OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.


INTRODUCTION

Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field.

The conference will take place November 11-12, 2021, via a Virtual format. The conference will also offer virtual hands-on training with vetted and leading trainers in early November surrounding the virtual conference with final dates to be determined. 


CALL FOR PRESENTATIONS (CFP) & SUBMISSION

The OWASP Foundation is formally issuing a call for presentations, opening July 1, 2021, and closing July 31, 11:59 PDT.

This year’s tracks follow the traditional OWASP Builder & Developer, Breaker, and Defender principles - with an additional track in  DevSecOps.

Speakers should focus on the following guidelines for each of the tracks:


BUILDER & DEVELOPER - Show us how to build more secure apps and use those apps in our systems.
BREAKER - Show us how to break secure apps
DEFENDER - Show us world-class application defense, including the tools and techniques enabling detection and response to attacks
DevSecOps - Show us how you automate security in your CI/CD pipeline


We’ve provided a few suggested topics below, but feel free to innovate!

  • Web application security
  • Mobile, Cloud and Serverless security
  • Blockchain & Internet of Things for security use
  • Penetration testing & Application-level attacks
  • Threat modeling, Application and solution architecture
  • Security for DevOps engineers
  • Privacy controls
  • Planning and implementing an application security program
  • Creating an AppSec team & culture
  • Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t! 


REVIEW PROCESS

CfP IMPORTANT DATES:

CfP Opens July 1, 2021
CfP Closes July 31, 2021
Notification to submitters August 12, 2021
Speaker Acceptance due August 16, 2021

Program announced the week of August 16, 2021

Keep in mind: the better your description is, the better our review will be.  Please review your proposal thoroughly, as your accepted abstract and bio will be published as submitted on our site.


REVIEW CONSIDERATIONS

The Program Team will review your submission based on a descriptive abstract of your intended presentation.

Your presentation should:

Be Aimed at a Specific Audience - OWASP has a diverse audience that consists of novice to advanced level practitioners. Your content should be developed to clearly connect with a specific audience.

Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.

Have a Detailed Outline - Your detailed outline is your chance to frame your talk. Write this as thoroughly as possible so that the committee understands what you bring to the table.

Be Applicable - Talks that prioritize content that attendees will be able to immediately implement are preferred.

Not be a Marketing Pitch - Submissions which double as marketing talks or including sales pitches within the training will not be successful or accepted.  All talks are vendor agnostic, we do not approve of product demos.

This is a blind submission.  It does not matter where you come from, what your gender is, or what formal education you have.  We care about bringing the most professional, interesting, and innovative content to our audience.  The Review Committee is a diverse group.  We will review the submissions and choose the talks based on their content only.

We are looking for new talks, not ones you’ve given in previous conferences.  If you wish to present a topic you’ve talked about in the past, please share with us what you have changed.

TRAVEL ASSISTANCE

As this event is a virtual format, there is no travel assistance provided nor should be a concern with event-related expenses for submitters. 


SESSION PRESENTATION (LIVE STREAM)

As this event is a virtual format, if accepted to the program you understand that timelines outlined for speakers related to submitting session materials and live stream session scheduling of your talk are required to be met and not flexible. 

Due to the advanced scheduling and live production for this event, speakers understand time zones will be US-based and most likely in Pacific Time during program days.

By submitting your talk, you acknowledge and commit to timely attendance to your scheduled session for the live event and completing the session for its' scheduled duration.

 
TERMS

Following acceptance, we’ll provide guidance on presentation templates.  To retain paid attendance value, presentation slides may be published on the conference website after a significant time period post-conference as determined by OWASP.

OWASP values vendor neutrality.  Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.

Additional  Notes:

  • OWASP is an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds. We actively encourage speakers of all genders, sexual orientations, ages, religions, and ethnicity.
  • Fields denoted by an asterisk are mandatory. Failure to fully complete your submission can result in your submission being excluded from the review process.
  • Multiple submissions will be reviewed.  However, one talk will be selected.  We’re looking to expand a speaking opportunity across our diverse community.
  • While we do not offer an honorarium, a free registration is included and we hope to create an epic speaker experience this year!


All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for any marketing or commercials purposes. All data collected will be deleted once the selection process is complete.

INTRODUCTION

Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field.

CALL FOR TRAINERS (CfT) & SUBMISSION  

The Program Team is formally issuing a call for Trainers, opening July 1,  2021.

As with previous Global AppSec events, we would like to run a number of different training courses of varying lengths over several days surrounding the conference. Due to the ongoing recovery from COVID19, we are exploring the possibility of offering hybrid (in-person and virtual) training courses. More information is referenced below and in the submission process for this CfT.

Trainers can apply to give 1, 2, or 3-day classes. Trainers are allowed to make multiple applications; one application per class. The training audience will include developers interested in security as well as security professionals. Should the event be offered with a hybrid option, 3-day courses would only be offered in person.

We are looking for training courses at all levels from someone new to the application security field to advanced topics for experienced professionals. However, all training submissions should have a focus on practical skills which are immediately applicable to an attendee’s job and have a significant hands-on element with tasks and exercises for attendees to attempt during the training. Our main priority for selecting trainings for this event is new content that has not been offered before at an OWASP training event.


REVIEW PROCESS

IMPORTANT DATES:

CfT Opens July 1, 2021

CfT Closes July 31, 2021

Notification of submitters August 12, 2021

Program announced the week of August 16, 2021

REVIEW CONSIDERATIONS

The Program Team will review your submission based on a descriptive abstract and detailed outline of your class.  Including additional classroom materials will be helpful in our evaluation.

Please review your proposal thoroughly as all accepted abstracts and bios will be published on our site as submitted.

Examples of topics include, but are not limited to the following.  We encourage innovation!

  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Integrating Security into DevOps or SRE
  • Vulnerability analysis: code review, pentest, static analysis
  • Threat modeling
  • Mobile security
  • Cloud and serverless security
  • Kubernetes and Container security
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Operations and software security
  • Other topics but with an emphasis on Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management


Training should :

Be Aimed at a Specific Audience - OWASP has a diverse audience that consists of novice to advanced level practitioners in different fields. Your content should be developed to clearly connect with a specific audience.

Not be a Marketing Pitch - Submissions that double as marketing or including sales pitches within the training will not be accepted.

Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your class.

Have a Detailed Outline - Detailed description of how you are structuring the course. Walk the reviewer through the training.

Be Clearly Applicable - Classes that prioritize content that attendees will be able to immediately implement preferred.

Include Hands-on training - Hands-on labs which allow attendees to connect meaningfully with content are preferred.

Demonstrate the Expertise of Trainer(s) - The submission should highlight the experience of the trainer(s) in the subject of training and in delivering professional training.

Terms

All trainers will be required to submit a trainer agreement.

The following conditions apply for those that want to provide training at the conference.

Trainer provides:

  • Class syllabus/training materials.
  • Covers travel for the instructor(s) and all course materials for students.
  • Promotion of training on all available media eg. Twitter, Linkedin
  • The trainer may brand training materials to increase their exposure.


OWASP provides:

  •  Venue
  • Catering (with limitations based on COVID19 and reasonable alternative options for attendees)
  • Registration Logistics 
  • Basic wireless internet access (if you need additional technical arrangements, it is important to let us know)
  • One night hotel per day of training

Trainer profit-share:

  1. Virtual Trainers are eligible for 50% of the session’s revenue up to a $2,500 remuneration, and then 20% of any additional session revenue. 
  2. In-person Trainers are eligible for a profit share or flat fee payment structure to yet be determined. This detail will be adjusted from previous OWASP in-person training agreements due to recovery efforts from COVID19 and program changes (ie. space limitations, hybrid format, adjusted costs, etc). 
  3. Should in-person or hybrid trainings take place, OWASP will revise training agreements for selected trainers and address compensation based on the needs of the program.

    All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for marketing or commercials purposes. All data collected will be deleted once the selection process is complete.


LASCON 2021 Return 


About

The Lonestar Application Security Conference (LASCON) is an OWASP regional event held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.

The pre-conference training will take place October 26 - 27, 2021 at the Norris Conference Center in Austin, Texas, with the conference immediately following on October 28-29.

IMPORTANT!  We are very much aware of the current concerns with COVID-19 and that an in-person pre-conference training may not be possible. At this point in time we are continuing to plan for an in-person training, being optimistic that by October the situation will improve. However, we want to ensure we have alternative plans, such as making the training virtual. With that in mind, we request that training be designed for conducting either in-person or virtual. If virtual, we will provide the necessary technical guidelines and assistance to trainers.

CFT Submission

Use this form to submit your proposed training for LASCON. The CFT will close on July 30, 2021. Submissions will be reviewed and you will be contacted via the email address you provide on the form. We will announce all training selections by August 15, 2021, and ask that trainer reply by August 22nd.  Please know that due to space considerations we can only select a limited number of training workshops.

Selected trainers will …



LASCON 2021 Return 


About

The Lonestar Application Security Conference (LASCON) is an OWASP regional event held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.

The conference will take place October 28 - 29, 2021 at the Norris Conference Center in Austin, Texas. The conference will also offer pre-conference training on October 26-27.

IMPORTANT!  We are very much aware of the current concerns with COVID-19 and that an in-person conference may not be possible. At this point in time we are continuing to plan for an in-person conference, being optimistic that by October the situation will improve. However, we want to ensure we have alternative plans, such as making the conference virtual. With that in mind, we request that talks be designed for presenting either in-person or virtual. If virtual, we will provide the necessary technical guidelines and assistance to speakers.

CFP Submission

Use this form to submit your proposed talk for LASCON.  The CFP will close on July 30, 2021. Submissions will be reviewed, using blind submission selection, and you will be contacted via the email address you provide on the form. We will announce all presentation selections by August 15, 2021, and ask that speakers reply by August 22nd.  

The LASCON conferences are true security conferences with all talks and presentations focusing on various areas of information security. Topics should focus on the technical and social aspects of security, and should not contain marketing or sales pitches.

You can review the past LASCON talks. to get an idea of types of talks we are seeking.

Speaker Information

Selected speakers will …

We know speakers are key to the success of a conference and hope you will submit a talk. In appreciation of your efforts, we include the following:

  • All speakers receive full, free admission to the entire two-day conference.
  • Speakers are given speaker badges and speaker SWAG.
  • Speakers are invited to a Speakers Dinner (a casual event, held the evening before the conference).
  • For international speakers, if accepted, we can provide a letter of confirmation for your visa submission.
  • Your abstract and recording will be archived on LASCON sites. (See previous LASCON talks.)
OWASP Foundation