There are 3 scheduled workshops: Secure Coding Tournament by Secure Code Warrior, Network Cyber Threat Hunting and Offensive WMI. Here is what you can expect:
Secure Coding Tournament by Secure Code Warrior
Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code Warrior. The tournament allows you to compete against other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.
WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are
discovering how powerful WMI can be when used beyond its original intent. This workshop intends to
showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a
To effectively participate in this workshop, attendees will need to bring a laptop and have a Windows VM where they have admin rights on that windows VM.
Network Cyber Threat Hunting
Denver OWASP will be teaming up with Active Countermeasures to present Network Cyber Threat Hunting. We will spend the first parts of the discussing threat hunting, from C2 to becons and then use a virtual machine with Bro/Zeek to find threat on the network.
To be successful for this workshop, participants will need to have a laptop with virtualization software (VMWare or Virtual Box) and to download the virtual machine. Slides and virtual machine can be found here: access to everything that was presented during the Cyber Threat Hunting Course!
- Course slides
- Course video recordings (with timeline breakdowns)
- Chat logs (from both platforms)
- VM images for doing the labs
- Download notes
The video is broken into four parts and hosted on YouTube so you have full video controls. By using the timeline breakdowns you should be able to quickly reference anything you are looking for.
Just a reminder, you can access all of the above content through this link
The password to access the page is: ahuntingWEwillGO!
If you want to perform the labs, the login credentials for the VM is... logon name: thunt AND password: aybab2u
Special thanks to Active Countermeasures and specifically Chris Benton for allowing Denver OWASP to teach his class.
Please see below for the schedule of events for SnowFROC 2020. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.
There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Bresnan Boardroom, the Great Hall and the Malone Theater). Most talks are scheduled for 55 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!
Security Innovation (CMD+CTRL)
The CMD+CTRL Cyber Range suite features intentionally vulnerable applications and websites that tempt players to steal money, find out their boss’s salary, purchase costly items for free, and conduct other nefarious acts. Hundreds of vulnerabilities, common to most business applications, lay waiting to be exposed.
2023 Sponsorships available
SnowFROC stands for Front Range OWASP Conference (and there is occasionally snow in March in Colorado!)
Choosing to sponsor SnowFROC is an excellent idea! If you plan to sponsor, know that The Open Web Application Security Project (OWASP) is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software, and that and that your sponsorship is tax deductible. SnowFROC is by no means limited to just Application Security however - we actively promote presentations focusing on all facets of cyber security!
SnowFROC is an exceptional conference because of our attendees, presenters, and presentations which make this a truly special event. All of which is not feasible without YOU!
By sponsoring SnowFROC, you get a front-row seat to partake in the action, and a direct line to your target audience - forward thinking security professionals: From hands-on practitioners, leaders, students, researchers, and everyone in between.
Access this link for more details about sponsorship opportunities: Sponsorship Information
For sponsorship opportunities please contact Serge (Serge DOT email@example.com) or Frank (frank DOT firstname.lastname@example.org).
SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2023
we're running the event on Thursday March 2nd. While billed as, "Denver's premier application security conference",
SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC
has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking,
great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.
This year's keynote speaker is: Kevin Johnson!
SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.
The location of this event is The Cable Center on the University of Denver campus near I-25 and University.
Meet the Team
Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:
The Denver OWASP Chapter is proud to present SnowFROC '23! LIVE AND IN-PERSON!
SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 2rd, 2023 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.
This Call For Papers (CFP) is open to anyone that would like to submit a presentation. Use the form below to submit your presentation.
Please ensure your topic falls under the realm of information security: (appsec, cloud, crypto, emerging trends/tech, privacy, compliance, technology, etc.). The basic guidelines are as follow:
- Presentations should be detailed and in-depth; please avoid cursory overviews
- Presenters will ideally be well versed in public speaking
- A mixture of lecture and demos or hands-on presentations are encouraged
- Focus the topic, presentation and delivery on actionable information that attendees can leverage and put to use
- Allow sufficient time for Q&A or otherwise plan for audience participation
Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.
HDMI adapters, necessary dongles and microphones will be provided for your use.
Sales pitches, presentations focusing on commercial tools or vendors, and the like will not be accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use a standard OWASP template for presentations (which will be provided to you).
As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation. Presentations are chosen using a blind selection process. This CFP closes on January 27, 2023 and we'll aim to have speakers selected by January 31, 2023. Use the form below to submit your presentation.
SnowFROC 20 Presentations
A request was made for all SnowFROC 20 Presenters to share their presentation. See below for those presentations and note that some PDFs are large in size.