OWASP New Zealand Day - 2024

Auckland, New Zealand September 05, 2024, September 06, 2024

Tags: Introductory, Technical, Management, In-person only, Remote ok, Remote only

CFP closed at  June 30, 2024 12:00 UTC

The thirteenth OWASP New Zealand Day conference, to be held at the Auckland University of Technology (AUT), will be held on Thursday and Friday, 5-6 September. The OWASP New Zealand Day conference, hosted by the OWASP New Zealand Chapter and presented by AppSec New Zealand, is a two-day conference dedicated to application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

IMPORTANT NOTE: This is, primarily, an in-person event. The Program Committee will consider submissions from speakers unable to travel to Auckland for the conference, and technical support will be available for remote presentation. However, to promote a spirit of collaboration, only a limited number of presenter-remote talks will be selected. The conference time zone is NZST (UTC+12).

CFP Description

The OWASP New Zealand Day conference, hosted by the OWASP New Zealand Chapter and presented by AppSec New Zealand, welcomes high-quality speakers from a variety of security disciplines, including architects, Web developers and engineers, system administrators, penetration testers, policy specialists, and more.

We would like a variety of technical levels in the presentations submitted, corresponding to the three focus areas of the conference:

  • Introductions to various InfoSec/AppSec topics, and to OWASP projects/tools (Introductory)
  • Policy, Compliance, and Risk Management (Management)
  • Technical topics in Application Security (Technical)

Introductory talks should appeal to an intermediate to experienced software developer, without requiring a solid grounding in application security or knowledge of OWASP projects and tools. These talks should be engaging, encourage developers to learn more about information security, and give them techniques that they can immediately return to work and apply to their jobs.

Given our association with the local OWASP Chapter, the selection process for talks in Track One will give priority to those related to OWASP’s Projects, Tools, and Guidance (check out the current OWASP Project Inventory for more information). If multiple submissions are received related to the same OWASP Project/Tool, preference will be given to speakers actively involved as leaders or members of the respective project teams.

We would also like to invite talks that will appeal to those interested in the various non-technical topics that are important in our industry. These Management talks could focus on the development of policies, dealing with compliance obligations, managing risks within an enterprise, or other issues that could appeal to those in management roles.

Technical topics should appeal to either of two audiences - experienced software security testers or researchers, and software developers who have an “OWASP Top Ten” level of understanding of web attacks and defences. You could present a lightning, short or long talk on something you have researched, developed yourself, or learned in your travels. Ideally the topics will have technical depth or novelty, so the majority of attendees learn something new.

We encourage presentations to have a strong component on fixing and prevention of security issues. We are looking for presentations on a wide variety of security topics, including but not limited to:

  • Web application security
  • Mobile security
  • Cloud security
  • Secure development
  • Vulnerability analysis
  • Threat modelling
  • Application exploitation
  • Exploitation techniques
  • Threat and vulnerability countermeasures
  • Platform or language security (JavaScript, NodeJS, React, .NET, Java, RoR, Python, etc.)
  • Penetration Testing
  • Browser and client security
  • Application and solution architecture security
  • Risk management
  • Security concepts for C*Os, project managers and other non-technical attendees
  • Privacy controls

First-round reviews of submissions will begin after 15th March, with supplemental notifications likely prior to the final closing date of the CFP. Therefore, it’s to your advantage to submit your talk as early as possible, so you will receive first consideration for one of our limited speaking slots.

Confirmed speakers will receive complimentary registration to the conference, including a conference t-shirt and lunch both days.

The separate Call for Training (CFT) for our Pre-Conference Training can be found here.