Monday, March 3, 2014

CFP for AppSec USA 2014



=== FOR IMMEDIATE DISTRIBUTION ===
(Please redistribute this announcement to colleagues and peers as appropriate.)

The Colorado OWASP chapters are pleased to announce that the 11th annual AppSec USA conference is coming to Denver on September 16-19, 2014. Effective immediately the CFP is open. Interested parties may submit their presentation abstracts https://cfp.appsecusa.org.

Dates and deadlines

·         April 27th, 2014: Submission deadline
·         May 30th, 2014: Notification of acceptance
·         August 4th, 2014: Final materials due for review
·         September 18th - 19th, 2014: Conference proceedings

Topics of interest

Conference sessions will be divided into four primary tracks and two smaller supporting tracks. Consistent with OWASP, each track will relate in part to web application security. The primary tracks are:

  1. Builders
    Targeting developers, testers, and managers involved in the secure software development lifecycle.
  2. Breakers
    Focusing on matters relevance to penetration testers, researchers, and other security professionals.
  3. Defenders
    Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.
  4. Policy and Legal
    Addressing privacy, compliance, and legal issues affecting development and security communities.
The secondary tracks are:

  1. OWASP-specificStatus, recruiting, and awareness for OWASP projects; board panels; leadership workshops; etc.
  2. Hands-On Skills LabIntroductory workshops designed to familiarize attendees with critical tools (e.g., "nmap 101").
We invite all practitioners of application security and those who work or interact with all facets of application security to submit presentations including, but not limited to the following subject areas:

·         Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
·         Mobile security: Development and/or testing devices and the mobile web
·         Cloud security: Offensive and defensive considerations for cloud-based web applications
·         Infrastructure security: Database security, VoIP, hardware, identity management
·         Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
·         Emerging web technologies and associated security considerations
·         Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
·         OWASP tools and projects in practice
·         Legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
·         Cool hacks and other fun stuff: cryptography, social engineering, etc.

Submission Format

Only submissions entered into http://cfp.appsecusa.org will be considered. Please have the following information handy.

  1. Presentation title
  2. Contact information (speaking name, organizational affiliation, email)
  3. Abstract, including the following information:
    1. Presentation overview
    2. Format (lecture, group panel, live demo, audience participation, etc.)
    3. Objectives and outcomes
  4. Speaker background, including the following information:
    1. Previous conference speaking experience
    2. Links to videos of past speaking engagements
    3. Anything else we should know about you or your presentation

Judging Criteria

All content assessments will be performed blind. Content reviewers will have no knowledge of the presenter's identity. All uploaded materials must be sanitized of author names and affiliations, email addresses, and other personally-identifiable information.

Strength of presentation
·         Vendor neutrality
·         Topicality (fresh research, innovative solutions, relevance to current events, etc.)
·         Depth of content (deeply technical talks are preferred to high-level talks)
·         Relevance to conference tracks
·         Relevance to industry trends
·         Relevance to OWASP or OWASP projects
·         Presentation length (45-50 minute talks are preferred)
A second evaluation will occur based on speaker experience. The final presentation score will be a composite of the two evaluations. The following criteria will be used during evaluation.

Strength of speaker
·         Clarity of submission
·         Demonstrated speaking ability (previous experience, videos of prior speaking engagements, etc.)

Bonus points
·         Integration of live demonstrations into the presentation
·         Free and open distribution of source code, exploits, tools, and other materials relevant to the talk

Terms

All speakers must provide written agreement to the OWASP Speaker Agreement after notification of acceptance:

No comments: