OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
OWASP is completely vendor neutral and does not endorse or certify any company, service, or product. All presentations, training, and talks performed for OWASP are required to meet this standard.
INTRODUCTION
Application Security leaders, developers, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software and network, collaborate, and share the newest innovations in the field. The conference will take place on June 27-28, 2024, at the Lisbon Congress Center. The event will also offer hands-on training with vetted and leading trainers from June 24-26, 2024.
CALL FOR PRESENTATIONS (CFP) & SUBMISSION
The Global AppSec Program Team is formally issuing a call for presentations, opening February 20, 2024, and closing April 3, 2024, at 11:59 PDT.
This year’s tracks are based on traditional OWASP tracks, but slightly changed and clarified. Speakers should focus on the following guidelines for each of the tracks below. Sessions will be scheduled for 45 minutes, and you can include a 10-minute Q&A session if you choose.
- BUILDER / DEVELOPER - Show us how to build more secure apps, how to securely use technology in code, and how to secure systems at scale.
- BREAKER / TESTER - Show us how to test apps for security, and how to break secure systems.
- DEFENDER / OPS - Show us world-class application operational defense, tools and techniques enabling detection and response to attacks, automating your processes and pipelines, and running your production security program.
- MANAGER / CULTURE - Show us how to run your security teams effectively, create an effective security culture, selling security to your executives, or balancing the risk tradeoffs.
We’ve provided a few suggested topics below, but feel free to innovate!
- Web application security
- AI
- Mobile, Cloud, and Serverless security
- Blockchain & Internet of Things for security use
- Penetration testing & Application-level attacks
- Threat modeling, Application, and system architecture
- Security for DevOps engineers
- Privacy controls
- Planning and implementing an application security program
- Creating an AppSec team & culture
- Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t!
REVIEW PROCESS
CfP IMPORTANT DATES:
CfP Opens February 20, 2024
CfP Closes April 3, 2024
Notification of submitters Week of May 13, 2024
Program announced the week of Week of May 20, 2024
Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site.
REVIEW CONSIDERATIONS
The Program Team will review your submission based on a descriptive abstract of your intended presentation.
Your presentation should:
Be Aimed at a Specific Audience - OWASP has a diverse audience of novice to advanced level practitioners. Your content should be developed to connect with a specific audience clearly.
Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so attendees can clearly understand what you will be discussing and what they will get out of your talk.
Have a Detailed Outline - Your detailed outline is your chance to frame your talk. Write this as thoroughly as possible, so the committee understands what you bring to the table.
Be Applicable - Talks that prioritize content that attendees will be able to implement immediately are preferred.
Not be a Marketing Pitch - Submissions which double as marketing talks or include sales pitches within the training will not be successful or accepted. All talks must be vendor agnostic, we do not approve of product demos.
Submissions must be provided by the speaker themselves, and not by the marketing department or agency. Show us what you know, and what you're passionate about!
We prefer new talks with fresh information, not ones that have been repeated many times before. If you wish to present a topic you’ve talked about in the past, please share with us what you have changed.
BLINDED REVIEW PROCESS
Please note that this is a blind submission.
It does not matter where you come from, what your gender is, or what formal education you have. We care about bringing our audience the most professional, interesting, and innovative content. The Review Committee is a diverse group as well.
We will review the submissions and choose the talks based on content only. Reviewers cannot view your personal details, and will score your submission based on its own quality and relevance. Please ensure you do not include your personal details or identifying information (such as name, company, location, etc) in any of the reviewed fields marked as such. There are specific fields provided that you can share a personal note, and these will be reviewed by the Program Committee before final acceptance. Submissions that violate this rule may be rejected.
TRAVEL ASSISTANCE
Global AppSec is a community event designated to support the Foundation, and we have a very limited budget. If personal travel costs would prevent you from participating, we will try to help cover part of your travel and accommodation costs so that you do not incur large expenses to come speak at our conference.
We cannot guarantee any sum at this time, however this should not dissuade you from submitting! We will not expect you to confirm attendance before we confirm how much assistance we can offer. This will NOT affect your acceptance at all and is not visible during the review.
TERMS
Following acceptance, we’ll provide guidance on presentation templates. All presentation slides will be published on the conference website after the conference. OWASP values vendor neutrality. Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.
Additional Notes:
- OWASP is an inclusive organization for practitioners from all cultural, gender, ethnic, educational, ability, religious, and career backgrounds. We actively encourage speakers of all genders, sexual orientations, ages, religions, and ethnicity.
- Fields denoted by an asterisk are mandatory. Failure to complete your submission can result in your submission being excluded from the review process.
- Multiple submissions by a speaker will be reviewed. However, only one talk will be selected. We’re looking to expand speaking opportunities across our diverse community.
- Submissions must be provided by the speaker themselves, and not by the marketing department or agency. There is an option to add a 2nd speaker as well.
- This is a fully blinded review process, and submissions must be appropriately blinded as well. Personal details will not be shared with reviewers, please do not include them in the other fields in any way.
- While we do not offer an honorarium, a free registration is included, and we hope to create an epic speaker experience this year!
- All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for any marketing or commercials purposes. All data collected will be deleted once the selection process is complete.
INTRODUCTION
Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field. The training will take place on September 23-25, 2024, at the Hyatt Regency San Francisco.
CALL FOR TRAINERS (CfT) & SUBMISSION
The Program Team is formally issuing a call for Trainers, opening March 21, 2024.
As with previous Global AppSec events, we would like to run a number of different training courses of varying lengths over several days surrounding the conference.
Trainers can apply to give 1, 2 or 3-day classes. Trainers are allowed to make multiple applications, one application per class. The training audience will include developers interested in security as well as security professionals. We will select only the best submission.
We are looking for training courses at all levels, from someone new to the application security field to advanced topics for experienced professionals. However, all training submissions should focus on practical skills which are immediately applicable to an attendee’s job and have a significant hands-on element with tasks and exercises for attendees to attempt during the training. Our main priority for selecting trainings for this event is useful, practical information that will be valuable for our target audience. Even if this training has been offered before, as long as there is fresh and up to date content.
REVIEW PROCESS
IMPORTANT DATES:
CfT Opens March 21, 2024
CfT Closes May 6, 2024
Notification of submitters Week of June 3, 2024
Program announced the week of Week of June 10, 2024
REVIEW CONSIDERATIONS
The Program Team will review your submission based on a descriptive abstract and detailed outline of your class. Including additional classroom materials will be helpful in our evaluation.
Please review your proposal thoroughly, as all accepted abstracts and bios will be published on our site as submitted.
Examples of topics include, but are not limited to the following. We encourage innovation!
- Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
- Integrating Security into DevOps or SRE
- Vulnerability analysis: code review, pentest, static analysis
- Threat modeling
- Mobile security
- Cloud and serverless security
- Kubernetes and Container security
- OWASP tools or projects in practice
- New technologies, paradigms, tools
- Operations and software security
- Other topics but with an emphasis on Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management
Training should:
Be Aimed at a Specific Audience - OWASP has a diverse audience that consists of novice to advanced level practitioners in different fields. Your content should be developed to clearly connect with a specific audience.
Not be a Marketing Pitch - Submissions that double as marketing or include sales pitches within the training will not be accepted.
Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so attendees can clearly understand what you will be discussing and what they will get out of your class.
Have a Detailed Outline - Detailed description of how you are structuring the course. Walk the reviewer through the training. Please try to be as detailed as possible, including timing and learning objectives for each module.
Be Clearly Applicable - Classes that prioritize content that attendees will be able to immediately implement preferred.
Include Hands-on training - Hands-on labs which allow attendees to connect meaningfully with content are preferred.
Demonstrate the Expertise of Trainer(s) - The submission should highlight the experience of the trainer(s) in the subject of training and in delivering professional training.
Terms
All trainers will be required to submit a trainer agreement.
The following conditions apply to those who want to provide conference training.
Trainer provides:
- Class syllabus/training materials.
- Covers travel for the instructor(s) and all course materials for students.
- Promotion of training on all available media eg. Twitter, Linkedin
OWASP provides:
- Venue
- Catering (with limitations based on COVID19 and reasonable alternative options for attendees)
- Registration logistics
- Basic wireless internet access (if you need additional technical arrangements, it is important to let us know)
- Five (5) power strips for training room
- Three (3) flip charts, upon request.
Trainer profit-share:
- Virtual Trainers As a trainer of a Virtual AppSec Days event, I am eligible to share 40% of net revenue up to $7,500 USD and 50% of net revenues above $7,500 USD. I must provide appropriate taxing authority documentation as needed for final payment, such as a W-9 in the United States. I will be granted a complimentary pass to the Virtual AppSec Days event. I will not be reimbursed for any expenses incurred to deliver sessions for the Company’s Conference. For other virtual events, I am eligible according to the terms in the Call for Trainers.
- In-person Trainers For Global AppSec events, I am eligible to share 40% of net revenue up to $10,000 USD and 50% of net revenues above $10,000 USD. I may ask to be included in the OWASP Foundation’s discounted hotel block booking, subject to availability and at my own cost. I will be granted a complimentary pass to the Global AppSec. I must provide appropriate taxing authority documentation as needed for final payment, such as a W-9 in the United States. I understand that I will not be reimbursed for any travel expenses such as airfare, accommodation, or any other daily expenses incurred while attending the Company’s Event for which I am a Presenter. For other events, I am eligible according to the terms in the Call for Trainers.
- Should in-person or hybrid training take place, OWASP will revise training agreements for selected trainers and address compensation based on the needs of the program.
All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for marketing or commercial purposes. All data collected will be deleted once the selection process is complet
About
The Lonestar Application Security Conference (LASCON) is an OWASP-associated conference held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.
The conference will take place October 24 - 25, 2024 at the Norris Conference Center in Austin, Texas. The conference will also offer pre-conference training on October 22-23.
IMPORTANT: LASCON is an in-person ONLY event. No virtual presentations will be accepted. Your talk must be presented in person at the venue in Austin TX.
CFP Submission
Use this form to submit your proposed talk for LASCON. The CFP will close on Saturday, June 1, 2024. Submissions will be reviewed, using blind submission selection, and you will be contacted via the email address you provide on the form. All selections will be completed by Saturday, June 29, 2024.
The LASCON conferences are true security conferences with all talks and presentations focusing on various areas of information security. Topics should focus on the technical and social aspects of security, and should not contain marketing or sales pitches.
You can review the past LASCON talks. to get an idea of types of talks we are seeking.
Speaker Information
Selected speakers will …
- be expected to adhere to the OWASP Conference Policies
- read and electronically submit OWASP Speaker Agreement (please read thoroughly)
LASCON does not cover any travel or accommodation costs for presenters. We know speakers are key to the success of a conference and hope you will submit a talk. In appreciation of your efforts, we include the following:
- All speakers receive full, free admission to the entire two-day conference.
- Speakers are given speaker badges and speaker SWAG.
- Speakers are invited to a Speakers Dinner (a casual event, held the evening before the conference).
- For international speakers, if accepted, we can provide a letter of confirmation for your visa submission.
- Your abstract and recording will be archived on LASCON sites. (See previous LASCON talks.)
About
The Lonestar Application Security Conference (LASCON) is an OWASP regional event held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.
The pre-conference training will take place October 22 - 23, 2024 at the Norris Conference Center in Austin, Texas, with the conference immediately following on October 24-25.
IMPORTANT:
- LASCON is an in-person ONLY event. No virtual training will be accepted. Your training must be presented in person at the venue in Austin TX.
- LASCON does not cover any travel or accommodation costs for trainers.
CFT Submission
Use this form to submit your proposed training for LASCON. The CFT will close on July 30, 2024. Submissions will be reviewed and you will be contacted via the email address you provide on the form. We will announce all training selections by August 15, 2024, and ask that trainer reply by August 22nd. Please know that due to space considerations we can only select a limited number of training workshops.
Selected trainers will …
- be expected to adhere to the OWASP Conference Policies
- read and electronically submit an OWASP Trainer Agreement (please read thoroughly)