BASC 2015 Call For Papers

2015 BASC: Home

The OWASP Boston chapter would like to announce a call for papers for the Boston Application Security Conference 2015. This our fourth annual conference.

The OWASP BASC (Boston Application Security Conference) will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide range of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors will come to the BASC to learn, interact and hopefully enjoy themselves at the same time. We encourage local students, security professionals and academics to present papers as a way to gain exposure and experience in presenting at security conferences.

We expect over 200 attendees this year. Publicity includes the OWASP Boston wiki site (run by OWASP Foundation), OWASP Boston Meetup, OWASP Boston Linkedin group, OWASP Boston mailing list, Eventbrite and Twitter.

Past conference presentations
2014 BASC Presentations &middot; 2012 BASC Presentations &middot; 2011 BASC Presentations &middot; 2010 BASC Presentations

Guidelines
Last year, there were two tracks:

Track 1 - Basic/Current Application Security

Track 2 - Future / Advanced / New Research in Application security.

Each presentation will be 50 minutes.

We attract both people who are new to application security as well as people who are experienced in application security.

We encourage first time presenters: students, researchers, working application security folks etc. to submit presentations.

Some Suggested Topics

 * Mobile app security, forensics


 * Javascript servers, apps, frameworks: Node.js, Angular


 * Language Framework (in)security – Hibernate, Grails, Ruby etc.


 * Security for NFC, Bluetooth LE apps


 * Google Glass app security


 * OWASP ESAPI


 * Measurable security - advanced threat modelling


 * Web API security REST, JSON


 * Application Architecture security


 * Web security testing in a DevOps organization


 * Building web app security expertise in engineering teams


 * Conducting lightweight threat modeling


 * Vulnerability Management - Process & Tools


 * Developing your own web app security development standard


 * Security test automation with OWASP ZAP and Zest scripting language


 * Authentication & Enterprise Web Applications (incl. Federation, 2 Factor Auth, SSO)


 * Open Source Identity Management


 * Open Source Static Analysis


 * Security test automation with OWASP ZAP and Zest scripting language


 * Security Unit testing with Selenium


 * Effective static code analysis tools