OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.


Ends on August 30, 2017
日本語解説はこちら )
As part of our 2017 event schedule, the OWASP Foundation is conducting 3 large training events internationally and has opened a Call For Trainers (CFT) for the event locations.  These training events have the following requirements:
  • Conducted by professional security trainers selected by a CFT review committee
  • Attendance will be free for the trainees.  Attendees will be required to register prior to the event
  • Maximum attendance will be set at 500 attendees
  • Training is a single-day event lasting 6 hours and will be simulcast to other locations in Japan
The OWT Tokyo event will be held on September 30, 2017

Training Content

The goal of the event is to provide an overview of core application security topics to developers and new to security practitioners.  Topics may include but not limited to:

  • General Security Principles as they relate to Application Security

    • Least Privilege

    • Defense in Depth

    • Reducing Attack Surface

    • Failing Securely / Closed

    • Using Secure Defaults

    • Limiting / Containing Potential Harm

  • Application Security specific topics

    • Input Validation and Encoding

    • Parameterized Queries to prevent SQLi

    • Authentication and Authorization

    • Protecting Sensitive Data, TLS and Cryptography

    • Session Management

    • Logging, Audit and Intrusion Detection

    • Error Handling and Exception Management

    • Application Inventory / Knowing what you have

    • Client side javascript misuse, data leakage, HTML5

Consideration should be given to how OWASP projects can assist in the topics covered such as:

  • OWASP Top 10 Proactive Controls

  • OWASP Cheat Sheet Series

  • OWASP ASVS

  • OWASP OpenSAMM

  • OWASP Top 10

  • OWASP ZAP

  • OWASP Dependency Check

  • OWASP AppSensor

  • OWASP ESAPI - input validation and encoding

The CFT review committee will be judging (a) the use of OWASP materials, (b) the impact of the training on attendees (c) and the ability of the submission to attract the target audience in their overall review of submissions.

Terms for Instructors

By agreeing to conduct this training, the instructor agrees to:

  • Use an OWASP branded deck available here.

  • Trainers may not use company themed decks or include a company logo except for on a trainer bio slide.

  • License the deck with an OWASP approved open source license (Creative Commons CC BY-SA 4.0)

  • Have the deck made available on the OWASP website after the training event

  • Sign the OWASP World Training Tour 2017 Japan Training Instructor Agreement if accepted by the review committee

  • Submit a completed Call for Training (CFT) form (Applications can be in either English or Japanese.  Training is generally expected to be provided in Japanese.  Trainers wishing to provide their training in English should indicate so in their application.)

OWASP will provide:

  • the training venue and marketing

  • registration logistics

  • basic wireless Internet access

  • Up to $1,500 will be paid to trainers for one session.  One training session is generally expected to be within 60 minutes and a maximum of 90 minutes in duration.  Trainers are welcome to propose joint sessions featuring multiple trainers.
    Any associated travel/lodging/meal expenses are the responsibility of the trainers themselves.  Trainers reserve the right to decline training fees as a contribution to the OWASP Foundation, local OWASP chapter or OWASP project.

Submission Deadline: August 30, 2017

Note: Due to data privacy reasons, OWASP cannot provide trainers with contact information of the attendees.

As part of our 2017 event schedule, the OWASP Foundation is conducting 3 large training events internationally and has opened a Call For Trainers (CFT) for the event locations.  These training events have the following requirements:
  • Conducted by professional security trainers selected by a CFT review committee
  • Attendance will be free for the trainees.  Attendees will be required to register prior to the event
  • Maximum attendance will be set at 500 attendees
  • Training is a single-day event lasting 6 to 8 hours and will be simulcast to other locations in Japan
The Boston event will be held on October 9, 2017

Training Content

The goal of the event is to provide an overview of core application security topics to developers and new security practitioners.  Topics may include, but not limited to:

  • General Security Principles as they relate to Application Security

    • Least Privilege

    • Defense in Depth

    • Reducing Attack Surface

    • Failing Securely / Closed

    • Using Secure Defaults

    • Limiting / Containing Potential Harm

  • Application Security specific topics

    • Input Validation and Encoding

    • Parameterized Queries to prevent SQLi

    • Authentication and Authorization

    • Protecting Sensitive Data, TLS and Cryptography

    • Session Management

    • Logging, Audit and Intrusion Detection

    • Error Handling and Exception Management

    • Application Inventory / Knowing what you have

    • Client side javascript misuse, data leakage, HTML5

Consideration should be given to how OWASP projects can assist in the topics covered such as:

  • OWASP Top 10 Proactive Controls

  • OWASP Cheat Sheet Series

  • OWASP ASVS

  • OWASP OpenSAMM

  • OWASP Top 10

  • OWASP ZAP

  • OWASP Dependency Check

  • OWASP AppSensor

  • OWASP ESAPI input validation and encoding

The CfT review committee will be judging the use of OWASP materials, the impact of the training on attendees and the ability of the submission to attract the target audience in their overall review of submissions.

Terms for Instructors

By agreeing to conduct this training, the instructor agrees to:

  • Provide the training fee you require.

  • Use an OWASP branded deck available here.

  • Trainers may not use company themed decks or include a company logo except for on a trainer bio slide.

  • License the deck with an OWASP approved open source license (e.g. Creative Commons CC BY-SA 4.0)

  • Have the deck made available on the OWASP website after the training event

  • Sign the OWASP Trainer Agreement if accepted by the review committee

  • Submit a completed Call for Training (CfT) form

OWASP will provide:

  • Training fee (bid must be provided by the trainer)

  • the training venue and marketing

  • registration logistics

  • basic wireless Internet access

  • Up to $1,500 in travel/lodging reimbursement for the trainers

Note: Due to data privacy reasons, OWASP cannot provide trainers with contact information of the attendees.



As part of our 2017 event schedule, the OWASP Foundation is conducting 3 large training events internationally and has opened a Call For Trainers (CfT) for the event locations.  These training events have the following requirements:
  • Conducted by professional security trainers selected by a CfT review committee
  • Attendance will be free for the trainees.  Attendees will be required to register prior to the event
  • Maximum attendance will be set at 500 attendees
  • Training is a single-day event lasting 6 to 8 hours and will be simulcast to other locations in Japan
The Tel Aviv (Rishon) event will be held on  October 17, 2017

Training Content

The goal of the event is to provide an overview of core application security topics to developers and new security practitioners.  Topics may include, but not limited to:

  • General Security Principles as they relate to Application Security

    • Least Privilege

    • Defense in Depth

    • Reducing Attack Surface

    • Failing Securely / Closed

    • Using Secure Defaults

    • Limiting / Containing Potential Harm

  • Application Security specific topics

    • Input Validation and Encoding

    • Parameterized Queries to prevent SQLi

    • Authentication and Authorization

    • Protecting Sensitive Data, TLS and Cryptography

    • Session Management

    • Logging, Audit and Intrusion Detection

    • Error Handling and Exception Management

    • Application Inventory / Knowing what you have

    • Client side javascript misuse, data leakage, HTML5

Consideration should be given to how OWASP projects can assist in the topics covered such as:

  • OWASP Top 10 Proactive Controls

  • OWASP Cheat Sheet Series

  • OWASP ASVS

  • OWASP OpenSAMM

  • OWASP Top 10

  • OWASP ZAP

  • OWASP Dependency Check

  • OWASP AppSensor

  • OWASP ESAPI input validation and encoding

The CFT review committee will be judging the use of OWASP materials, the impact of the training on attendees and the ability of the submission to attract the target audience in their overall review of submissions.

Terms for Instructors

By agreeing to conduct this training, the instructor agrees to:

  • Provide the training fee you require

  • Use an OWASP branded deck available here.

  • Trainers may not use company themed decks or include a company logo except for on a trainer bio slide.

  • License the deck with an OWASP approved open source license (e.g. Creative Commons CC BY-SA 4.0)

  • Have the deck made available on the OWASP website after the training event

  • Sign the OWASP Trainer Agreement if accepted by the review committee

  • Submit a completed Call for Training (CFT) form

OWASP will provide:

  • Training fee (bid must be provided by trainer)

  • the training venue and marketing

  • registration logistics

  • basic wireless Internet access

  • Up to $1,500 in travel/lodging reimbursement for the trainers

Note: Due to data privacy reasons, OWASP cannot provide trainers with contact information of the attendees.