OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.

Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software and network, collaborate, and share the newest innovations in the field. The conference will take place on October 30 - 31, 2023, at the Marriott Marquis Washington DC. The event will also offer hands-on training with vetted and leading trainers from November 1-3, 2023.

Considering the ongoing international emergency regarding the COVID-19 Coronavirus, we are aware that an in-person conference may not be feasible. While we are moving forward with the planning of an in-person conference, there is a possibility we may need to make the conference virtual. We ask that you design content that could be effectively presented in either format. We will provide technical guidelines and assistance to speakers who may not be familiar with delivering virtual content should the decision be made to hold the conference virtually.

The Global AppSec Program Team is formally issuing a call for presentations, opening January 10, 2023, and closing February 13 2023, at 11:59 PDT.

This year’s tracks are based on traditional OWASP tracks, but slightly changed and clarified. Speakers should focus on the following guidelines for each of the tracks below. Sessions will be scheduled for 1 hour, and you can include a 10-minute Q&A session if you choose. 

  • BUILDER  / DEVELOPER - Show us how to build more secure apps, how to securely use technology in our code, and how to secure our systems at scale. 
  • BREAKER / TESTER - Show us how to test apps for security, and how to break secure systems. 
  • DEFENDER / OPS - Show us world-class application operational defense, tools and techniques enabling detection and response to attacks, automating your processes and pipelines, and running your production security program.  
  • MANAGER / CULTURE - Show us how to run your security teams effectively, create an effective security culture, selling security to your executives, or balancing the risk tradeoffs. 

We’ve provided a few suggested topics below, but feel free to innovate!

  • Web application security
  • Mobile, Cloud, and Serverless security
  • Blockchain & Internet of Things for security use
  • Penetration testing & Application-level attacks
  • Threat modeling, Application, and system architecture
  • Security for DevOps engineers
  • Privacy controls
  • Planning and implementing an application security program
  • Creating an AppSec team & culture
  • Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t!

CfP Opens January 10, 2023
CfP Closes February 13, 2023
Notification of submitters Week of March 6, 2023
Program announced the week of Week of March 13, 2023

Keep in mind: the better your description is, the better our review will be.  Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site.

The Program Team will review your submission based on a descriptive abstract of your intended presentation.

Your presentation should:
Be Aimed at a Specific Audience - OWASP has a diverse audience of novice to advanced level practitioners. Your content should be developed to connect with a specific audience clearly.
Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so attendees can clearly understand what you will be discussing and what they will get out of your talk.
Have a Detailed Outline - Your detailed outline is your chance to frame your talk. Write this as thoroughly as possible, so the committee understands what you bring to the table.
Be Applicable - Talks that prioritize content that attendees will be able to implement immediately are preferred.
Not be a Marketing Pitch - Submissions which double as marketing talks or include sales pitches within the training will not be successful or accepted.  All talks must be vendor agnostic, we do not approve of product demos.

Submissions must be provided by the speaker themselves, and not by the marketing department or agency. Show us what you know, and what you're passionate about! 

We prefer new talks with fresh information, not ones that have been repeated many times before. If you wish to present a topic you’ve talked about in the past, please share with us what you have changed. 

Please note that this is a blind submission.  

It does not matter where you come from, what your gender is, or what formal education you have.  We care about bringing our audience the most professional, interesting, and innovative content.  The Review Committee is a diverse group as well. 

We will review the submissions and choose the talks based on content only. Reviewers cannot view your personal details, and will score your submission based on its own quality and relevance. Please ensure you do not include your personal details or identifying information (such as name, company, location, etc) in any of the reviewed fields marked as such. There are specific fields provided that you can share a personal note, and these will be reviewed by the Program Committee before final acceptance. Submissions that violate this rule may be rejected. 

Global AppSec is a community event designated to support the Foundation, and we have a very limited budget.  If personal travel costs would prevent you from participating, we will try to help cover part of your travel and accommodation costs so that you do not incur large expenses to come speak at our conference.

We cannot guarantee any sum at this time, however this should not dissuade you from submitting! We will not expect you to confirm attendance before we confirm how much assistance we can offer. This will NOT affect your acceptance at all and is not visible during the review.

Following acceptance, we’ll provide guidance on presentation templates.  All presentation slides will be published on the conference website after the conference.  OWASP values vendor neutrality.  Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.

Additional Notes: 

  • OWASP is an inclusive organization for practitioners from all cultural, gender, ethnic, educational, ability, religious, and career backgrounds. We actively encourage speakers of all genders, sexual orientations, ages, religions, and ethnicity.
  • Fields denoted by an asterisk are mandatory. Failure to complete your submission can result in your submission being excluded from the review process.
  • Multiple submissions by a speaker will be reviewed.  However, only one talk will be selected.  We’re looking to expand speaking opportunities across our diverse community.
  • Submissions must be provided by the speaker themselves, and not by the marketing department or agency. There is an option to add a 2nd speaker as well. 
  • This is a fully blinded review process, and submissions must be appropriately blinded as well. Personal details will not be shared with reviewers, please do not include them in the other fields in any way. 
  • While we do not offer an honorarium, a free registration is included, and we hope to create an epic speaker experience this year!  
  • All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for any marketing or commercials purposes. All data collected will be deleted once the selection process is complete.

BASC 2023 is happening on April 1st at 5 Wayside Rd, Burlington, MA. For more information on the conference and sponsorship opportunities, please visit our website https://www.basconf.org/.

Please submit your information using this form. The deadline for submissions is February 14th, and we will get back to you no later than March 1st on whether or not your talk has been accepted. 

We are looking for talks 35-40 minutes long plus time for Q&A. Our focus is on application security, and all the work that goes into securing software. Talks on tooling, security champions, bugs, or even secure language features are all welcomed. 

Both new speakers and experienced presenters are welcome to submit. If you're new to application security, you probably have a new perspective and we encourage first time presenters to submit presentations.

Please note all accepted speakers will have to agree to the OWASP speaker agreement, https://owasp.org/www-policy/legal/speaker-agreement, and as a local conference we do not cover transportation or other expenses.

Potential talk topics include the following:

  • Javascript servers, apps, frameworks: Node.js, Angular
  • Supply chain security
  • Measurable security - advanced threat modeling
  • Web API security REST, JSON
  • Web security testing in a DevOps organization
  • Building web app security expertise in engineering teams
  • Vulnerability Management - Process & Tools
  • Developing your own web app security development standard
  • Security test automation with OWASP ZAP and Zest scripting language
  • Authentication & Enterprise Web Applications (incl. Federation, 2 Factor Auth, SSO)Open Source Static Analysis
  • Security Unit testing with Selenium
  • Effective static code analysis tool
OWASP Foundation