INTRODUCTION

Application Security practitioners, software engineers, and researchers from all over the world gather at OWASP’s Global AppSec conferences to discover, present and discuss the latest developments in software security, collaborate with their peers, and share the newest innovations in the field.

The conference will take place on November 6-7, 2025, at the Marriott Marquis Washington, D.C. The event will also offer hands-on training with vetted and leading trainers from November 3-5, 2025.

 CALL FOR PRESENTATIONS (CFP) & SUBMISSION 

The Global AppSec Program Team is formally issuing a call for presentations, opening March 12, 2024, and closing June 24, 2025, at 11:59 PDT. 

What topics should you submit about?

 This year’s tracks are based on traditional OWASP tracks, but slightly changed and clarified. Speakers should focus on the following guidelines for each of the tracks below. Sessions will be scheduled for 45 minutes, with an additional expected 5-10 minute Q&A period. 

BUILDER / DEVELOPER - Show the community how to build more secure apps, how to securely use technology in our code, and how to secure our systems at scale.

BREAKER / TESTER - Show the community how to test apps for security, and how to break secure systems, how to be a better bounty hunter, and how to integrate penetration testing in the SDLC

DEFENDER / OPS - Show the community world-class application operational defense, tools and techniques enabling detection and response to attacks, automating processes and pipelines, working with bounty hunters and running a production security program. 

MANAGER / CULTURE - MANAGER / CULTURE - Show the community how to create an effective AppSec culture, communicating AppSec value to leadership, or case studies about risk tradeoffs.

OWASP PROJECT SHOWCASE- If you are a project leaders and want to share updates on your OWASP project with the community, this would be the track for you!

OWASP PROJECT DEMO ROOM - The goal is to give you space to demo & be available to have longer conversations, hands-on with your community. The duration will be decided once we establish how many are interested in this new space

We’ve provided a few topic suggestions below, but feel free to innovate!

• Web application security
• AI
• Mobile, Cloud, and Serverless security
• Blockchain & Internet of Things for security use
• Penetration testing & Application-level attacks
• Threat modeling, Application, and system architecture
• Security for DevOps engineers
• Privacy controls
• Planning and implementing an application security program
• Creating an AppSec team & culture
• Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t!
• How you failed. Things you did and didn’t work. Share pitfalls and failures so we all can learn from them. 

 REVIEW TIMELINES

 CfP IMPORTANT DATES: 

 CfP Opens:  March 12, 2025

 CfP Closes: June 24, 2025

 Notification of submitters: Week of July 28, 2025

 Program announced: Week of March 3, 2025

Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site. 

******************************************************

REVIEW CONSIDERATIONS

The Program Team will review your submission and give it a rating which will be used to compare it to the other submissions in your chosen track. 

Your submission *will be disqualified* if: 

Your submission was submitted by someone who is not one of the speakers such as the marketing team or a marketing agency.

Your submission has self-identifying elements in its abstract, outline, slides, past presentations, etc. - these elements can be, but are not limited to, affiliation with well-known podcasts, headshots, company references, apart from directly identifying information like names, etc. - OWASP strives to have a completely blind review process

Your submission is identified as having been generated by an AI

Your submission will *NOT* be disqualified, BUT:

If you have recently presented the same material in another conference or venue, kindly indicate so. OWASP strives to have new and novel content in its events, and we expect that any material previously presented elsewhere will have enough distinction during our events so as to separate it from previous presentations. Please be sure to indicate how this edition will be different from previous ones

If distinct submitters from the same company submit on the same or closely related subject, we ask that you kindly coordinate before submitting, so we can guarantee the highest quality of presentation

If you are submitting to more than one track, please indicate in your submissions so the reviewers are aware of it.

The top scored submissions:

-Have a clear abstract that describes an interesting and relevant talk which we would choose to attend. This is primarily to market to attendees but obviously it needs to impress the reviewers as well.

-Have an outline that leaves no doubts about the structure of the talk and the timings 

-Tell the reviewer exactly what you will be covering. Don’t just say “we will provide our top 5 techniques for avoiding this issue. Instead, clearly set out for the reviewer what those 5 techniques will be. Don’t keep secrets from the reviewer or try to keep the reviewer in suspense, that is what the conference abstract is for!

-Discuss a new or novel topic that attendees couldn’t see in the recordings of previous conferences or in existing resources.

-Describe a real-life story of how you solved a problem in a real-world environment.

-Are clearly aligned with the audience in the track to which the talk is being submitted and clearly demonstrates why the submission it is relevant for the stated skill level. 

-Demonstrate clear takeaways that attendees can immediately implement at their workplaces.

Top reasons submissions get marked down or rejected:

-No clear link to the topics listed above.

-Poorly formatted or structured submission or significant spelling and grammatical mistakes. Get someone else to review your submission or use an online tool to proofread it.

-Your submission sounds like it was created by an AI.

-Your submission makes it sounds like the answer to the challenge you raise in the talk is to buy your product. Alternatively, the submission sounds like a direct sales pitch. If you work for a vendor, we will be looking for a clear explanation of what value the submission brings, separate to your product or service.

-Your submission is full of buzzwords without clarity on what tangible value the talk brings to the attendee.

-The shorter the submission, the less time the reviewer will spend on your submission before they mark it down, due to a lack of details..

-Your submission has self-identifying details

You can see some sample, high-quality submissions here:

https://docs.google.com/document/d/1m_IroyqjYwGL-8arwAxY-aDxWCH_3xda0BjNytkvaQ0/edit