<div dir="ltr"><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div dir="ltr" style="font-family:arial,sans-serif;font-size:13px"><a href="https://cfp.appsecusa.org/" target="_blank"><span lang="EN-US" style="color:windowtext;text-decoration:none"><img border="0" width="853" height="135" src="cid:image001.png@01CF370C.A571FD40" class=""></span></a></div>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><b><span lang="EN-GB">=== FOR IMMEDIATE DISTRIBUTION ===</span></b><span lang="EN-GB"><u></u><u></u></span></p><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px">

<span lang="EN-GB">(Please redistribute this announcement to colleagues and peers as appropriate.)<u></u><u></u></span></p><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB"><u></u> <u></u></span></p>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">The Colorado <a href="https://www.owasp.org/" target="_blank">OWASP</a> chapters are pleased to announce that the 11th annual AppSec USA conference is coming to Denver on September 16-19, 2014. Effective immediately the CFP is open. Interested parties may submit their presentation abstracts <a href="https://cfp.appsecusa.org/" target="_blank">https://cfp.appsecusa.org</a>.<u></u><u></u></span></p>

<h1 style="font-family:arial,sans-serif"><span lang="EN-GB">Dates and deadlines<u></u><u></u></span></h1><p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">April 27<sup>th</sup>, 2014: Submission deadline<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">May 30<sup>th</sup>, 2014: Notification of acceptance<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">August 4<sup>th</sup>, 2014: Final materials due for review<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">September 18<sup>th</sup> - 19<sup>th</sup>, 2014: Conference proceedings<u></u><u></u></span></p>

<h1 style="font-family:arial,sans-serif"><span lang="EN-GB">Topics of interest<u></u><u></u></span></h1><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">Conference sessions will be divided into four primary tracks and two smaller supporting tracks. Consistent with OWASP, each track will relate in part to web application security. The primary tracks are:<u></u><u></u></span></p>

<ol start="1" type="1" style="font-family:arial,sans-serif;font-size:13px;margin-top:0in"><li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">Builders</span></b><span lang="EN-GB"><br><i>Targeting developers, testers, and managers involved in the secure software development lifecycle.</i><u></u><u></u></span></li>

<li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">Breakers</span></b><span lang="EN-GB"><br><i>Focusing on matters relevance to penetration testers, researchers, and other security professionals.</i><u></u><u></u></span></li>

<li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">Defenders</span></b><span lang="EN-GB"><br><i>Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.</i><u></u><u></u></span></li>

<li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">Policy and Legal</span></b><span lang="EN-GB"><br><i>Addressing privacy, compliance, and legal issues affecting development and security communities.</i><u></u><u></u></span></li>

</ol><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">The secondary tracks are:<u></u><u></u></span></p><ol start="5" type="1" style="font-family:arial,sans-serif;font-size:13px;margin-top:0in">

<li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">OWASP-specific<br></span></b><i><span lang="EN-GB">Status, recruiting, and awareness for OWASP projects; board panels; leadership workshops; etc.<u></u><u></u></span></i></li>

<li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><b><span lang="EN-GB">Hands-On Skills Lab<br></span></b><i><span lang="EN-GB">Introductory workshops designed to familiarize attendees with critical tools (e.g., "nmap 101").<u></u><u></u></span></i></li>

</ol><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">We invite all practitioners of application security and those who work or interact with all facets of application security to submit presentations including, but not limited to the following subject areas:<span style="color:rgb(68,68,68)"><u></u><u></u></span></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Secure development</span></b><span lang="EN-GB">: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Mobile security</span></b><span lang="EN-GB">: Development and/or testing devices and the mobile web<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Cloud security</span></b><span lang="EN-GB">: Offensive and defensive considerations for cloud-based web applications<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Infrastructure security</span></b><span lang="EN-GB">: Database security, VoIP, hardware, identity management<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Penetration testing</span></b><span lang="EN-GB">: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB" style="color:rgb(68,68,68)">E</span><span lang="EN-GB">merging web technologies</span></b><span lang="EN-GB"> and associated security considerations<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Incident response</span></b><span lang="EN-GB">: Threat detection, triage, malware analysis, forensics, rootkit detection<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">OWASP tools and projects</span></b><span lang="EN-GB"> in practice<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Legal</span></b><span lang="EN-GB">: Legislation, privacy, regulations and compliance, C-level considerations, etc.</span><span lang="EN-GB" style="color:rgb(68,68,68)"><u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><b><span lang="EN-GB">Cool hacks and other fun stuff</span></b><span lang="EN-GB">: cryptography, social engineering, etc.</span><b><span lang="EN-GB" style="color:rgb(68,68,68)"><u></u><u></u></span></b></p>

<h1 style="font-family:arial,sans-serif"><span lang="EN-GB">Submission Format<u></u><u></u></span></h1><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">Only submissions entered into <a href="http://cfp.appsecusa.org/" target="_blank"><b>http://cfp.appsecusa.org</b></a> will be considered. Please have the following information handy.<u></u><u></u></span></p>

<ol start="1" type="1" style="font-family:arial,sans-serif;font-size:13px;margin-top:0in"><li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><span lang="EN-GB">Presentation title<u></u><u></u></span></li><li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px">

<span lang="EN-GB">Contact information (speaking name, organizational affiliation, email)<u></u><u></u></span></li><li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><span lang="EN-GB">Abstract, including the following information:<u></u><u></u></span></li>

<ol start="1" type="a" style="margin-top:0in"><li class="MsoNormal" style="margin-top:0in;margin-left:15px"><span lang="EN-GB">Presentation overview<u></u><u></u></span></li><li class="MsoNormal" style="margin-top:0in;margin-left:15px">

<span lang="EN-GB">Format (lecture, group panel, live demo, audience participation, etc.)<u></u><u></u></span></li><li class="MsoNormal" style="margin-top:0in;margin-left:15px"><span lang="EN-GB">Objectives and outcomes<u></u><u></u></span></li>

</ol><li class="MsoNormal" style="margin-bottom:6pt;margin-left:15px"><span lang="EN-GB">Speaker background, including the following information:<u></u><u></u></span></li><ol start="1" type="a" style="margin-top:0in"><li class="MsoNormal" style="margin-top:0in;margin-left:15px">

<span lang="EN-GB">Previous conference speaking experience<u></u><u></u></span></li><li class="MsoNormal" style="margin-top:0in;margin-left:15px"><span lang="EN-GB">Links to videos of past speaking engagements<u></u><u></u></span></li>

<li class="MsoNormal" style="margin-top:0in;margin-left:15px"><span lang="EN-GB">Anything else we should know about you or your presentation<u></u><u></u></span></li></ol></ol><h1 style="font-family:arial,sans-serif"><span lang="EN-GB">Judging Criteria<u></u><u></u></span></h1>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">All content assessments will be performed blind. Content reviewers will have no knowledge of the presenter's identity. All uploaded materials must be sanitized of author names and affiliations, email addresses, and other personally-identifiable information.<u></u><u></u></span></p>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><b><span lang="EN-GB">Strength of presentation</span></b><span lang="EN-GB"><u></u><u></u></span></p><p style="font-family:arial,sans-serif;font-size:13px">

<u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Vendor neutrality<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Topicality <i>(fresh research, innovative solutions, relevance to current events, etc.)</i><u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Depth of content <i>(deeply technical talks are preferred to high-level talks)</i><u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Relevance to conference tracks<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Relevance to industry trends<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Relevance to OWASP or OWASP projects<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Presentation length <i>(45-50 minute talks are preferred)</i><u></u><u></u></span></p>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">A second evaluation will occur based on speaker experience. The final presentation score will be a composite of the two evaluations. The following criteria will be used during evaluation.<u></u><u></u></span></p>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><b><span lang="EN-GB">Strength of speaker</span></b><span lang="EN-GB"><u></u><u></u></span></p><p style="font-family:arial,sans-serif;font-size:13px">

<u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Clarity of submission<b><u></u><u></u></b></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Demonstrated speaking ability (previous experience, videos of prior speaking engagements, etc.)<u></u><u></u></span></p>

<p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><b><span lang="EN-GB">Bonus points<u></u><u></u></span></b></p><p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Integration of live demonstrations into the presentation<u></u><u></u></span></p>

<p style="font-family:arial,sans-serif;font-size:13px"><u></u><span lang="EN-GB" style="font-size:10pt;font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">         </span></span><u></u><span lang="EN-GB">Free and open distribution of source code, exploits, tools, and other materials relevant to the talk<u></u><u></u></span></p>

<h1 style="font-family:arial,sans-serif"><span lang="EN-GB">Terms<u></u><u></u></span></h1><p class="MsoNormal" style="font-family:arial,sans-serif;font-size:13px"><span lang="EN-GB">All speakers must provide written agreement to the OWASP Speaker Agreement after notification of acceptance:<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-top:0in;font-family:arial,sans-serif;font-size:13px;text-indent:0.5in"><span lang="EN-GB"><a href="https://www.owasp.org/index.php/Speaker_Agreement" target="_blank">https://www.owasp.org/index.php/Speaker_Agreement</a></span></p>

</div>
</div>