Call for Presentations
What are we looking for?
Anything and everything AppSec! Application security, software security, web security…
In general, the only restriction on the subject of the talks is being related to Application Security or Software Security in some way (not necessarily Web). We will not accept any talks regarding other aspects of Security, that are not applicative in nature. Talks at any technical level can be accepted.
We especially appreciate talks from security folk in large organizations (“security consumers”) who can share different Case Studies from the field. Specifically, the topics we look for include, but are not limited to, the following subject areas:
- Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
- Mobile security: Development and/or testing devices and the mobile web
- Cloud security: Offensive and defensive considerations for cloud-based web applications
- Applicative Infrastructure security: Database security, VoIP, hardware, identity management, serverless and containers frameworks
- Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
- Emerging web technologies and associated security considerations
- Internet of Things: IoT security and other devices
- SCADA and Industrial Control Systems: and how these can be secured, or hacked, at an application or software level.
- Applied Cryptography: Relevant research, new models, algorithm usage, interesting attacks, and other applications.
- Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
- OWASP tools and projects in practice
- Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
- Cool hacks and other fun stuff: cryptography, social engineering, etc.
AppSecIL will include 2 lecture tracks. The specific division of these tracks will be decided later, but it will likely be aligned with OWASP’s Builders / Breakers / Defenders nomenclature:
- Builders: Targeting developers, testers, and managers involved in the secure software development lifecycle.
- Breakers: Focusing on matters relevant to penetration testers, researchers, and other security professionals.
- Defenders: Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.
- Policy and Legal: Addressing privacy, compliance, and legal issues affecting development and security communities.
Since we usually get many more “Breaker” talks than Builder or Defender talks, we may give extra weight for these.
We use a double-blind review process, wherein the reviewers do not see the identity of the submitter until after the review is complete. We hope this will improve the diversity of our speakers, and encourage new speakers to submit.
If this will be your first time presenting at a conference, we can offer you a speaker mentor if you want, though it is not mandatory. (Mentorship is available for experienced speakers too :-) )
CFP closes: July 15, 2018
Notification: August 5, 2018
Conference: September 6, 2018
We are working to dedicate a travel assistance budget for those that require it.
As a free community event with no profit, we rely on our sponsors to cover all our costs, including free food and drinks all day long. Unfortunately this means we do not have an unlimited budget for all speakers, but if you need assistance we will be able to help cover part of your costs of travel and accommodation.
However we are limited in how many speakers we can offer to cover, so if you work for a company that can afford to pay for your travel, we will be happy to grant them a Community Supporter sponsorship in recognition. If your company will not (or cannot) cover your travel, we will work with you upon acceptance to ensure you do not incur large expenses to come speak at our conference.
This will not affect your acceptance at all. We will not expect you to confirm attendance before we confirm how much assistance we can offer.