Ends on


Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field. 

The conference will take place October 22 - 23, 2020 at the Hyatt Regency in San Francisco, California. The conference will also offer hands on training with vetted and leading trainers from October 19 - 21.

Considering the ongoing international emergency regarding the COVID-19 Coronavirus, we are aware that an in-person conference may not be feasible. While we are moving forward with the planning of an in-person conference, there is a possibility we may need to make the conference virtual. We ask that you design content that could be effectively presented in either format. We will provide technical guidelines and assistance to speakers who may not be familiar with delivering virtual content should the decision be made to hold the conference virtually.

The Global AppSec Program Team is formally issuing a call for presentations, opening March 23, 2020 and closing April 19, 11:59 PDT

This year’s tracks follow the traditional OWASP Builder, Breaker, & Defender principles - with additional categories in  Security Governance and Security Essentials.

Speakers should focus on the following guidance for each of the tracks:
BUILDER - show us how to build more secure apps
BREAKER - show us how to break secure apps
DEFENDER - show us world-class application defense, including the tools and techniques enabling detection and response to attacks
SECURITY GOVERNANCE - show us how to manage a security program, including policies, procedures and their implementation to build more secure apps, metrics to measure success, and communication to demonstrate value of the program
SECURITY ESSENTIALS - show us the fundamentals, the basic building blocks, the common core needed for any application security program

We’ve provided a few suggested topics below, but feel free to innovate!

  • Web application security
  • Mobile, Cloud and Serverless security
  • Blockchain & Internet of Things for security use
  • Penetration testing & Application level attacks
  • Threat modeling, Application and solution architecture
  • Security for DevOps engineers
  • Privacy controls
  • Planning and implementing an application security program
  • Creating an AppSec team & culture
  • Techniques to communicate risk and appsec value to management - sharing what works, and what doesn’t! 


CfP Opens March 23, 2020
CfP Closes April 19, 2020
Notification to submitters May 22, 2020
Program announced  June 1, 2020

Keep in mind: the better your description is, the better our review will be.  Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site.

The Program Team will review your submission based on a descriptive abstract of your intended presentation.

Your presentation should:
Be Aimed at a Specific Audience - OWASP has a diverse audience that consists of novice to advanced level practitioners. Your content should be developed to clearly connect with a specific audience.
Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk.
Have a Detailed Outline - Your detailed outline is your chance to frame your talk. Write this as thoroughly as possible so that the committee understands what you bring to the table.
Be Applicable - Talks which prioritize content that attendees will be able to immediately implement are preferred.
Not be a Marketing Pitch - Submissions which double as marketing talks or including sales pitches within the training will not be successful, or accepted.  All talks are vendor agnostic, we do not approve of product demos.

This is a blind submission.  It does not matter where you come from, what your gender is, or what formal education you have.  We care about bringing the most professional, interesting and innovative content to our audience.  The Review Committee is a diverse group.  We will review the submissions and choose the talks based on their content only.

We are looking for new talks, not ones you’ve given in previous conferences.  If you wish to present a topic you’ve talked about in the past, please share with us what you have changed.

Global AppSec is a community event designated to support the Foundation, we have a limited budget.  If travel costs are a challenge, we will try to help cover part of your costs of travel and accommodation so that you do not incur large expenses to come speak at our conference. This will not affect your acceptance at all. We will not expect you to confirm attendance before we confirm how much assistance we can offer.

Following acceptance, we’ll provide guidance on presentation templates.  All presentation slides will be published on the conference website after the conference.  OWASP values vendor neutrality.  Please make sure that any pictures and other materials in your slides do not violate any copyrights. You are solely liable for copyright violations. You may choose any CC license for your slides, including CC0. OWASP does suggest open licenses.

Additional  Notes:

  • OWASP is an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds. We actively encourage speakers of all genders, sexual orientations, ages, religions, and ethnicity.
  • Fields denoted by an asterisk are mandatory. Failure to fully complete your submission can result in your submission being excluded from the review process.
  • Multiple submissions will be reviewed.  However one talk will be selected.  We’re looking to expand a speaking opportunity across our diverse community.
  • While we do not offer an honorarium, free registration is included and we hope to create an epic speaker experience this year!

All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for any marketing or commercials purposes. All data collected will be deleted once the selection process is complete.

We use Submittable to accept and review our submissions.