OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.


Important Dates:

CfP Opens Friday  February 9th

Review committee Announced TBA

CfP Closes Friday April 13

Notification of submitters April 27th

Program announced  May 11th

Introduction

Web applications leaders, software engineers, and researchers from all over the world gather at AppSec USA to drive visibility and evolution in the safety and security of the world’s software. This year we will offer 3 recorded tracks and one “HushTrack” October 11&12 in San Jose, the heart of Silicon Valley.  Hands on training will be offered October 8, 9, and 10.  If you are interested in giving a training, the Call for Training is open February 23rd through April 13th.

Theme:  Security Through Enablement

Too often security conferences get caught up in looking for the newest vulnerability or hottest hack.  This mindset means that as security professionals we have barely moved the needle when it comes to securing the world’s software. Rather than focus on the newest [insert type of vulnerability] in [niche type of software] we want to know what you did to make a developer’s normal experience secure. Tell us the security building blocks that moved your team from the blocking security team to the integrated security team.


Examples of talks include:

  • Our Journey for Rolling out MFA

  • Building a TLS Service

  • Auth Plugins

  • Open Source Security Building Blocks

  • Scaling Security /Incident Response: Account Takeover

  • Scaling Security /Incident Response:Fraud

  • Data Driven Security

  • Enabling the User to be Secure by Default

  • Enabling Developers to remain Secure Throughout the SDLC

  • Bringing Teams up to Speed in DevSecOPs Environments

  • How Does Your Org Enable the Next Generation of Security Research

Of course we love surprises so if your talk falls outside of the examples given, feel free to submit!

Additionally, this year we will be running a one day HushTrack.  The HushTrack is not filmed and follows the Chatham House Rule.  When applying for the HushTrack, consider thinking out of the box by proposing a panel, round tables, or other activity in addition to a normally formatted talk.

Review Committee and Policies

William Bengtson-- Committee Chair

Other committee members TBA

Review Policies

The crux of security is the ability to think flexibly and creatively about multi-stakeholder problems. It is the goal of OWASP to accelerate the speed of change and enable serendipity by connecting the community.  In our view, security can only be enhanced when practitioners approach problems with diverse critical thinking theories and practices.

To this end OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds.  OWASP actively encourages speakers, trainers, and leaders of all sexual orientations, ages, and ethnicity.  Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of diverse invited speakers and trainers.

The program committee will review your submission based on a descriptive abstract and detailed outline of your presentation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.

Successful applications will:

  • Take audience into account, OWASP has a diverse audience with more than half of the audience consisting of mid career security professionals and the remainder consisting of developers and entry level or advanced security professionals. While our Audience does cover Builders, Breakers, and Defenders, AppSec USA tends towards defenders.

  • Remember that well-trod concepts should advance the topic, address the content from a new angle, or introduce new applications for the content. We are not adverse to accepting talks that have been presented elsewhere first, but we do ask that you share if your talk has been previously presented.

  • Be well written.  Your Abstract is the only long-form marketing for your specific talk to our audience.  It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.  Your detailed outline is your chance to sway our judges.  Write this as thoroughly as possible so that the committee understands all you bring to the table.

  • Be applicable. While there is a place for talks about the distant future, talks which will allow the audience to immediately implement or share concepts, changes, or processes with colleagues are more interesting to our judges and audience and will comprise the majority of accepted presentations.

  • Conform to the blind protocol.  Submissions that identify the author will automatically be disqualified. Please leave your name out of any materials or fields not directly requesting this information.

Terms

By your submission you agree to the OWASP Speaker Agreement.  OWASP values vendor neutrality. You must use the OWASP presentation template and you’re not allowed to place marketing pitches in your slides. All presentation slides will be published on the conference website after the conference. Please make sure that any pictures and other materials in your slides don’t violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.
Ends on April 13, 2018

Important Dates:

CfT Opens Friday:  February 9th

Review committee Announced: TBA

CfT Closes: Friday April 13

Notification of submitters: April 27th, 2018

Program announced:  May 11th, 2018

Introduction

Web applications leaders, software engineers, and researchers from all over the world gather at AppSec USA to drive visibility and evolution in the safety and security of the world’s software. This year we will offer 3 days of training Oct 8-10 prior to our 2 days of conference activities October 11&12 in San Jose, the heart of Silicon Valley.  

This year AppSec USA will be allowing Trainers to apply to give half day trainings as well as 1, 2, or 3 day classes.  Trainers are allowed to make multiple applications; one application per class.

We are also expanding our training audience and will be reaching out to developers interested in security as well as security professionals.

Theme:  Security Through Enablement

Too often security conferences get caught up in looking for the newest vulnerability or hottest hack.  This mindset means that as security professionals we have barely moved the needle when it comes to securing the world’s software.  Training at AppSec USA is intended to enable participants to immediately improve security at their organizations.  Training should be of a practical nature and hands on training is preferred.

Examples of classes include, but are not limited to:

  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC

  • Vulnerability analysis: code review, pentest, static analysis

  • Threat modelling

  • Mobile security

  • Cloud security

  • Browser security

  • Web Security

  • Intro to Application Security

  • OWASP tools or projects in practice

  • New technologies, paradigms, tools

  • Operations and software security

  • Management topics in Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management, Managing SDLC

Review Committee and Policies

Wendy Zenone-- Committee Chair

Other committee members TBA

Review Policies

The crux of security is the ability to think flexibly and creatively about multi-stakeholder problems. It is the goal of OWASP to accelerate the speed of change and enable serendipity by connecting the community.  In our view, security can only be enhanced when practitioners approach problems with diverse critical thinking theories and practices.

To this end OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds.  OWASP actively encourages speakers, trainers, and leaders of all sexual orientations, ages, and ethnicity.  Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of diverse invited speakers and trainers.

The program committee will review your submission based on a descriptive abstract and detailed outline of your class.  Including additional classroom materials will be helpful in our evaluation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.

Successful applications will:

  • OWASP has a diverse audience that consists of novice to advanced level practitioners. Your content should be developed to clearly connect with a specific audience.

  • Be well written.  Your Abstract is the only long-form marketing for your specific talk to our audience.  It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.  Your detailed outline is your chance to sway our judges.  Write this as thoroughly as possible so that the committee understands all you bring to the table.

  • Be Applicable. Classes which prioritize content that attendees will be able to immediately implement preferred.

  • Hands on labs which allow attendees to connect meaningfully with content are preferred.

  • Submissions which double as marketing talks or including sales pitches within the training will not be successful.

Terms

All trainers will be required to submit a Training Instructor Agreement.

The following conditions apply for those that want to provide training at the OWASP AppSec USA conference. The trainer provides:

  • Should provide class syllabus / training materials.

  • Will cover travel and accommodations for the instructor(s) and all course materials for students.

  • Can brand training materials to increase their exposure.

  • Should promote training on all available media eg. Twitter, Linkedin

OWASP will provide the venue, marketing, registration logistics and basic wireless internet access. If you need additional technical arrangements, it is important to let us know.

OWASP will reserve up to two training slots at no cost and the trainer may reserve up to one slot at no cost. Please note that for data privacy reasons OWASP can’t provide trainers with contact information of the attendees.

Split

Price per attendee: 3- Day Class $2,100 USD/ 2-Day Class €1,400 / 1-Day Class €750

Earnings will be split 60/40 (OWASP/Trainer) for the training class.