There are 3 scheduled workshops: Secure Coding Tournament by Secure Code Warrior, Network Cyber Threat Hunting and Offensive WMI. Here is what you can expect:

Secure Coding Tournament by Secure Code Warrior

Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code Warrior. The tournament allows you to compete against other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

Offensive WMI

WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario.
To effectively participate in this workshop, attendees will need to bring a laptop and have a Windows VM where they have admin rights on that windows VM.

Network Cyber Threat Hunting

Denver OWASP will be teaming up with Active Countermeasures to present Network Cyber Threat Hunting. We will spend the first parts of the discussing threat hunting, from C2 to becons and then use a virtual machine with Bro/Zeek to find threat on the network.

To be successful for this workshop, participants will need to have a laptop with virtualization software (VMWare or Virtual Box) and to download the virtual machine. Slides and virtual machine can be found here: access to everything that was presented during the Cyber Threat Hunting Course!

This includes:

  • Course slides
  • Course video recordings (with timeline breakdowns)
  • Chat logs (from both platforms)
  • VM images for doing the labs
  • Download notes
  • The video is broken into four parts and hosted on YouTube so you have full video controls. By using the timeline breakdowns you should be able to quickly reference anything you are looking for.

    Just a reminder, you can access all of the above content through this link

    The password to access the page is: ahuntingWEwillGO!

    If you want to perform the labs, the login credentials for the VM is... logon name: thunt AND password: aybab2u

    Special thanks to Active Countermeasures and specifically Chris Benton for allowing Denver OWASP to teach his class.

Event Schedule

Please see below for the schedule of events for SnowFROC 2020. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.


There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Bresnan Boardroom, the Great Hall and the Malone Theater). Most talks are scheduled for 55 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!


Security Innovation (CMD+CTRL)

The CMD+CTRL Cyber Range suite features intentionally vulnerable applications and websites that tempt players to steal money, find out their boss’s salary, purchase costly items for free, and conduct other nefarious acts. Hundreds of vulnerabilities, common to most business applications, lay waiting to be exposed.

2023 Sponsorships available

SnowFROC stands for Front Range OWASP Conference (and there is occasionally snow in March in Colorado!)

Choosing to sponsor SnowFROC is an excellent idea! If you plan to sponsor, know that The Open Web Application Security Project (OWASP) is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software, and that and that your sponsorship is tax deductible. SnowFROC is by no means limited to just Application Security however - we actively promote presentations focusing on all facets of cyber security!

SnowFROC is an exceptional conference because of our attendees, presenters, and presentations which make this a truly special event. All of which is not feasible without YOU!

By sponsoring SnowFROC, you get a front-row seat to partake in the action, and a direct line to your target audience - forward thinking security professionals: From hands-on practitioners, leaders, students, researchers, and everyone in between.

We aim to have ~350 attendees, and previous keynotes have included: John Strand, Troy Hunt, and Chris Roberts.

Access this link for more details about sponsorship opportunities: Sponsorship Information

For sponsorship opportunities please contact Serge (Serge DOT or Frank (frank DOT


SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2023 we're running the event on Thursday March 2nd. While billed as, "Denver's premier application security conference", SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.

This year's keynote speaker is: Kevin Johnson!

SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional hands on training and workshops.

The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

Meet the Team

Every year the Denver OWASP team works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:

Kathi Witt

Frank Victory

Vince Pascale

Steve Kosten

John Kittleson

Brad Gable

Aaron Cure

Serge Borso

The Denver OWASP Chapter is proud to present SnowFROC '23! LIVE AND IN-PERSON!

SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 2rd, 2023 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

This Call For Papers (CFP) is open to anyone that would like to submit a presentation. Use the form below to submit your presentation.


Presentation Guidelines
Please ensure your topic falls under the realm of information security: (appsec, cloud, crypto, emerging trends/tech, privacy, compliance, technology, etc.). The basic guidelines are as follow:

  • Presentations should be detailed and in-depth; please avoid cursory overviews
  • Presenters will ideally be well versed in public speaking
  • A mixture of lecture and demos or hands-on presentations are encouraged
  • Focus the topic, presentation and delivery on actionable information that attendees can leverage and put to use
  • Allow sufficient time for Q&A or otherwise plan for audience participation

Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.

HDMI adapters, necessary dongles and microphones will be provided for your use.

Sales pitches, presentations focusing on commercial tools or vendors, and the like will not be accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use a standard OWASP template for presentations (which will be provided to you).

As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation. Presentations are chosen using a blind selection process. This CFP closes on January 27, 2023 and we'll aim to have speakers selected by January 31, 2023. Use the form below to submit your presentation.