The CFP is closing or has closed and SnowFROC speakers are being confirmed NOW. Check back in early February for a list of all presentations and presenters. Thank you to all that submitted a talk!


Workshops are hands-on training sessions where participants can learn a new skill by doing, instead of just listening.

Workshops are meant to be an opportunity for you get to participate and apply your knowledge to learn a new skill or sharpen an old one.

There are four (4) scheduled workshops for SnowFROC 23: API Security Controls and Testing by Secure Ideas, OWASP ZAP by Secure Ideas, a CTF by Security Innovations, and Secure Code Warriors. This is what you can expect:

API Security Controls and Testing by Secure Ideas

Jennifer Shannon will lead this interactive intermediate workshop designed to complement a student’s understanding of traditional Web Application Security. It focuses on modern application API security features and tactics to protect APIs and microservices from attacks. The material in this course is approached both from the perspective of an adversary and a defender. This workshop will run for approximately two hours.

Key Takeaways

  • Explore OWASP API Security Top 10 2019
  • How to map and attack REST APIs
  • How to use Postman and Burp Suite for API security testing
  • How to prevent API security flaws


  • Computer with VirtualBox installed
  • Free space to install a 4GB virtual machine
  • If using Hyper-V, please come with the most recent version of SamuraiWTF already installed - which can be downloaded at

OWASP ZAP by Secure Ideas

OWASP ZAP: Tips and Tricks to Using Our Favorite Web PenTesting Tool!

Aaron Moss (@hotdogggitty) will explore the various features of OWASP ZAP and walk through how to use it for testing web applications and finding vulnerabilities. The workshop will consist mostly of practical examples and demonstrations so that attendees can follow-along. Attendees will need to download and install SamuraiWTF ( before the workshop. Vulnerable targets will include OWASP Juice Shop and Samurai’s Dojo Basic. Attendees will learn how to use ZAP as an interception and attack proxy to identify and exploit common web application vulnerabilities in these deliberately vulnerable webapps. If you ever wanted to learn how to do some basic webapp PenTesting, here’s your chance! This workshop will run for approximately two hours.

Laptop requirements:

  • Desktop virtualization software (VirtualBox, VMware Workstation/Fusion, or Hyper-V)
  • SamuraiWTF with OWASP Juice Shop and Dojo-Basic installed
  • A minimum of 4GB RAM and 30GB free HD space

Security Innovations - Shred

Shred Skateboards: Retail eCommerce Web Site

Shred eCommerce includes 35 challenges of varying difficulty levels. Through SQL Injection, Weak Cryptography, Parameter Tampering, and other vulnerabilities, players can buy items in an unintended way, crack passwords, tamper with other user’s functionality, and conduct other nefarious acts.

More details Here.

Secure Coding Tournament by Secure Code Warrior

Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code Warrior. The tournament allows you to compete against other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

Event Schedule

Please see below for the schedule of events for SnowFROC 2020. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.


There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Bresnan Boardroom, the Great Hall and the Malone Theater). Most talks are scheduled for 55 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!


Security Innovation (CMD+CTRL)

The CMD+CTRL Cyber Range suite features intentionally vulnerable applications and websites that tempt players to steal money, find out their boss’s salary, purchase costly items for free, and conduct other nefarious acts. Hundreds of vulnerabilities, common to most business applications, lay waiting to be exposed.


SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2023 we're running the event on Thursday March 2nd. While billed as, "Denver's premier application security conference", SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.

This year's keynote speaker is: Kevin Johnson!

SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.

The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

Meet the Team

Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:

Kathi Witt

Frank Victory

Vince Pascale

Steve Kosten

John Kittleson

Brad Gable

Aaron Cure

Serge Borso

The Denver OWASP Chapter is proud to present SnowFROC '23! LIVE AND IN-PERSON!

SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 2rd, 2023 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

This Call For Papers (CFP) is open to anyone that would like to submit a presentation. Use the form below to submit your presentation.


Presentation Guidelines
Please ensure your topic falls under the realm of information security: (appsec, cloud, crypto, emerging trends/tech, privacy, compliance, technology, etc.). The basic guidelines are as follow:

  • Presentations should be detailed and in-depth; please avoid cursory overviews
  • Presenters will ideally be well versed in public speaking
  • A mixture of lecture and demos or hands-on presentations are encouraged
  • Focus the topic, presentation and delivery on actionable information that attendees can leverage and put to use
  • Allow sufficient time for Q&A or otherwise plan for audience participation

Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.

HDMI adapters, necessary dongles and microphones will be provided for your use.

Sales pitches, presentations focusing on commercial tools or vendors, and the like will not be accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use a standard OWASP template for presentations (which will be provided to you).

As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation. Presentations are chosen using a blind selection process. This CFP closes on January 27, 2023 and we'll aim to have speakers selected by January 31, 2023. Use the form below to submit your presentation.