OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.

AppSec California 2019

Call for Presentations

AppSec California is the premier gathering for software security leaders, testers, and researchers. We bring together the application security community to a conference center adjacent to the beach in Santa Monica, California to network and share cutting-edge ideas, solutions, initiatives, and technological advancements.


AppSec California is a true security conference, with the most exceptional talks and presentations all around (web) application security. Non-technical talks (see below) are welcome too. Please refrain from submitting marketing talks or having sales pitches in your talk.

We are interested in all topics related to Security and OWASP, such as the following examples:

  • SDLC
  • Cloud Security
  • Threat modelling
  • Mobile security
  • Cloud security
  • Browser security
  • HTML5 security
  • Internet of Things
  • Crypto currency and payments
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Privacy in web apps, Web services (REST, XML) and data storage
  • Operations and software security
  • DevOps
  • Management topics in Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management, Managing SDLC


At AppSec Cali we value diversity – it is the foundation of why we wanted to start the conference. We wanted a conference where all participants could learn about various aspects of software security. Valuing diversity goes much farther than appreciating the diversity of the technology/security realm. We also value diversity on our planning committee, volunteers, speakers, and attendees. This includes gender, cultural background, and many other facets of humanity’s rich fabric. We feel that learning about a subject from a different angle is very valuable and enriches all of us. We welcome and encourage submissions from women, and minority groups. This also includes speakers of varying exposure and experience. Each year we reserve a set of time slots for speakers that are less well-known. Some years this allows us to uncover an amazing speaker with great ideas and content. At other times, we find someone who needs a bit more practice. Both scenarios are a win for the community and help all of us grow.


  • As a speaker you are entitled to free conference entry and parking, including all sessions, and the Vendor Expo
  • Participants and speakers are all warmly invited to attend the conference reception around the famous Annenberg pool on Tuesday, January 24th.
  • Unfortunately we can’t provide a stipend or cover travel expenses.


We get a LOT of submissions. They are almost all good, but we still have to sift through to find the cream of the crop, the best cuts of bacon, etc. Here are some things that we are looking for. They are numbered in order of importance.

  • Make your title and abstract sizzle. Really sell the talk.
  • Unique and unusual is always good.
  • Session content should fill the entire time-slot assigned, with 5-10 minutes remaining for Q&A.
  • Use present tense in the abstract. Do not use first person (I, our, we).
  • Do not include proprietary or confidential information.
  • Submitter should secure necessary permissions before submitting.
  • Avoid submitting multiple talks.
  • No product/vendor pitches.
  • Use the notes to the content team field to explain any relevant background you have, or any other color commentary about it. Perhaps this session was featured elsewhere? Perhaps the content led to a Nobel prize. Tell us what we should know. This will only be used during selection, and not shared with attendees.
  • Put your best foot forward by submitting an abstract and bio which follows “the three C’s”: it should be complete, cutting-edge and coherent.
  • Avoid overly-broad sessions. “Introduction to Security” or “Security Testing is Great!” might be interesting, but generally speaking they’re way too broad to get much value out of in a 45-minute session. Draw the focus down to some specific items
  • Titles matter. Avoid using generic cool-sounding buzzword titles — they’re often going to lose the selection committees and attendees. Sure, make your title catchy, but make sure it showcases what your session’s about.
  • Explain what attendees will get out of the session. Make it clear what your attendees will learn during your session. “You’ll leave this session with understanding of what software security means in the IoT world, and you will get a handle on how to put together comprehensive security test plans for IoT environments”, is a good example.
  • Give examples of what is discussed. Let attendees know what you’ll be talking about. This helps the selection committee understand if the content fits in, and it helps potential attendees see they should be skipping that other interesting presentations in order to attend yours.
  • Show some prior feedback on the session. Have you given this talk before? If so, try and collect some feedback on the presentation. Links to recorded sessions of this or other talks you’ve given in the past, or notes to the selectors.
  • Write a concise abstract. The one paragraph of your abstract is like the one spoon tasters get at a chili competition. This is hard to do. You need to work really hard on making the one paragraph highly impactful. Fall right back to your elementary school fundamentals: introduction, body, conclusion. Set a hook with a great opening: “Bugs. Crashes. Malfunctions. Complete meltdowns. We run into difficulties in our work each and every day.” Follow that on with the value propositions to attendees and examples of what’s covered. Finish up with a great closer that will make your attendees’ mouths water, figuratively, at least.
  • Write a coherent abstract. We are always amazed at the handful of unreadable, muddled, flat out awful submissions we get. Spend time to make sure your submission is clear. Don’t bother submitting if you won’t take this step. Tough love, but it’s true: incoherent submissions are nearly always immediately dropped from consideration.
  • Edit, re-edit, then get it reviewed. Write the draft, step away from it, come back and edit it later. Several times. Get the abstract out to your colleagues and friends for their feedback. Iterate through this several times.
  • Your speaker bio is every bit as important as your abstract, particularly if you’re not well-known by the content selection committee. While not required by the system, adding your twitter handle, blog link and other social media links is always helpful.


By your submission you agree to the OWASP Speaker Agreement. You may choose to use an OWASP presentation template; however, this is not a requirement. If you choose to not use the standard OWASP presentations template, we require that you include a small OWASP logo on all slides. All presentation slides will be published on the conference website. Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC licence for your slides, including CC0. OWASP does suggest open licenses

By your submission and agreeing to speak, you agree to allow OWASP to take photos and videos for our use.


  • Submission for Proposal closes: October 15th, 2018
  • Notification of acceptance: November 1st, 2018
  • Conference Dates: January 24-25, 2019


By presenting at AppSec California, you consent to photography, audio recording, video recording and their release to be used for promotional purposes, inclusion on websites and social media, or any other purpose OWASP deems necessary.


AppSec California is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, religion, or political affiliation.  We have a zero tolerance policy for harassment in any form.  Violations by any registered attendee or participant at AppSec California may result in expulsion and possible ban from future OWASP events.

 Important Dates:

CFT Closes: October 15th, 2018

Notification of Acceptance: November 1st, 2018

Training Dates: January 22-23, 2019

Call for Trainers

AppSec California is the premier gathering for software security leaders, testers, and researchers. We bring together the application security community to a conference center adjacent to the beach in Santa Monica, California to network and share cutting-edge ideas, solutions, initiatives, and technological advancements.

This year we will offer 2 days of training prior to our 2 days of conference activities. This year AppSec California will be allowing Trainers to apply to give 1 or 2 day classes. Trainers are allowed to make multiple applications; one application per class. 

We are also expanding our training audience and will be reaching out to developers interested in security as well as security professionals.


While the title of the conference is AppSec California, the modern application depends on much more than traditional application security topics. Topics related to Cloud Infrastructure, Mobile AppSec, Product Security, as well as classic AppSec topics are all welcome. Training at AppSec California is intended to enable participants to immediately improve security at their organizations. Training should be of a practical nature and hands on training is preferred.

Examples of classes include, but are not limited to:

  • Secure development: frameworks, best practices, secure coding, SDLC
  • Code Review
  • Threat modelling
  • Attacking/Defending Mobile Apps
  • Securing Cloud Infrastructure
  • Browser security
  • Pentesting/Bug Bounties/Red teaming
  • Intro to Application Security 
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Operations and software security
  • Product Security
  • Building a Security Program

Review Policies

The crux of security is the ability to think flexibly and creatively about multi-stakeholder problems. It is the goal of OWASP to accelerate the speed of change and enable serendipity by connecting the community. In our view, security can only be enhanced when practitioners approach problems with diverse critical thinking theories and practices.

To this end OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds. OWASP actively encourages speakers, trainers, and leaders of all sexual orientations, ages, and ethnicity. Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of diverse invited speakers and trainers.

The program committee will review your submission based on a descriptive abstract and detailed outline of your class. Including additional classroom materials will be helpful in our evaluation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.

Successful applications will:

  • Be developed to clearly connect with a specific audience. 
  • Be well written. Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk. Your detailed outline is your chance to sway our judges. Write this as thoroughly as possible so that the committee understands all you bring to the table.
  • Be Applicable. Classes which prioritize content that attendees will be able to immediately implement preferred.
  • Contain hands on labs which allow attendees to connect meaningfully with content are preferred.
  • Submissions which double as marketing talks or including sales pitches within the training will not be successful.


All trainers will be required to submit a Training Instructor Agreement.

The following conditions apply for those that want to provide training at the OWASP AppSec California conference. The trainer provides:

  • Should provide class syllabus / training materials.
  • Will cover travel and accommodations for the instructor(s) and all course materials for students.
  • Can brand training materials to increase their exposure.
  • Should promote training on all available media eg. Twitter, Linkedin

OWASP will provide the venue, marketing, registration logistics and basic wireless internet access. If you need additional technical arrangements, it is important to let us know.

Please note that for data privacy reasons OWASP can’t provide trainers with contact information of the attendees.


Earnings will be split 50/50 (OWASP/Trainer) for the training class.

OWASP Foundation