INTRODUCTION

Application Security practitioners, software engineers, and researchers from all over the world gather at OWASP’s Global AppSec conferences to discover, present and discuss the latest developments in software security, collaborate with their peers, and share the newest innovations in the field.

The conference will take place on June 26-27, 2026, at the Austria Center in Vienna, Austria. The event will also offer hands-on training with vetted and leading trainers from June 23-25, 2026.

 CALL FOR PRESENTATIONS (CFP) & SUBMISSION 

The Global AppSec Program Team is formally issuing a call for presentations, opening November 17, 2025, and closing February 3, 2026, at 11:59 PDT. 

What topics should you submit about?

 This year’s tracks are based on traditional OWASP tracks, but slightly changed and clarified. Speakers should focus on the following guidelines for each of the tracks below. Sessions will be scheduled for 45 minutes, with an additional expected 5-10 minute Q&A period. 

CATEGORIES OF TRACKS LISTED BELOW

**Note: OWASP Projects are encouraged to submit in aligned track below.

PLANNING AND DESIGN - Security efforts taken during the ideation, requirements and design - security requirements, threat modeling

IMPLEMENTATION - What can security do while the system is created? How do we guarantee that the findings of planning and design are correctly executed? How can we make it easier for developers to be secure and create secure application?

TESTING - How do we validate that what is needed to happen indeed happens? How do we verify that the system is as secure as it can be before deployment?

DEPLOYMENT AND MAINTENANCE - devops, devsecops, patching, and everything in between

PROCESS and CULTURE - Security awareness, security champions, security culture - everything around building frameworks that allow organizations to not only be secure but grow secure too.

OWASP PROJECT DEMO ROOM - The goal is to give you space to demo & be available to have longer conversations, hands-on with your community. The duration will be decided once we establish how many are interested in this new space

MOBILEAPPSECCON - For a half day, we will host a conference within a conference aimed at education and research within the field of Mobile Application Security and spearheaded by the OWASP MAS Project.

*******************************************************

We’ve provided a few topic suggestions below, but feel free to innovate!

• Web application security
• AI
• Mobile, Cloud, and Serverless security
• Blockchain & Internet of Things for security use
• Penetration testing & Application-level attacks
• Threat modeling, Application, and system architecture
• Security for DevOps engineers
• Privacy controls
• Planning and implementing an application security program
• Creating an AppSec team & culture
• Techniques to communicate risk and AppSec value to management - sharing what works and what doesn’t!
• How you failed. Things you did and didn’t work. Share pitfalls and failures so we all can learn from them. 

 REVIEW TIMELINES

 CfP IMPORTANT DATES: 

 CfP Opens:  November 17, 2025

 CfP Closes: February 3 , 2026

 Notification of submitters: Week of March 9, 2025

 Program announced: Week of March 16, 2026

Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly, as your accepted abstract and bio will be published publicly as submitted on our site. 

******************************************************

REVIEW CONSIDERATIONS

The Program Team will review your submission and give it a rating which will be used to compare it to the other submissions in your chosen track. 

Your submission *will be disqualified* if: 

-Your submission was submitted by someone who is not one of the speakers such as the marketing team or a marketing agency.

-Your submission has self-identifying elements in its abstract, outline, slides, past presentations, etc.  These elements can be, but are not limited to, affiliation with well-known podcasts, headshots, company references, apart from directly identifying information like names, etc.

- OWASP strives to have a completely blind review process

Your submission is identified as having been generated by an AI

Your submission will *NOT* be disqualified, BUT:

If you have recently presented the same material in another conference or venue, kindly indicate so. OWASP strives to have new and novel content in its events, and we expect that any material previously presented elsewhere will have enough distinction during our events so as to separate it from previous presentations. Please be sure to indicate how this edition will be different from previous ones

If distinct submitters from the same company submit on the same or closely related subject, we ask that you kindly coordinate before submitting, so we can guarantee the highest quality of presentation

If you are submitting to more than one track, please indicate in your submissions so the reviewers are aware of it.

The top scored submissions:

-Have a clear abstract that describes an interesting and relevant talk which we would choose to attend. This is primarily to market to attendees but obviously it needs to impress the reviewers as well.

-Have an outline that leaves no doubts about the structure of the talk and the timings 

-Tell the reviewer exactly what you will be covering. Don’t just say “we will provide our top 5 techniques for avoiding this issue. Instead, clearly set out for the reviewer what those 5 techniques will be. Don’t keep secrets from the reviewer or try to keep the reviewer in suspense, that is what the conference abstract is for!

-Discuss a new or novel topic that attendees couldn’t see in the recordings of previous conferences or in existing resources.

-Describe a real-life story of how you solved a problem in a real-world environment.

-Are clearly aligned with the audience in the track to which the talk is being submitted and clearly demonstrates why the submission it is relevant for the stated skill level. 

-Demonstrate clear takeaways that attendees can immediately implement at their workplaces.

Top reasons submissions get marked down or rejected:

-No clear link to the topics listed above.

-Poorly formatted or structured submission or significant spelling and grammatical mistakes. Get someone else to review your submission or use an online tool to proofread it.

-Your submission sounds like it was created by an AI.

-Your submission makes it sounds like the answer to the challenge you raise in the talk is to buy your product. Alternatively, the submission sounds like a direct sales pitch. If you work for a vendor, we will be looking for a clear explanation of what value the submission brings, separate to your product or service.

-Your submission is full of buzzwords without clarity on what tangible value the talk brings to the attendee.

-The shorter the submission, the less time the reviewer will spend on your submission before they mark it down, due to a lack of details..

-Your submission has self-identifying details

You can see some sample, high-quality submissions here:

https://docs.google.com/document/d/1m_IroyqjYwGL-8arwAxY-aDxWCH_3xda0BjNytkvaQ0/edit