such as the following examples:
• Cloud Security
• Threat modelling
• Mobile security
• Cloud security
• Browser security
• HTML5 security
• Internet of Things
• Crypto currency and payments
• OWASP tools or projects in practice
• New technologies, paradigms, tools
• Privacy in web apps, Web services (REST, XML) and data storage
• Operations and software security
• Management topics in Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management, Managing SDLC
Guidelines in order of importance:
• Make your title and abstract sizzle. Really sell the talk.
• Unique and unusual is always good.
• Session content should fill the entire time-slot assigned, with 5-10 minutes remaining for Q&A.
• Use present tense in the abstract. Do not use first person (I, our, we).
• Do not include proprietary or confidential information.
• Submitter should secure necessary permissions before submitting.
• Avoid submitting multiple talks. • No product/vendor pitches.
• Use the notes to the content team field to explain any relevant background you have, or any other color commentary about it. Perhaps this session was featured elsewhere? Perhaps the content led to a Nobel prize. Tell us what we should know. This will only be used during selection, and not shared with attendees.
• Put your best foot forward by submitting an abstract and bio which follows “the three C’s”: it should be complete, cutting-edge and coherent.
• Avoid overly-broad sessions. “Introduction to Security” or “Security Testing is Great!” might be interesting, but generally speaking they’re way too broad to get much value out of in a 45-minute session. Draw the focus down to some specific items
• Titles matter. Avoid using generic cool-sounding buzzword titles — they’re often going to lose the selection committees and attendees. Sure, make your title catchy, but make sure it showcases what your session’s about.
• Explain what attendees will get out of the session. Make it clear what your attendees will learn during your session. “You’ll leave this session with understanding of what software security means in the IoT world, and you will get a handle on how to put together comprehensive security test plans for IoT environments”, is a good example.
• Give examples of what is discussed. Let attendees know what you’ll be talking about. This helps the selection committee understand if the content fits in, and it helps potential attendees see they should be skipping that other interesting presentations in order to attend yours.
• Show some prior feedback on the session. Have you given this talk before? If so, try and collect some feedback on the presentation. Links to recorded sessions of this or other talks you’ve given in the past, or notes to the selectors.
• Write a concise abstract. The one paragraph of your abstract is like the one spoon tasters get at a chili competition. This is hard to do. You need to work really hard on making the one paragraph highly impactful. Fall right back to your elementary school fundamentals: introduction, body, conclusion. Set a hook with a great opening: “Bugs. Crashes. Malfunctions. Complete meltdowns. We run into difficulties in our work each and every day.” Follow that on with the value propositions to attendees and examples of what’s covered. Finish up with a great closer that will make your attendees’ mouths water, figuratively, at least.
• Write a coherent abstract. We are always amazed at the handful of unreadable, muddled, flat out awful submissions we get. Spend time to make sure your submission is clear. Don’t bother submitting if you won’t take this step. Tough love, but it’s true: incoherent submissions are nearly always immediately dropped from consideration.
• Edit, re-edit, then get it reviewed. Write the draft, step away from it, come back and edit it later. Several times. Get the abstract out to your colleagues and friends for their feedback. Iterate through this several times.
• Your speaker bio is every bit as important as your abstract, particularly if you’re not well-known by the content selection committee. While not required by the system, adding your twitter handle, blog link and other social media links is always helpful.
By your submission you agree to the OWASP Speaker Agreement. You may choose to use an OWASP presentation template; however, this is not a requirement. If you choose to not use the standard OWASP presentations template, we require that you include a small OWASP logo on all slides. All presentation slides will be published on the conference website. Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC licence for your slides, including CC0. OWASP does suggest open licenses. By your submission and agreeing to speak, you agree to allow OWASP to take photos and videos for our use.