This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Front Range OWASP Conference 2013
- Introduction
- CFP
- Registration
- Venue
- Conference Schedule
- Event Sponsors
- Continuing Education Credit
- Hotel and Travel
- Presentation Archive
Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference
After successful FROC's in June of 2008, March of 2009, 2010 and 2012 we are back in Denver, Colorado USA on March 28-29, 2013. Primary conference proceedings will be held on Thursday with informal "Birds of a Feather" sessions on Friday morning (half-day). We're also trying to arrange discounted skiing for those looking to break free on Friday for the weekend.
The conference is a full day, multi-track event, which will provide valuable information for managers and executives as well as developers and engineers. Tracks are still being finalized but will include:
- Cloud Security - focused on how cloud hosting changes the security model and implementation of security controls
- Web App Security Management - focused on the manager's view of web application security with a special focus on scope, boundaries, responsibilities, and legal considerations
- Deep Dive Technical - focused on hard technical problems like encryption across an n-tiered web application stack, auditing web app mashups, and HTML 5 security concerns
- Web Application Security Testing - focused on testing web apps, especially large and complex enterprise apps
- Legal Aspects of Web App Security - focused on liability considerations and other concerns of particular interest to managers, executives, and counsel (will be awarded CLE credit)
While the tracks are ongoing we'll also have a capture the flag (CTF) competition underway featuring homegrown hacking challenges.
In 2012, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2013.
Conference Committee
Conference Lead: Micah Tapman, Kathy Thaxton (alternate), Mark Major (alternate)
Sponsorship Coordinator: Micah Tapman (acting)
CTF Lead: Mark Major
Pesentation Selection Committee
TBD
Colorado Chapter Hosts
Steve Kosten, OWASP Denver chapter
Mark Major, OWASP Boulder chapter
Call for Presentations
Conference organizers are actively seeking presentations relating to the following topics. Please forward this site to all interested practitioners and colleagues.
Tracks and topics
The following topics will be prioritized during the selection process.
High-level technical track
- Cloud security
- How cloud hosting changes the security model
- Implementation of security controls
- Web application security testing, especially targeting large and complex enterprise applications
- OWASP tools and projects
- New and proposed projects
- Development and status of existing projects
Deep-dive technical track
- Encryption across an n-tiered web application stack
- Auditing web application mash-ups
- Technology-specific presentations (HTML5, AJAX, etc.)
- Secure coding for web applications
- Static code analysis
- Hands-on countermeasures
Management track
- Web application security management: focused on a managerial view of web application security with a special focus on scope, boundaries, responsibilities, and legal considerations
- Emerging threats
- Planning and managing secure software development lifecycles
- Metrics for application security
- Business risks associated with application security
Legal track
- Liability considerations related to web application security
- Data ownership and privacy within the cloud
- Cybersecurity legislation
Submission process
One abstract must be submitted for each presentation considered. Abstracts must be written in English, should not exceed 300 words, and should be uploaded here.
Abstract format
The website above will automatically create and format abstracts based on submitted information. However, uploading existing abstract documents is permitted provided the following requirements are met:
- Only Microsoft Word documents, PDFs, rich-text format documents, and text files will be reviewed.
- Author names, affiliations, email addresses, and other personally-identifiable information must be stripped from the uploaded document.
- All presentations must be titled. Titles should appear at the top of the page.
- The overview of the proposed presentation should not exceed 300 words.
Evaluation process
Submitted abstracts will be assessed by selected members of the Colorado OWASP chapters. All reviews will be blind and reviewers will not have visibility to author information. The following criteria will determine abstract rankings:
- Applicability to the requested topics
- Applicability to the conference theme
- OWASP relevance
- Industry relevance (web application development and operations, general cybersecurity, etc.)
- Timeliness of submission
- Strength of presentation (as determined by the review committee)
Dates and deadlines
Abstract collection will occur between January 5th through February 10th, 2013. Initial presentation selections will be announced by February 17th, and a continuing collection may occur as needed until all tracks are filled.
Final presentations of accepted abstracts must be submitted for review by March 14th, 2013. All presentations will be delivered during conference proceedings on March 28th, 2013.
Legalities
All speakers must agree with and abide by the OWASP Speaker Agreement v2.0.
Anyone who cannot or will not abide by these terms will not be permitted to present at the conference.
In addition, presenters must agree to allow use of abstract titles, text, and speaker names and bios for conference promotion. With speaker consent, presentation materials will be distributed to conference attendees and will be archived for future reference. With speaker consent, presentations will be recorded and archived.
SnowFROC 2013 registration will be available by January 21st.
Please check back later for details.
Conference Location
Due to conference expansion, SnowFROC is moving to the Denver Marriott City Center in the heart of downtown Denver, Colorado.
OWASP negotiated preferred room rates at the Marriott. See the Hotel tab for additional details.
Track Schedule
This schedule is subject to frequently changes as the conference draws nearer.
Day 1: Thursday, March 28th, 2013 | |||||
---|---|---|---|---|---|
Cloud Security: Room 1 | Technical Deep-Dive: Room 2 | Management: Room 3 | Legal Aspects: Room 4 | Testing: Room 5 | |
07:00-08:45 | Registration Executive Breakfast provided by BREAKFAST SPONSOR (08:00 - 09:00) | ||||
08:45-09:00 | Introductions Presenters: Steve Kosten, Mark Major Slides | ||||
09:00-09:45 | Keynote1 Presenters: Presenter_Bio Presenter 1, Presenter_Bio Presenter 2 Slides | ||||
09:45-10:15 | Room arrangement Sponsor Expo |
CTF Kick-off Presenters: Mark Major | |||
10:15-11:00 | Cloud Preso 1 Author Name VIDEO / SLIDES |
Deep-dive Preso 1 Author Name VIDEO / SLIDES |
Management Preso 1 Author Name VIDEO / SLIDES |
Legal Preso 1 Author Name VIDEO / SLIDES |
Testing Preso 1 Author Name VIDEO / SLIDES |
11:10-11:55 | Cloud Preso 2 Author Name VIDEO / SLIDES |
Deep-dive Preso 2 Author Name VIDEO / SLIDES |
Management Preso 2 Author Name VIDEO / SLIDES |
Legal Preso 2 Author Name VIDEO / SLIDES |
Testing Preso 2 Author Name VIDEO / SLIDES |
12:05-12:50 | Sponsor Expo LUNCH - Provided by LUNCH SPONSOR | ||||
13:00-13:45 | Cloud Preso 3 Author Name VIDEO / SLIDES |
Deep-dive Preso 3 Author Name VIDEO / SLIDES |
Management Preso 3 Author Name VIDEO / SLIDES |
Legal Preso 3 Author Name VIDEO / SLIDES |
Testing Preso 3 Author Name VIDEO / SLIDES |
13:55-14:40 | Cloud Preso 4 Author Name VIDEO / SLIDES |
Deep-dive Preso 4 Author Name VIDEO / SLIDES |
Management Preso 4 Author Name VIDEO / SLIDES |
Legal Preso 4 Author Name VIDEO / SLIDES |
Testing Preso 4 Author Name VIDEO / SLIDES |
14:50-15:35 | Cloud Preso 4 Author Name VIDEO / SLIDES |
Deep-dive Preso 4 Author Name VIDEO / SLIDES |
Management Preso 4 Author Name VIDEO / SLIDES |
Legal Preso 4 Author Name VIDEO / SLIDES |
Testing Preso 4 Author Name VIDEO / SLIDES |
15:35-16:05 | Room arrangement Sponsor Expo Raffles? | ||||
16:05-16:50 | Panel discussion: Topic of interestPanelist Name, Company & Title, | ||||
16:50-17:00 | Wrap up Presenters: User:Micah_Tapman:Micah Tapman Sponsor raffles | ||||
18:30-21:00+ | AppliedTrust after-party at WHEREVER CTF awards ceremony (19:30) |
Day 2: Friday, March 29th, 2013 | |||||
---|---|---|---|---|---|
Technical | Management | Capture the Flag | |||
08:45-09:15 | Coffee bar provided by COFFEE SPONSOR (08:45 - 10:15) | ||||
09:15-10:00 | Birds of a Feather: Session 1 | Birds of a Feather: Session 1 | Postmortem | ||
10:15-11:00 | Birds of a Feather: Session 2 | Birds of a Feather: Session 2 | FLOSSHack: CTF VM | ||
11:15-12:00 | Birds of a Feather: Session 3 | Birds of a Feather: Session 3 | FLOSSHack: Scoreboard | ||
12:15-13:00 | Birds of a Feather: Session 4 | Birds of a Feather: Session 4 | FLOSSHack: Next steps |
Sponsors
If you are interested in sponsoring the Front Range OWASP Conference, please contact Micah Tapman at micah at aerstone dot com.
CPE and CLE credits
Much of the SnowFROC content is eligible for continuing professional education (CPE) or continuing legal education (CLE) credits. Please check with your institution regarding specific requirements.
CPE credits
The CISM CPE policy (www.isaca.org/cismcpepolicy) states:
One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.
Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"
CLE credits
Conference organizers are actively pursuing certified seminar accreditation from the Colorado Board of Continuing Legal and Judicial Education. For additional information regarding CPEs and Rule 260 please visit the Colorado Supreme Court's CLE page.
Denver Marriott City Center
The Denver Marriott City Center is extending a discounted room rate to conference attendees. This rate applies between March 25th through April 1st, 2013. Please reference SnowFROC when reserving your room.
Room block info
Information coming soon.
Local ground and air transportation
Information coming soon.
Denver Attractions
The Marriott is located in the heart of Denver, Colorado and is walking distance or a short cab ride from many downtown attractions.
- Monty Python's Spamalot at the Buell Theatre (3/28-30)
- World-class exhibitions at the Denver Art Museum
- Guided walking tours of downtown's microbreweries
- The Denver Nuggets host the Brooklyn Nets (3/29 @ 7pm)
- Free tours of the US Mint
- Plus all the standard downtown stuff: shopping, more shopping, an aquarium, a zoo, comedy clubs, local music, and many clubs, restaurants, and art galleries.
Colorado Attractions
Out-of-town visitors may be interested in staying for the weekend to enjoy all Colorado has to offer, including:
- Red Rocks amphitheatre
- The Butterfly Pavilion
- Garden of the Gods (Colorado Springs)
- Royal Gorge (Canyon City)
- Coors, New Belgium, and many other Colorado breweries
Skiing
The SnowFROC staff is pursuing a chartered bus and negotiated discounts for premier ski resorts and lift tickets. Check back soon for details!
2013 presentations
Presentation materials will be made available upon the conclusion of SnowFROC2013.
Previous conferences
2012 presentations are available here.