2023 Presentations

All presentations which have been received are shown below

Hacking Your Way Into Cyber Security

How We Successfully Built An AppSec Team From Scratch

And The Next Evolution Of Application Security Is Automatic Remediation

The Dark Side Of Open Source Productivity

AppSec Hurdles To Sprint

Threat Modeling

Alexa: Am I Well Architected and Secure?

Spies, Saboteurs, & Scoundrels How Russia, China, & Nefarious Actors Are Hacking xIoT Devices

Intro To Kubernetes Runtime Security

App Security Does Not Need To Be Fun - Ignoring OWASP To Have A Terrible Time-Dwayne McDaniel

From Defects to Dollars

Workshops

Workshops are hands-on training sessions where participants can learn a new skill by doing, instead of just listening.

Workshops are meant to be an opportunity for you get to participate and apply your knowledge to learn a new skill or sharpen an old one.

There are four (4) scheduled workshops for SnowFROC 23: API Security Controls and Testing by Secure Ideas, OWASP ZAP by Secure Ideas, a CTF by Security Innovations, and Secure Code Warriors. This is what you can expect:


API Security Controls and Testing by Secure Ideas

Jennifer Shannon will lead this interactive intermediate workshop designed to complement a student’s understanding of traditional Web Application Security. It focuses on modern application API security features and tactics to protect APIs and microservices from attacks. The material in this course is approached both from the perspective of an adversary and a defender. This workshop will run for approximately two hours.

Key Takeaways

  • Explore OWASP API Security Top 10 2019
  • How to map and attack REST APIs
  • How to use Postman and Burp Suite for API security testing
  • How to prevent API security flaws

Prerequisites:

  • Computer with VirtualBox installed
  • Free space to install a 4GB virtual machine
  • If using Hyper-V, please come with the most recent version of SamuraiWTF already installed - which can be downloaded at https://github.com/SamuraiWTF/samuraiwtf


OWASP ZAP by Secure Ideas

OWASP ZAP: Tips and Tricks to Using Our Favorite Web PenTesting Tool!

Aaron Moss (@hotdogggitty) will explore the various features of OWASP ZAP and walk through how to use it for testing web applications and finding vulnerabilities. The workshop will consist mostly of practical examples and demonstrations so that attendees can follow-along. Attendees will need to download and install SamuraiWTF (https://github.com/SamuraiWTF/samuraiwtf) before the workshop. Vulnerable targets will include DVWA. Attendees will learn how to use ZAP as an interception and attack proxy to identify and exploit common web application vulnerabilities in these deliberately vulnerable webapps. If you ever wanted to learn how to do some basic webapp PenTesting, here’s your chance! This workshop will run for approximately two hours.

Laptop requirements:

  • Desktop virtualization software (VirtualBox, VMware Workstation/Fusion, or Hyper-V)
  • DVWA installed on your VM (details here and here)
  • A minimum of 4GB RAM and 30GB free HD space


Security Innovations - Shred

Shred Skateboards: Retail eCommerce Web Site

Shred eCommerce includes 35 challenges of varying difficulty levels. Through SQL Injection, Weak Cryptography, Parameter Tampering, and other vulnerabilities, players can buy items in an unintended way, crack passwords, tamper with other user’s functionality, and conduct other nefarious acts.

More details Here.



Secure Coding Tournament by Secure Code Warrior

Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code Warrior. The tournament allows you to compete against other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

Secure Coding Tournament

Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure.

You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs

The tournament is run virtually so you can join through your laptop. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes! 🥇 🥈 🥉

Instructions for playing:

  1. Register for the Secure Code Warrior platform HERE
  2. Check your email for the confirmation and access the unique link to create your profile.
  3. Once logged in: click "Tournaments"
  4. Join the tournament

The Secure Code Warrior platform will be open before and after the tournament, so feel free to practice in the "Training" tab. Monitor the live leaderboard to see how you're performing!


Event Schedule

Please see below for the schedule of events for SnowFROC 2023. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.

Information

SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2023 the event was on Thursday March 2nd. While billed as, "Denver's premier application security conference", SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.

2023's keynote speaker was: Kevin Johnson!


SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.

The location of this event was The Cable Center on the University of Denver campus near I-25 and University.
 

Check out our Slack Channel Join our slack channel

Meet the Team

Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:

Frank Victory

Vince Pascale

Steve Kosten

John Kittleson

Brad Gable

Aaron Cure

Lilli Chang

Serge Borso

The Denver OWASP Chapter is proud to present SnowFROC '23! LIVE AND IN-PERSON!

SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 2rd, 2023 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.


This Call For Papers (CFP) is open to anyone that would like to submit a presentation. Use the form below to submit your presentation.

 


Presentation Guidelines
Please ensure your topic falls under the realm of information security: (appsec, cloud, crypto, emerging trends/tech, privacy, compliance, technology, etc.). The basic guidelines are as follow:

  • Presentations should be detailed and in-depth; please avoid cursory overviews
  • Presenters will ideally be well versed in public speaking
  • A mixture of lecture and demos or hands-on presentations are encouraged
  • Focus the topic, presentation and delivery on actionable information that attendees can leverage and put to use
  • Allow sufficient time for Q&A or otherwise plan for audience participation

Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.

HDMI adapters, necessary dongles and microphones will be provided for your use.

Sales pitches, presentations focusing on commercial tools or vendors, and the like will not be accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use a standard OWASP template for presentations (which will be provided to you).

As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation. Presentations are chosen using a blind selection process. This CFP closes on January 27, 2023 and we'll aim to have speakers selected by January 31, 2023. Use the form below to submit your presentation.