Ends on April 30, 2018

Important Dates:

CfP Opens Friday  February 9th

Review committee Announced TBA

CfP Closes Sunday April 30

Notification of submitters Mid May

Program announced  Early June


Web applications leaders, software engineers, and researchers from all over the world gather at AppSec USA to drive visibility and evolution in the safety and security of the world’s software. This year we will offer 3 recorded tracks and one “HushTrack” October 11&12 in San Jose, the heart of Silicon Valley.  Hands on training will be offered October 8, 9, and 10.  If you are interested in giving a training, the Call for Training is open February 23rd through April 30th.

Theme:  Security Through Enablement

Too often security conferences get caught up in looking for the newest vulnerability or hottest hack.  This mindset means that as security professionals we have barely moved the needle when it comes to securing the world’s software. Rather than focus on the newest [insert type of vulnerability] in [niche type of software] we want to know what you did to make a developer’s normal experience secure. Tell us the security building blocks that moved your team from the blocking security team to the integrated security team. 

Examples of talks include:

  • Our Journey for Rolling out MFA
  • Building a TLS Service
  • Auth Plugins
  • Open Source Security Building Blocks
  • Scaling Security /Incident Response: Account Takeover
  • Scaling Security /Incident Response:Fraud
  • Data Driven Security
  • Enabling the User to be Secure by Default
  • Enabling Developers to remain Secure Throughout the SDLC
  • Bringing Teams up to Speed in DevSecOPs Environments
  • How Does Your Org Enable the Next Generation of Security Research

Of course we love surprises so if your talk falls outside of the examples given, feel free to submit!

Additionally, this year we will be running a one day HushTrack.  The HushTrack is not filmed and follows the Chatham House Rule.  When applying for the HushTrack, consider thinking out of the box by proposing a panel, round tables, or other activity in addition to a normally formatted talk.

Review Committee and Policies

William Bengtson-- Committee Chair

Other committee members TBA

Review Policies

The crux of security is the ability to think flexibly and creatively about multi-stakeholder problems. It is the goal of OWASP to accelerate the speed of change and enable serendipity by connecting the community.  In our view, security can only be enhanced when practitioners approach problems with diverse critical thinking theories and practices.

To this end OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds.  OWASP actively encourages speakers, trainers, and leaders of all sexual orientations, ages, and ethnicity.  Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of diverse invited speakers and trainers.

The program committee will review your submission based on a descriptive abstract and detailed outline of your presentation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.

Successful applications will:

  • Take audience into account, OWASP has a diverse audience with more than half of the audience consisting of mid career security professionals and the remainder consisting of developers and entry level or advanced security professionals. While our Audience does cover Builders, Breakers, and Defenders, AppSec USA tends towards defenders. 
  • Remember that well-trod concepts should advance the topic, address the content from a new angle, or introduce new applications for the content. We are not adverse to accepting talks that have been presented elsewhere first, but we do ask that you share if your talk has been previously presented. 
  • Be well written.  Your Abstract is the only long-form marketing for your specific talk to our audience.  It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.  Your detailed outline is your chance to sway our judges.  Write this as thoroughly as possible so that the committee understands all you bring to the table.
  • Be applicable. While there is a place for talks about the distant future, talks which will allow the audience to immediately implement or share concepts, changes, or processes with colleagues are more interesting to our judges and audience and will comprise the majority of accepted presentations. 
  • Conform to the blind protocol.  Submissions that identify the author will automatically be disqualified. Please leave your name out of any materials or fields not directly requesting this information.


By your submission you agree to the OWASP Speaker Agreement.  OWASP values vendor neutrality. You must use the OWASP presentation template and you’re not allowed to place marketing pitches in your slides. All presentation slides will be published on the conference website after the conference. Please make sure that any pictures and other materials in your slides don’t violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.

Sign up form

Please enter a valid email address.