The OWASP Uruguay chapter is excited to announce its call for papers for our upcoming event focused on application security! We invite security professionals, developers, researchers, and enthusiasts to share their knowledge, insights, and innovative work with the local community. This is a fantastic opportunity to contribute to the growth of application security awareness and expertise in Uruguay.

We are looking for submissions that cover a wide range of topics within application security, including but not limited to:

• Web Application Security: Common vulnerabilities (e.g., OWASP Top Ten), secure development practices, testing methodologies, framework-specific security, and emerging threats.
• Mobile Security: Security of iOS and Android applications, mobile penetration testing, secure mobile development lifecycle, and mobile threat landscape.
• API Security: Security challenges in REST, GraphQL, and other API architectures, API testing, authentication and authorization mechanisms, and API gateway security.
• Cloud Security: Security considerations for cloud-native applications, serverless security, container security (Docker, Kubernetes), and cloud security best practices.
• DevSecOps: Integrating security into the development pipeline, automation of security testing, infrastructure as code security, and security culture.
• Secure Software Development Lifecycle (SSDLC): Incorporating security at each stage of development, threat modeling, secure coding guidelines, and security training.
• Identity and Access Management: Authentication, authorization, federation, multi-factor authentication, and identity governance.
• Cryptography: Applied cryptography, secure key management, encryption best practices, and common cryptographic pitfalls.
• Security Testing: Penetration testing methodologies, vulnerability scanning, static and dynamic analysis, bug bounty programs, and tooling.
• Emerging Technologies: Security implications of AI/ML, blockchain, IoT, and other new technologies.
• Case Studies and Real-World Experiences: Sharing practical experiences, lessons learned from security incidents, and successful application security implementations.
• Legal and Compliance Aspects of Application Security: Data privacy regulations (e.g., GDPR), compliance standards (e.g., PCI DSS), and legal implications of security vulnerabilities.

We welcome submissions in the following formats:

Presentations (30-45 minutes): In-depth talks on specific topics, including time for Q&A.

Panel Discussions (45-60 minutes): Moderated discussions involving multiple speakers with diverse perspectives on a relevant topic. Please propose the topic and potential panelists.

We encourage submissions catering to a diverse range of expertise levels:

• Beginner: Introductory topics explaining fundamental concepts and providing an overview of specific security areas.
• Intermediate: Sessions that delve deeper into technical details, best practices, and practical applications for those with some existing knowledge.
• Advanced: Highly technical presentations and workshops focusing on cutting-edge research, novel attack techniques, and sophisticated defense mechanisms for experienced professionals.

Our target audience includes:

• Application Developers
• Security Analysts and Engineers
• Penetration Testers
• Security Architects
• IT Managers and Directors
• Students and Academics interested in Application Security

Submission Guidelines:

Please submit a detailed abstract (200-400 words) outlining the topic, key takeaways, target audience, and format of your proposed session.

Include a brief biography (50-100 words) of the speaker(s).

Specify the level of expertise required for the audience.

Submissions must be original and not have been previously presented at major conferences.

Submissions will be reviewed by a program committee based on relevance, technical accuracy, originality, and clarity.

Speakers will be notified of the acceptance of their proposals.

Code of Conduct:

OWASP is dedicated to providing a safe, inclusive, and respectful environment for all participants at our events. We expect all attendees, speakers, sponsors, and volunteers to adhere to the following Code of Conduct:

Be Respectful: Treat everyone with courtesy, respect, and consideration, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, ethnicity, age, religion, or technology choices.   

Be Inclusive: Welcome diverse perspectives and ensure that everyone feels included and valued.

Be Considerate: Be mindful of your surroundings and your fellow participants. Avoid disruptive behavior during sessions or social events.

No Harassment: Harassment in any form will not be tolerated. This includes offensive verbal comments, deliberate intimidation, stalking, following, harassing photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention.   

Report Concerns: If you experience or witness harassment or any behavior that violates this Code of Conduct, please immediately contact an event organizer or volunteer. All reports will be treated seriously and handled with discretion.

Sponsors: Sponsors are also expected to uphold this Code of Conduct. In particular, sponsors should not use sexualized images, activities, or other material in their booths or presentations.

OWASP reserves the right to take any action deemed necessary and appropriate, including immediate expulsion from the event without a refund, in response to any violation of this Code of Conduct.

We look forward to receiving your compelling submissions and creating an engaging and informative OWASP event in Uruguay!