INTRODUCTION

2026 marks the 25th anniversary of the OWASP Foundation. We have been working hard to secure the world through challenges and discovery. And now, it's time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September!

Beginning at 9am CET time on February 24, 2026, we will be hosting virtual talks presented by industry thought-leaders. The event will consist of educational talks weaved in with OWASP Chapter highlights within the region.

We will have two (2) of these educational events. The first will be February 24, 2026 on Central European Time Zone and the second will be September 21 on Central Standard Time. The CfP for the September event will be promoted at a later date.

 CALL FOR PRESENTATIONS (CFP) & SUBMISSION 

The OWASP Events Team is formally issuing a call for vuirtual presentations, opening October 7, and closing November 30, 2025, at 11:59 PDT. 

*******************************************

What topics should you submit about?

 This year’s tracks have been modified from traditional OWASP tracks, we hope you like the change!! Speakers should focus on the following categories for each of the tracks below and find what questions their presentation answers. Sessions will be scheduled for 30 minutes, with an additional expected 5-10 minute Q&A period. 

We’ve provided a few topic suggestions below for ALL cateogies listed below, but feel free to innovate!

• Web application security
• AI
• Mobile, Cloud, and Serverless security
• Blockchain & Internet of Things for security use
• Penetration testing & Application-level attacks
• Threat modeling, Application, and system architecture
• Security for DevOps engineers
• Privacy controls
• Planning and implementing an application security program
• Creating an AppSec team & culture
• Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t!
• How you failed. Things you did and didn’t work. Share pitfalls and failures so we all can learn from them. 

CATEGORIES OF TRACKS LISTED BELOW

**Note: OWASP Projects are encouraged to submit in aligned track below.

PLANNING AND DESIGN - Security efforts taken during the ideation, requirements and design - security requirements, threat modeling

IMPLEMENTATION - What can security do while the system is created? How do we guarantee that the findings of planning and design are correctly executed? How can we make it easier for developers to be secure and create  secure application?

TESTING - How do we validate that what is needed to happen indeed happens? How do we verify  that the system is as secure as it can be before deployment?

DEPLOYMENT AND MAINTENANCE - devops, devsecops, patching, and everything in between

PROCESS and CULTURE - Security awareness, security champions, security culture - everything around building frameworks that allow organizations to not only be secure but grow secure too.

CHAPTERS - We will be highlighting chapters in the Eastern Hemisphere for our February Conference. These regions include, but are not limited to Europe, Africa, Asia, and Australia (Oceania). If you would like your chapter to be featured, please submit and let us know why!

If your task doesn't fit into the above categories or you are not sure, then try the next category:

We are not the keepers of all the best ideas! If you have something great to share with the community but it doesn't fit above, share it in (BUFFER) OVERFLOW 

******************************************

 REVIEW TIMELINES

 CfP IMPORTANT DATES: 

 CfP Opens:  October 7, 2025

 CfP Closes: November 30, 2025

 Notification of submitters: Week of December 15, 2025

 Program announced: Week of January 1, 2026

 Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site. 

******************************************************

REVIEW CONSIDERATIONS

The Program Team will review your submission and give it a rating which will be used to compare it to the other submissions in your chosen track. 

Your submission *will be disqualified* if: 

Your submission was submitted by someone who is not one of the speakers such as the marketing team or a marketing agency.

Your submission has self-identifying elements in its abstract, outline, slides, past presentations, etc. - these elements can be, but are not limited to, affiliation with well-known podcasts, headshots, company references, apart from directly identifying information like names, etc. - OWASP strives to have a completely blind review process

Your submission is identified as having been generated by an AI

Your submission will *NOT* be disqualified, BUT:

If you have recently presented the same material in another conference or venue, kindly indicate so. OWASP strives to have new and novel content in its events, and we expect that any material previously presented elsewhere will have enough distinction during our events so as to separate it from previous presentations. Please be sure to indicate how this edition will be different from previous ones

If distinct submitters from the same company submit on the same or closely related subject, we ask that you kindly coordinate before submitting, so we can guarantee the highest quality of presentation

If you are submitting to more than one track, please indicate in your submissions so the reviewers are aware of it.

The top scored submissions:

-Have a clear abstract that describes an interesting and relevant talk which we would choose to attend. This is primarily to market to attendees but obviously it needs to impress the reviewers as well.

-Have an outline that leaves no doubts about the structure of the talk and the timings 

-Tell the reviewer exactly what you will be covering. Don’t just say “we will provide our top 5 techniques for avoiding this issue. Instead, clearly set out for the reviewer what those 5 techniques will be. Don’t keep secrets from the reviewer or try to keep the reviewer in suspense, that is what the conference abstract is for!

-Discuss a new or novel topic that attendees couldn’t see in the recordings of previous conferences or in existing resources.

-Describe a real-life story of how you solved a problem in a real-world environment.

-Are clearly aligned with the audience in the track to which the talk is being submitted and clearly demonstrates why the submission it is relevant for the stated skill level. 

-Demonstrate clear takeaways that attendees can immediately implement at their workplaces.

Top reasons submissions get marked down or rejected:

-No clear link to the topics listed above.

-Poorly formatted or structured submission or significant spelling and grammatical mistakes. Get someone else to review your submission or use an online tool to proofread it.

-Your submission sounds like it was created by an AI.

-Your submission makes it sounds like the answer to the challenge you raise in the talk is to buy your product. Alternatively, the submission sounds like a direct sales pitch. If you work for a vendor, we will be looking for a clear explanation of what value the submission brings, separate to your product or service.

-Your submission is full of buzzwords without clarity on what tangible value the talk brings to the attendee.

-The shorter the submission, the less time the reviewer will spend on your submission before they mark it down, due to a lack of details..

-Your submission has self-identifying details

You can see some sample, high-quality submissions here:

https://docs.google.com/document/d/1m_IroyqjYwGL-8arwAxY-aDxWCH_3xda0BjNytkvaQ0/edit