OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.

Global AppSec Tel Aviv logo 

The CFP is now open!

Important dates:

First round of submission closes: February 24th

Accepted talks will be announced by: March 10th

Second round of submission closes: April 10th

Accepted talks will be announced by: April 24th

Conference dates: May 26-28 - training, May 29-30 conference

OWASP's Global AppSec conferences bring together security professionals, engineers, developers and leaders to share and gain knowledge, in order to make the digital world a safer place for everyone. The Global AppSec Tel Aviv conference will take place by the sunny beach of Tel Aviv, and its main theme will be “AppSec: The Community of Innovation”. After all, you are visiting the start-up nation.

We invite you to submit your talk to one of the 6 tracks we have this year:

1. Innovation - new and exciting vectors of AppSec

2. Layer 8 - the humans and culture at AppSec 

3. Risk management - new regulations, more attack surfaces, how to handle them

4. DevOps - IT is now part of R&D, this requires different skill sets for AppSec

5. Builders - show us how to build more secured apps

6. Breakers - show us how not to build more secured apps

Relevant topics (these are just suggestions, feel free to be innovative):

  • Web application security
  • Mobile security
  • Cloud and Serverless security
  • Blockchain for security use
  • Internet of Things
  • Vulnerability analysis
  • Threat modeling
  • Penetration testing
  • Application and solution architecture security
  • Application level attacks
  • Security for DevOps engineers
  • Privacy controls

Review committee:

Chairwoman - Shira Shamban

Team members - TBA

Review policy:

This is a blind submission. We don’t care where you come from, what is your gender or what formal education you have. We care about bringing the most professional, interesting and innovative content to our audience. We will review the submissions and choose the talks according to the information you provide us about the content you intend to deliver.  

Make sure we understand by your submission who is the target audience and what knowledge will they gain by attending your talk. All talks are vendor agnostic, we do not approve of product demos.

We are looking for new talks, not ones you’ve given in previous conferences. Our theme is innovation. If you wish to present a topic you've talked about in the past, please share with us what did you change.

Travel aid:

 We are working to dedicate a travel assistance budget for female speakers (and members of other underrepresented groups) that require it.
Unfortunately, as a community event designated to support the Foundation, we do not have an unlimited budget for all speakers. However if you are unemployed, or if your employer refuses to cover your costs of travel and you require financial assistance, we will try to work with you (upon acceptance) to help cover part of your costs of travel and accommodation so that you do not incur large expenses to come speak at our conference.
This will not affect your acceptance at all. We will not expect you to confirm attendance before we confirm how much assistance we can offer. 


By your submission you agree to the OWASP Speaker Agreement. OWASP values vendor neutrality. You must use the OWASP presentation template and you’re not allowed to place marketing pitches in your slides. All presentation slides will be published on the conference website after the conference. Please make sure that any pictures and other materials in your slides don’t violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.

Global AppSec Tel Aviv logo 

Important Dates:

CfT Closes: Saturday 16th February 2019, end of the day.

Notification to submitters: End of February 2019

Program announced: Mid March 2019


OWASP's Global AppSec conferences bring together security professionals, engineers, developers and leaders to share and gain knowledge, in order to make the digital world a safer place for everyone. The Global AppSec Tel Aviv conference will take place by the sunny beach of Tel Aviv, and its main theme will be “AppSec: The Community of Innovation”. After all, you are visiting the start-up nation. 

As well as the conference, we will be offering 3 days of training 26th - 28th May prior to the main conference days.

Trainers can apply to give 1, 2, or 3 day classes. Trainers are allowed to make multiple applications; one application per class. The training audience will include developers interested in security as well as security professionals.


We are looking for training courses at all levels from someone new to the application security field to advanced topics for experienced professionals. However, all training submissions should have a focus on practical skills which are immediately applicable to an attendees job and have a significant hands-on element with tasks and exercises for attendees to attempt during the training.

As with previous Global AppSec events, we would like to run a number of different training courses of varying lengths over these three days.

Examples of classes include, but are not limited to:

  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Integrating Security into DevOps
  • Vulnerability analysis: code review, pentest, static analysis
  • Threat modelling
  • Mobile security
  • Cloud security
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Operations and software security
  • Other topics but with an emphasis on Application Security:
    •          Business Risks
    •          Outsourcing/Offshoring
    •          Awareness Programs
    •          Project Management
    •          Managing SDLC

Review Committee and Policies

Josh Grossman and Yossi Oren – Committee Chairs

Other committee members TBA

Review Policies

OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds. OWASP actively encourages speakers, trainers, and leaders of all genders, sexual orientations, ages, religions, and ethnicity. Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of a diverse group of invited speakers and trainers.

The programme committee will review your submission based on a descriptive abstract and detailed outline of your class. Including additional classroom materials will be helpful in our evaluation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.

The programme committee will be looking for the following:

  • Aimed at a specific audience - OWASP has a diverse audience that consists of novice to advanced level practitioners. Your content should be developed to clearly connect with a specific audience.
  • Clearly written abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.
  • Detailed Outline - Your detailed outline is your chance to sway our judges. Write this as thoroughly as possible so that the committee understands all you bring to the table.
  • Clearly Applicable - Classes which prioritize content that attendees will be able to immediately implement preferred.
  • Hands-on training - Hands on labs which allow attendees to connect meaningfully with content are preferred.
  • Not a marketing pitch - Submissions which double as marketing talks or including sales pitches within the training will not be successful.
  • Expertise of trainer(s) - The submission should highlight the experience of the trainer(s) in the subject of training and in delivering professional training.

Note: Training which is focussed on a specific, product, technology or service which is not available for free may still be considered if it is widely applicable enough and the attendee is not required to purchase to take part in the training.


The following conditions apply for those that want to provide training at the OWASP Global AppSec Tel Aviv conference. 

Responsibilities of the trainer:

  • Required to submit a Training Instructor Agreement.
  • Should provide class syllabus / training materials.
  • Cover travel and accommodations for the instructor(s)
  • Cover all course materials for students.
  • Can brand training materials to increase their exposure.
  • Should promote training on all available media eg. Twitter, Linkedin

OWASP will provide the venue, marketing, registration logistics and basic wireless internet access. If you need additional technical arrangements, it is important to let us know.

OWASP will reserve up to two training slots at no cost and the trainer may reserve up to one slot at no cost. Please note that for data privacy reasons OWASP cannot provide trainers with contact information of the attendees.


Price per attendee:

  • 1 Day Class 850 USD
  • 2 Day Class 1,650 USD
  • 3-Day Class 2,400 USD

Revenue will be split 60/40 (OWASP/Trainer) for the training class.

OWASP Foundation