BASC 2014 Call For Papers

Jump to: navigation, search

Boston-Banner-468x60.gif 2014 BASC: Home

The OWASP Boston chapter would like to announce a call for papers for the Boston Application Security Conference 2014. This our fourth annual conference.

The OWASP BASC (Boston Application Security Conference) will be a free, one day, informal conference, aimed at increasing awareness and knowledge of application security in the greater Boston area. While many of the presentations will cover state-of-the-art application security concepts, the BASC is intended to appeal to a wide range of attendees. Application security professionals, professional software developers, software quality engineers, computer science students, and security software vendors will come to the BASC to learn, interact and hopefully enjoy themselves at the same time. We encourage local students, security professionals and academics to present papers as a way to gain exposure and experience in presenting at security conferences.

We expect over 200 attendees this year. Publicity includes the OWASP Boston wiki site (run by OWASP Foundation), OWASP Boston Meetup, OWASP Boston Linkedin group, OWASP Boston mailing list, Eventbrite and Twitter.

Past conference presentations

2012 BASC Presentations · 2011 BASC Presentations · 2010 BASC Presentations


There will be two tracks:

Track 1 - Basic/Current Application Security

Track 2 - Future / Advanced / New Research in Application security.

Each presentation will be 50 minutes.

We attract both people who are new to application security as well as people who are experienced in application security.

We encourage first time presenters: students, researchers, working application security folks etc. to submit presentations.

Please email a copy of your presentation abstract to

Some Suggested Topics

  • Mobile app security, forensics
  • Javascript servers, apps, frameworks: Node.js, Angular
  • Language Framework (in)security – Hibernate, Grails, Ruby etc.
  • Security for NFC, Bluetooth LE apps
  • Google Glass app security
  • Measurable security - advanced threat modelling
  • Web API security REST, JSON
  • Application Architecture security
  • Web security testing in a DevOps organization
  • Building web app security expertise in engineering teams
  • Conducting lightweight threat modeling
  • Vulnerability Management - Process & Tools
  • Developing your own web app security development standard
  • Security test automation with OWASP ZAP and Zest scripting language
  • Authentication & Enterprise Web Applications (incl. Federation, 2 Factor Auth, SSO)
  • Open Source Identity Management
  • Open Source Static Analysis
  • Security test automation with OWASP ZAP and Zest scripting language
  • Security Unit testing with Selenium
  • Effective static code analysis tools
You can find out more about this conference at
Conference Organizer: Jim Weiler