Ends on


Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field.

The conference will take place at the Hyatt Regency in San Francisco, California. It will begin with training sessions from October 19 - 21, 2020 and the main conference on October 22 - 23.

Considering the ongoing international emergency regarding the COVID-19 Coronavirus, we are aware that an in-person conference may not be feasible. We ask that you design content that could be effectively presented in either format. We will provide technical guidelines and assistance to speakers who may not be familiar with delivering virtual content should the decision be made to hold the conference virtually.


The Program Team is formally issuing a call for Trainers, opening March 23,  2020. As with previous Global AppSec events, we would like to run a number of different training courses of varying lengths over the three days of the conference.

Trainers can apply to give 1, 2, or 3 day classes. Trainers are allowed to make multiple submissions; one submission per class. The training audience will include developers interested in security as well as security professionals.

We are looking for training courses at all levels from someone new to the application security field to advanced topics for experienced professionals. However, all training submissions should have a focus on practical skills which are immediately applicable to an attendee’s job and have a significant hands-on element with tasks and exercises for attendees to attempt during the training.


CfT Opens March 23, 2020
CfT Closes April 19, 2020
Notification to submitters May 22, 2020
Program announced  June 1, 2020

The Program Team will review your submission based on a descriptive abstract and detailed outline of your class.  Including additional classroom materials will be helpful in our evaluation.

Please review your proposal thoroughly as all accepted abstracts and bios will be published on our site as submitted.

Examples of topics include, but are not limited to, the following.  We encourage innovation!

  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Integrating Security into DevOps or SRE
  • Vulnerability analysis: code review, pentest, static analysis
  • Threat modeling
  • Mobile security
  • Cloud and serverless security
  • Kubernetes and Container security
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Operations and software security
  • Other topics but with an emphasis on Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management

Training should:
Be Aimed at a Specific Audience - OWASP has a diverse audience that consists of novice to advanced level practitioners in different fields. Your content should be developed to clearly connect with a specific audience.

Not be a Marketing Pitch - Submissions that double as marketing or including sales pitches within the training will not be accepted.

Have a Clearly Written Abstract - Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your class.  Your abstract should include the learning objectives of the training.

Have a Detailed Outline - Detailed description of how you are you structurering the course. Walk the reviewer through the training.

Be Clearly Applicable - Classes which prioritize content that attendees will be able to immediately implement are preferred.

Include Hands-on training - Hands on labs which allow attendees to connect meaningfully with content are preferred.

Demonstrate the Expertise of Trainer(s) - The submission should highlight the experience of the trainer(s) in the subject of training and in delivering professional training.

All trainers will be required to submit a trainer agreement. The following conditions apply for those that want to provide training at the conference.

Trainer provides:

  • Class syllabus / training materials.
  • Covers travel for the instructor(s) and all course materials for students.
  • Promotion of training on all available media eg. Twitter, Linkedin
  • Trainer may brand training materials to increase their exposure.

OWASP provides:

  • Venue
  • Catering
  • Registration Logistics
  • Basic wireless internet access (if you need additional technical arrangements, it is important to let us know)
  • One night hotel per day of training
  • Flat fee of $5,000 per day of training

OWASP will reserve up to two training slots at no cost and the trainer may reserve up to one slot at no cost. Please note that for data privacy reasons OWASP cannot provide trainers with contact information of the attendees. Trainers may collect attendee contact information during the training, should the attendee choose to share it with the trainer.

All personal data collected during the submission process will be only for contacting submitters regarding their submission and will not be used for any marketing or commercials purposes. All data collected will be deleted once the selection process is complete.

We use Submittable to accept and review our submissions.