This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSec USA 2014"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
  
 
=ABOUT=
 
=ABOUT=
<br>
+
<br><br>
AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices, in the high energy atmosphere of Downtown Denver.
+
'''AppSec USA''' is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices, in the high energy atmosphere of Downtown Denver.<br><br>
 
+
'''Why should you attend?'''<br>
WHY YOU SHOULD ATTEND?
 
 
 
 
Insightful keynote addresses delivered by leading industry visionaries from thought leaders of critical infrastructure.
 
Insightful keynote addresses delivered by leading industry visionaries from thought leaders of critical infrastructure.
 
Over 50 sessions across 5 tracks (developer, tester, operations, workshops, and legal) with world-renowned subject matter experts
 
Over 50 sessions across 5 tracks (developer, tester, operations, workshops, and legal) with world-renowned subject matter experts
Line 17: Line 15:
 
Extensive Capture the Flag competition developed exclusively for AppSec USA 2014
 
Extensive Capture the Flag competition developed exclusively for AppSec USA 2014
 
Home-brewed beer competition open to all attendees
 
Home-brewed beer competition open to all attendees
Convenience of Downtown Denver
+
Convenience of Downtown Denver<br><br>
WHO SHOULD ATTEND?
+
'''Who should attend?'''<br>
 
 
 
Developers, Security Auditors, Risk Managers, Executive Management, Government, Press, Law Enforcement, Entrepreneurs
 
Developers, Security Auditors, Risk Managers, Executive Management, Government, Press, Law Enforcement, Entrepreneurs
 +
<br><br>
 +
If you have any questions, please email the conference committee''': '''[mailto:[email protected] [email protected]]'''
 +
<br>
 +
=TEAM=
  
 
+
AppSec USA would not be possible without the  hard work of the following volunteers and staff:<br><br>
'''If you have any questions, please email the conference committee''': '''[mailto:appsecusa2014@owasp.org appsecusa2014@owasp.org]'''
+
'''General Conference Chair''':<br>
 +
Mark Major<br>
 +
Wiki: https://www.owasp.org/index.php/User:Mark_Major<br>
 +
Email:: mark dot major at owasp dot org<br>
 +
<br>
 +
'''Speaker and Trainer Selection Chair''':<br>
 +
Steve Kosten<br>
 +
Wiki: https://www.owasp.org/index.php/User:Steve_Kosten<br>
 +
Email: steve dot kosten at owasp dot org<br>
 
<br>
 
<br>
 +
'''Conference Volunteers:'''<br>
 +
Chris Campbell<br>
 +
Rob Jepson<br>
 +
Sunil Kollipara<br>
 +
Brad Carvalho<br>
 +
Ann Marie Ronan<br>
 
<br>
 
<br>
=TEAM=
+
'''OWASP Staff'''<br>
 
+
Sarah Baso @OWASPgirl<br>
MEET THE TEAM:
+
LinkedIn: http://www.linkedin.com/pub/sarah-baso/2a/69/53a<br>
 
+
Kelly Santalucia @KellySantalucia<br>
AppSec USA would not be possible without the  hard work of the following volunteers and staff:
+
LinkedIn: www.linkedin.com/pub/kelly-santalucia/30/59b/2b3/<br>
 
+
Samantha Groves @SamanthaOWASP<br>
General Conference Chair:
+
LinkedIn: http://www.linkedin.com/in/samanthagroves<br>
 
+
Kate Hartmann @kate_hartmann<br>
Mark Major
+
LinkedIn: http://www.linkedin.com/pub/kate-hartmann/8/968/786/<br>
Wiki: https://www.owasp.org/index.php/User:Mark_Major
+
Laura Grau<br>
Email:: mark dot major at owasp dot org
+
LinkedIn: http://www.linkedin.com/pub/laura-grau/27/639/461<br>
 
+
Alison Shrader<br>
Speaker and Trainer Selection Chair:
+
LinkedIn: http://www.linkedin.com/pub/alison-shrader/5/328/91b<br>
 
+
Matt Tesauro @matt_tesauro<br>
Steve Kosten
+
LinkedIn: http://www.linkedin.com/in/matttesauro<br>
Wiki: https://www.owasp.org/index.php/User:Steve_Kosten
 
Email: steve dot kosten at owasp dot org
 
 
 
Conference Volunteers:
 
Chris Campbell
 
Rob Jepson
 
Sunil Kollipara
 
Brad Carvalho
 
Ann Marie Ronan
 
 
 
OWASP Staff
 
 
 
Sarah Baso @OWASPgirl
 
LinkedIn: http://www.linkedin.com/pub/sarah-baso/2a/69/53a
 
Kelly Santalucia @KellySantalucia
 
LinkedIn: www.linkedin.com/pub/kelly-santalucia/30/59b/2b3/
 
Samantha Groves @SamanthaOWASP
 
LinkedIn: http://www.linkedin.com/in/samanthagroves
 
Kate Hartmann @kate_hartmann
 
LinkedIn: www.linkedin.com/pub/kate-hartmann/8/968/786/
 
Laura Grau
 
LinkedIn: www.linkedin.com/pub/laura-grau/27/639/461
 
Alison Shrader
 
LinkedIn: www.linkedin.com/pub/alison-shrader/5/328/91b
 
Matt Tesauro @matt_tesauro
 
LinkedIn: www.linkedin.com/in/matttesauro
 
  
  
 
=CALL FOR PRESENTATIONS=
 
=CALL FOR PRESENTATIONS=
The call for presentations (CFP) is currently open. Submit your talks here.
+
<br>
 
+
The call for presentations (CFP) is currently open. Submit your talks [http://cfp.appsecusa.org HERE].<br><br>
Dates and deadlines
+
<br>
 
+
'''Dates and deadlines'''<br>
April 27th, 2014: Submission deadline
+
*April 27th, 2014: Submission deadline<br>
May 30th, 2014: Notification of acceptance
+
*May 30th, 2014: Notification of acceptance<br>
August 4th, 2014: Final materials due for review
+
*August 4th, 2014: Final materials due for review<br>
September 18th – 19th, 2014: Conference proceedings
+
*September 18th – 19th, 2014: Conference proceedings<br>
Topics of interest
+
<br>
 
+
'''Topics of interest'''<br>
Conference sessions will be divided into four primary tracks and two smaller supporting tracks. Consistent with OWASP, each track will relate in part to web application security. The primary tracks are:
+
Conference sessions will be divided into four primary tracks and two smaller supporting tracks. Consistent with OWASP, each track will relate in part to web application security. <br>
 
+
<br>
Builders
+
'''The primary tracks are:'''
Targeting developers, testers, and managers involved in the secure software development lifecycle.
+
<br>
Breakers
+
*Builders: Targeting developers, testers, and managers involved in the secure software development lifecycle.<br>
Focusing on matters relevant to penetration testers, researchers, and other security professionals.
+
*Breakers: Focusing on matters relevant to penetration testers, researchers, and other security professionals.<br>
Defenders
+
*Defenders: Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.<br>
Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.
+
*Policy and Legal: Addressing privacy, compliance, and legal issues affecting development and security communities.<br>
Policy and Legal
+
<br>
Addressing privacy, compliance, and legal issues affecting development and security communities.
+
'''The secondary tracks are:'''
The secondary tracks are:
+
<br>
 
+
*OWASP-specific: Status, recruiting, and awareness for OWASP projects; board panels; leadership workshops; etc.<br>
OWASP-specific
+
*Hands-On Skills Lab: Introductory workshops designed to familiarize attendees with critical tools (e.g., “nmap 101″).<br>
Status, recruiting, and awareness for OWASP projects; board panels; leadership workshops; etc.
+
<br>
Hands-On Skills Lab
+
We invite all practitioners of application security and those who work or interact with all facets of application security to submit presentations including, but not limited to the following subject areas:<br>
Introductory workshops designed to familiarize attendees with critical tools (e.g., “nmap 101″).
+
*Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
We invite all practitioners of application security and those who work or interact with all facets of application security to submit presentations including, but not limited to the following subject areas:
+
*Mobile security: Development and/or testing devices and the mobile web<br>
 
+
*Cloud security: Offensive and defensive considerations for cloud-based web applications<br>
Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
+
*Infrastructure security: Database security, VoIP, hardware, identity management<br>
Mobile security: Development and/or testing devices and the mobile web
+
*Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.<br>
Cloud security: Offensive and defensive considerations for cloud-based web applications
+
*Emerging web technologies and associated security considerations<br>
Infrastructure security: Database security, VoIP, hardware, identity management
+
*Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection<br>
Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
+
*OWASP tools and projects in practice<br>
Emerging web technologies and associated security considerations
+
*Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.<br>
Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
+
*Cool hacks and other fun stuff: cryptography, social engineering, etc.<br>
OWASP tools and projects in practice
+
<br>
Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
+
'''Submission Format'''<br>
Cool hacks and other fun stuff: cryptography, social engineering, etc.
+
Only submissions entered into http://cfp.appsecusa.org will be considered. Please have the following information handy.<br>
Submission Format
+
*Presentation title<br>
 
+
*Contact information (speaking name, organizational affiliation, email)<br>
Only submissions entered into http://cfp.appsecusa.org will be considered. Please have the following information handy.
+
*Abstract, including the following information:<br>
 
+
-Presentation overview<br>
Presentation title
+
-Format (lecture, group panel, live demo, audience participation, etc.)<br>
Contact information (speaking name, organizational affiliation, email)
+
-Objectives and outcomes<br>
Abstract, including the following information:
+
*Speaker background, including the following information:
Presentation overview
+
-Previous conference speaking experience
Format (lecture, group panel, live demo, audience participation, etc.)
+
-Links to videos of past speaking engagements
Objectives and outcomes
+
*Anything else we should know about you or your presentation<br>
Speaker background, including the following information:
+
<br>
Previous conference speaking experience
+
'''Judging Criteria'''<br>
Links to videos of past speaking engagements
+
All content assessments will be performed blind. Content reviewers will have no knowledge of the presenter’s identity. All uploaded materials must be sanitized of author names and affiliations, email addresses, and other personally-identifiable information.<br>
Anything else we should know about you or your presentation
+
*Strength of presentation<br>
Judging Criteria
+
*Vendor neutrality<br>
 
+
*Topicality (fresh research, innovative solutions, relevance to current events, etc.)<br>
All content assessments will be performed blind. Content reviewers will have no knowledge of the presenter’s identity. All uploaded materials must be sanitized of author names and affiliations, email addresses, and other personally-identifiable information.
+
*Depth of content (deeply technical talks are preferred to high-level talks)<br>
 
+
*Relevance to conference tracks<br>
Strength of presentation
+
*Relevance to industry trends<br>
 
+
*Relevance to OWASP or OWASP projects<br>
Vendor neutrality
+
*Presentation length (45-50 minute talks are preferred)<br>
Topicality (fresh research, innovative solutions, relevance to current events, etc.)
+
<br>
Depth of content (deeply technical talks are preferred to high-level talks)
+
A second evaluation will occur based on speaker experience. The final presentation score will be a composite of the two evaluations. The following criteria will be used during evaluation.<br>
Relevance to conference tracks
+
*Strength of speaker<br>
Relevance to industry trends
+
*Clarity of submission: Demonstrated speaking ability (previous experience, videos of prior speaking engagements, etc.)
Relevance to OWASP or OWASP projects
+
*Bonus points: <br>
Presentation length (45-50 minute talks are preferred)
+
-Integration of live demonstrations into the presentation<br>
A second evaluation will occur based on speaker experience. The final presentation score will be a composite of the two evaluations. The following criteria will be used during evaluation.
+
-Free and open distribution of source code, exploits, tools, and other materials relevant to the talk<br>
 
+
<br>
Strength of speaker
+
'''Terms'''<br>
 
 
Clarity of submission
 
Demonstrated speaking ability (previous experience, videos of prior speaking engagements, etc.)
 
Bonus points
 
 
 
Integration of live demonstrations into the presentation
 
Free and open distribution of source code, exploits, tools, and other materials relevant to the talk
 
Terms
 
 
 
 
All speakers must provide written agreement to the OWASP Speaker Agreement after notification of acceptance.
 
All speakers must provide written agreement to the OWASP Speaker Agreement after notification of acceptance.
  
 
=CALL FOR TRAININGS=
 
=CALL FOR TRAININGS=
CALL FOR TRAINING
+
<br>
The call for training (CFT) is currently open. Submit your talks here.
+
The call for training (CFT) is currently open. Submit your talks [http://cft.appsecusa.org HERE].<br>
 
+
<br>
Dates and deadlines
+
'''Dates and deadlines'''<br>
 
+
*April 13th, 2014: Submission deadline<br>
April 13th, 2014: Submission deadline
+
*May 5th, 2014: Notification of acceptance<br>
May 5th, 2014: Notification of acceptance
+
*August 5th, 2014: Final materials due for review<br>
August 5th, 2014: Final materials due for review
+
*September 16th – 17th, 2014: Conference training<br>
September 16th – 17th, 2014: Conference training
+
<br>
Topics of interest
+
'''Topics of interest'''<br>
 
+
Training related to web application security will be prioritized. These include, but are not limited to:<br>
Training related to web application security will be prioritized. These include, but are not limited to:
+
*Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.<br>
 
+
*Mobile security: Development and/or testing devices and the mobile web<br>
Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
+
*Cloud security: Offensive and defensive considerations for cloud-based web applications<br>
Mobile security: Development and/or testing devices and the mobile web
+
*Infrastructure security: Database security, VoIP, hardware, identity management<br>
Cloud security: Offensive and defensive considerations for cloud-based web applications
+
*Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.<br>
Infrastructure security: Database security, VoIP, hardware, identity management
+
*Emerging web technologies and associated security considerations<br>
Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
+
*Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection<br>
Emerging web technologies and associated security considerations
+
*OWASP tools and projects in practice<br>
Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
+
*Privacy: Legislation, compliance, etc.<br>
OWASP tools and projects in practice
+
<br>
Privacy: Legislation, compliance, etc.
+
'''Submission Format'''<br>
Submission Format
+
Only submissions entered into http://cft.appsecusa.org will be considered. Please have the following information handy.<br>
 
+
*Course title<br>
Only submissions entered into http://cft.appsecusa.org will be considered. Please have the following information handy.
+
*Course instructor(s) and contact information<br>
 
+
*Abstract, including the following information:<br>
Course title
+
-Course overview<br>
Course instructor(s) and contact information
+
-Target audience (roles, experience, ideal number of participants)<br>
Abstract, including the following information:
+
-Objectives and outcomes (what results should trainees expect?)<br>
Course overview
+
*Trainer biography (include past training engagements)<br>
Target audience (roles, experience, ideal number of participants)
+
*Additional comments:<br>
Objectives and outcomes (what results should trainees expect?)
+
-Assumptions<br>
Trainer biography (include past training engagements)
+
-Constraints<br>
Additional comments:
+
*Anything else we should know about you or this course<br>
Assumptions
+
<br>
Constraints
+
'''Terms'''<br>
Anything else we should know about you or this course
+
WASP Foundation obligations:<br>
Terms
+
*Course marketing mailing lists and official conference channels<br>
 
+
*Registration services<br>
OWASP Foundation obligations:
+
*Training room with sufficient seating (e.g. table/chair) for registered attendees<br>
 
+
*Single projector and screen<br>
Course marketing mailing lists and official conference channels
+
*Chalkboards, whiteboards, easels, or other fixtures (on request)<br>
Registration services
+
*One (1) full conference pass<br>
Training room with sufficient seating (e.g. table/chair) for registered attendees
+
*One (1) conference pass 50% discount code (not stackable with other offers)<br>
Single projector and screen
+
*One (1) seat in training class at no additional cost<br>
Chalkboards, whiteboards, easels, or other fixtures (on request)
+
*Timely payment of instructor fees<br>
One (1) full conference pass
+
*Feedback from course attendees<br>
One (1) conference pass 50% discount code (not stackable with other offers)
+
*Status updates on the current number of students enrolled (on request)<br>
One (1) seat in training class at no additional cost
+
<br>
Timely payment of instructor fees
+
Instructor obligations:<br>
Feedback from course attendees
+
*Course materials for students, including syllabus or other hand-outs<br>
Status updates on the current number of students enrolled (on request)
+
*Distribution and collection of course evaluation forms<br>
Instructor obligations:
+
*Travel and accommodations for instructor(s)<br>
 
+
*Marketing of the training course through normal instructor methods<br>
Course materials for students, including syllabus or other hand-outs
+
*Laptop or other presentation device<br>
Distribution and collection of course evaluation forms
+
*Completed W-9 for (for US-based trainers)<br>
Travel and accommodations for instructor(s)
+
*Two (2) seats in training class at no additional cost<br>
Marketing of the training course through normal instructor methods
+
<br>
Laptop or other presentation device
+
Revenue split<br>
Completed W-9 for (for US-based trainers)
+
Courses are priced as follows:<br>
Two (2) seats in training class at no additional cost
+
*One-day course: $800<br>
Revenue split
+
*Two-day course: $1,600<br>
 
 
Courses are priced as follows:
 
 
 
One-day course: $800
 
Two-day course: $1,600
 
 
Earnings will be split 60/40 (OWASP/Trainer) for each training class. Instructors have the option to donate proceedings to the OWASP Foundation and/or OWASP project of choice, or to receive travel expenses as sole compensation for training and donate the remaining revenue.
 
Earnings will be split 60/40 (OWASP/Trainer) for each training class. Instructors have the option to donate proceedings to the OWASP Foundation and/or OWASP project of choice, or to receive travel expenses as sole compensation for training and donate the remaining revenue.
  

Revision as of 01:33, 12 April 2014


AppSecUSA.LightBg.900x151.png
.




AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices, in the high energy atmosphere of Downtown Denver.

Why should you attend?
Insightful keynote addresses delivered by leading industry visionaries from thought leaders of critical infrastructure. Over 50 sessions across 5 tracks (developer, tester, operations, workshops, and legal) with world-renowned subject matter experts An all-new Legal Track to address industry regulations, privacy laws, liability, and more A hands-all Workshop Track providing instruction on essential security tools and skills Thousands of attendees exclusively focused on Software Security Extensive Capture the Flag competition developed exclusively for AppSec USA 2014 Home-brewed beer competition open to all attendees Convenience of Downtown Denver

Who should attend?
Developers, Security Auditors, Risk Managers, Executive Management, Government, Press, Law Enforcement, Entrepreneurs

If you have any questions, please email the conference committee[email protected]

AppSec USA would not be possible without the hard work of the following volunteers and staff:

General Conference Chair:
Mark Major
Wiki: https://www.owasp.org/index.php/User:Mark_Major
Email:: mark dot major at owasp dot org

Speaker and Trainer Selection Chair:
Steve Kosten
Wiki: https://www.owasp.org/index.php/User:Steve_Kosten
Email: steve dot kosten at owasp dot org

Conference Volunteers:
Chris Campbell
Rob Jepson
Sunil Kollipara
Brad Carvalho
Ann Marie Ronan

OWASP Staff
Sarah Baso @OWASPgirl
LinkedIn: http://www.linkedin.com/pub/sarah-baso/2a/69/53a
Kelly Santalucia @KellySantalucia
LinkedIn: www.linkedin.com/pub/kelly-santalucia/30/59b/2b3/
Samantha Groves @SamanthaOWASP
LinkedIn: http://www.linkedin.com/in/samanthagroves
Kate Hartmann @kate_hartmann
LinkedIn: http://www.linkedin.com/pub/kate-hartmann/8/968/786/
Laura Grau
LinkedIn: http://www.linkedin.com/pub/laura-grau/27/639/461
Alison Shrader
LinkedIn: http://www.linkedin.com/pub/alison-shrader/5/328/91b
Matt Tesauro @matt_tesauro
LinkedIn: http://www.linkedin.com/in/matttesauro



The call for presentations (CFP) is currently open. Submit your talks HERE.


Dates and deadlines

  • April 27th, 2014: Submission deadline
  • May 30th, 2014: Notification of acceptance
  • August 4th, 2014: Final materials due for review
  • September 18th – 19th, 2014: Conference proceedings


Topics of interest
Conference sessions will be divided into four primary tracks and two smaller supporting tracks. Consistent with OWASP, each track will relate in part to web application security.

The primary tracks are:

  • Builders: Targeting developers, testers, and managers involved in the secure software development lifecycle.
  • Breakers: Focusing on matters relevant to penetration testers, researchers, and other security professionals.
  • Defenders: Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.
  • Policy and Legal: Addressing privacy, compliance, and legal issues affecting development and security communities.


The secondary tracks are:

  • OWASP-specific: Status, recruiting, and awareness for OWASP projects; board panels; leadership workshops; etc.
  • Hands-On Skills Lab: Introductory workshops designed to familiarize attendees with critical tools (e.g., “nmap 101″).


We invite all practitioners of application security and those who work or interact with all facets of application security to submit presentations including, but not limited to the following subject areas:

  • Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
  • Mobile security: Development and/or testing devices and the mobile web
  • Cloud security: Offensive and defensive considerations for cloud-based web applications
  • Infrastructure security: Database security, VoIP, hardware, identity management
  • Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
  • Emerging web technologies and associated security considerations
  • Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
  • OWASP tools and projects in practice
  • Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
  • Cool hacks and other fun stuff: cryptography, social engineering, etc.


Submission Format
Only submissions entered into http://cfp.appsecusa.org will be considered. Please have the following information handy.

  • Presentation title
  • Contact information (speaking name, organizational affiliation, email)
  • Abstract, including the following information:

-Presentation overview
-Format (lecture, group panel, live demo, audience participation, etc.)
-Objectives and outcomes

  • Speaker background, including the following information:

-Previous conference speaking experience -Links to videos of past speaking engagements

  • Anything else we should know about you or your presentation


Judging Criteria
All content assessments will be performed blind. Content reviewers will have no knowledge of the presenter’s identity. All uploaded materials must be sanitized of author names and affiliations, email addresses, and other personally-identifiable information.

  • Strength of presentation
  • Vendor neutrality
  • Topicality (fresh research, innovative solutions, relevance to current events, etc.)
  • Depth of content (deeply technical talks are preferred to high-level talks)
  • Relevance to conference tracks
  • Relevance to industry trends
  • Relevance to OWASP or OWASP projects
  • Presentation length (45-50 minute talks are preferred)


A second evaluation will occur based on speaker experience. The final presentation score will be a composite of the two evaluations. The following criteria will be used during evaluation.

  • Strength of speaker
  • Clarity of submission: Demonstrated speaking ability (previous experience, videos of prior speaking engagements, etc.)
  • Bonus points:

-Integration of live demonstrations into the presentation
-Free and open distribution of source code, exploits, tools, and other materials relevant to the talk

Terms
All speakers must provide written agreement to the OWASP Speaker Agreement after notification of acceptance.


The call for training (CFT) is currently open. Submit your talks HERE.

Dates and deadlines

  • April 13th, 2014: Submission deadline
  • May 5th, 2014: Notification of acceptance
  • August 5th, 2014: Final materials due for review
  • September 16th – 17th, 2014: Conference training


Topics of interest
Training related to web application security will be prioritized. These include, but are not limited to:

  • Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
  • Mobile security: Development and/or testing devices and the mobile web
  • Cloud security: Offensive and defensive considerations for cloud-based web applications
  • Infrastructure security: Database security, VoIP, hardware, identity management
  • Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
  • Emerging web technologies and associated security considerations
  • Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
  • OWASP tools and projects in practice
  • Privacy: Legislation, compliance, etc.


Submission Format
Only submissions entered into http://cft.appsecusa.org will be considered. Please have the following information handy.

  • Course title
  • Course instructor(s) and contact information
  • Abstract, including the following information:

-Course overview
-Target audience (roles, experience, ideal number of participants)
-Objectives and outcomes (what results should trainees expect?)

  • Trainer biography (include past training engagements)
  • Additional comments:

-Assumptions
-Constraints

  • Anything else we should know about you or this course


Terms
WASP Foundation obligations:

  • Course marketing mailing lists and official conference channels
  • Registration services
  • Training room with sufficient seating (e.g. table/chair) for registered attendees
  • Single projector and screen
  • Chalkboards, whiteboards, easels, or other fixtures (on request)
  • One (1) full conference pass
  • One (1) conference pass 50% discount code (not stackable with other offers)
  • One (1) seat in training class at no additional cost
  • Timely payment of instructor fees
  • Feedback from course attendees
  • Status updates on the current number of students enrolled (on request)


Instructor obligations:

  • Course materials for students, including syllabus or other hand-outs
  • Distribution and collection of course evaluation forms
  • Travel and accommodations for instructor(s)
  • Marketing of the training course through normal instructor methods
  • Laptop or other presentation device
  • Completed W-9 for (for US-based trainers)
  • Two (2) seats in training class at no additional cost


Revenue split
Courses are priced as follows:

  • One-day course: $800
  • Two-day course: $1,600

Earnings will be split 60/40 (OWASP/Trainer) for each training class. Instructors have the option to donate proceedings to the OWASP Foundation and/or OWASP project of choice, or to receive travel expenses as sole compensation for training and donate the remaining revenue.


caption
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 12 books — including Liars and Outliers: Enabling the Trust Society Needs to Thrive — as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Co3 Systems, Inc.







caption
Keynote speaker Gary McGraw shares his insights on Software Security. Dr. McGraw is CTO of Cigital, Inc., a software security consulting firm for some of the world’s best-known companies. An author of multiple best-selling books, many know of him through his contributions to publications, journals and his monthly security podcast. Gary knows where computer security started and provides valuable insight to where it is going. His advice is sought by company directors, federal government, academia and technologists alike. Gary is firmly rooted in country living. Growing up in the woods of Tennessee, he lives near the Appalachian trail in Virginia.










caption
Denver Marriott City Center

1701 California St. Denver, CO 80202-3402 Phone: 1-303-297-1300 / 1-800-228-9290 Denver Marriott City Center is centrally located in the heart of Downtown Denver within walking distance of many of the city’s best attractions, to include entertainment, cultural venues and shopping and dining. With views of the Rocky Mountains and easy access to all that Colorado has to offer, your stay at the Denver Marriott City Center is sure to make you fall in love with our fine city!

Hotel Rates

City Attractions and Activities

Coors Field Sports Authority Field at Mile High Denver Convention Center Denver Performing Arts Center Buell Theatre 16th Street Pedestrian Mall Larimer Square LoDo District Denver Mint Cherry Creek Mall Molly Brown House Denver Zoo Denver Museum of Natural History

Travel & Transportation

Valet parking, fee: $32 USD daily Off-site parking fee: $15 USD hourly, $32 USD Daily Amtrak-DEN: 1 mile Denver International Airport – DIA

Visit DIA airport website

Hotel direction: 26 mile(s) SW

Driving directions: Take Interstate 70 West to Interstate 25 and follow Interstate 25 South to the 20th Street exit in downtown Denver. Turn left onto 20th Street and continue to Arapahoe Street. Turn right and proceed to 19th Street. Turn left and travel four blocks to Califronia Street. Turn right and the hotel entrance is the first right after 18th Street.

This hotel does not provide shuttle service.

Alternate transportation: SuperShuttle; fee: 23 USD (one way) ;on request Bus service, fee: 11 USD (one way) Estimated taxi fare: 65 USD (one way)

Registration will soon be opened. Stay tuned!


Want to sponsor this event?

    • Click Here to Access the Sponsorship Prospectus **

Open Web Application Security Project (OWASP) is an open-source, not-for-profit application security organization made up of corporations, educational organizations, and individuals from around the world. Providing free, vendor-neutral, practical, cost-effective application security guidance, the organization is the de-facto standards body for web application security used by developers and organizations globally.

Join 1,500+ attendees. Executives from the Fortune 500, thought leaders, security architects and developers, gather to share cutting-edge ideas, initiatives and technology advancements.

Two days of training and two day conference Keynote addresses by world renowned Industry experts Exhibit area offering solutions to your application security challenges Global Reach: OWASP supports 30,000+ individual participants, more than 65 organizational and 60 academic supporters via 200 local chapters in 75+ countries across 6 continents.

Important to all Industries: Access to key representatives and decision-makers from major Financial Services, Insurance, e-Commerce, Retail, Pharmaceutical, and Government sectors World renowned speakers Conference is exclusively focused on Application Security to provide solutions to your problems Downtown Denver – With views of the Mountains – what more could you ask for? Discounts for OWASP Corporate Supporters




 

DIAMOND SPONSOR

 

  SponsorshipAvailable.490x245.png  

 

PLATINUM SPONSORS

 

  Whitehat.490x81.png       HP Blue RGB 150 MD.png     SponsorshipAvailable.490x245.png  

 

GOLD SPONOSRS

 

  AspectSecurity.320x76.png     Astech.320x160.png     Accuvant.320x48.png    



Checkmarx.320x32.png     Cigital.320x105.png     NetSpi logo.png    



Qualys.320x93.png     ShapeSecurity.320x46.png     Sonatype.320x80.png    



Tenable T.png       SponsorshipAvailable.490x245.png   -  

SILVER SPONSORS

 



    Acunetix.235x35.png     Coalfire Labs Logo Resized.png     Codelogo.png     Coverity Logo.png    



Imperva.235x32.png     Trustwave logo RGB -Resized (1).jpg     link‎:http://a2210ec9e0398f92c037-df1179e6c4bc94e126c6372b21bd3f5a.r82.cf2.rackcdn.com/AppSecUSA%202014%20Sponsorship.pdf    



   

CAPTURE THE FLAG SPONSORS

 

  Versprite.300x121.png     Coalfire Labs Logo Resized.png     SponsorshipAvailable.490x245.png    



   

ADDITIONAL SPONSORS

   

AppliedTrust.300x150.png     SponsorshipAvailable.490x245.png    



   

MEDIA PARTNERS

   

NCCDC.320x128.png     Ismg.320x160.jpg     Council-on-CyberSecurity.320x87.png     ISSA Marketing Partner Logo.jpg     ISC2MainLogoGreen.jpg    

    EC-Council.2.320x180.png         MetzgerAlbee.320x57.png