All presentations which have been received are shown below
Hacking Your Way Into Cyber Security
How We Successfully Built An AppSec Team From Scratch
And The Next Evolution Of Application Security Is Automatic Remediation
The Dark Side Of Open Source Productivity
AppSec Hurdles To Sprint
Alexa: Am I Well Architected and Secure?
Spies, Saboteurs, & Scoundrels How Russia, China, & Nefarious Actors Are Hacking xIoT Devices
Intro To Kubernetes Runtime Security
App Security Does Not Need To Be Fun - Ignoring OWASP To Have A Terrible Time-Dwayne McDaniel
From Defects to Dollars
Workshops are hands-on training sessions where participants can learn a new skill by doing, instead of just listening.
Workshops are meant to be an opportunity for you get to participate and apply your knowledge to learn a new skill or sharpen an old one.
There are four (4) scheduled workshops for SnowFROC 23: API Security Controls and Testing by Secure Ideas, OWASP ZAP by Secure Ideas, a CTF by Security Innovations, and Secure Code Warriors. This is what you can expect:
API Security Controls and Testing by Secure Ideas
Jennifer Shannon will lead this interactive intermediate workshop designed to complement a student’s understanding of traditional Web Application Security. It focuses on modern application API security features and tactics to protect APIs and microservices from attacks. The material in this course is approached both from the perspective of an adversary and a defender. This workshop will run for approximately two hours.
- Explore OWASP API Security Top 10 2019
- How to map and attack REST APIs
- How to use Postman and Burp Suite for API security testing
- How to prevent API security flaws
- Computer with VirtualBox installed
- Free space to install a 4GB virtual machine
- If using Hyper-V, please come with the most recent version of SamuraiWTF already installed - which can be downloaded at https://github.com/SamuraiWTF/samuraiwtf
OWASP ZAP by Secure Ideas
OWASP ZAP: Tips and Tricks to Using Our Favorite Web PenTesting Tool!
Aaron Moss (@hotdogggitty) will explore the various features of OWASP ZAP and walk through how to use it for testing web applications and finding vulnerabilities. The workshop will consist mostly of practical examples and demonstrations so that attendees can follow-along. Attendees will need to download and install SamuraiWTF (https://github.com/SamuraiWTF/samuraiwtf) before the workshop. Vulnerable targets will include DVWA. Attendees will learn how to use ZAP as an interception and attack proxy to identify and exploit common web application vulnerabilities in these deliberately vulnerable webapps. If you ever wanted to learn how to do some basic webapp PenTesting, here’s your chance! This workshop will run for approximately two hours.
- Desktop virtualization software (VirtualBox, VMware Workstation/Fusion, or Hyper-V)
- DVWA installed on your VM (details here and here)
- A minimum of 4GB RAM and 30GB free HD space
Security Innovations - Shred
Shred Skateboards: Retail eCommerce Web Site
Shred eCommerce includes 35 challenges of varying difficulty levels. Through SQL Injection, Weak Cryptography, Parameter Tampering, and other vulnerabilities, players can buy items in an unintended way, crack passwords, tamper with other user’s functionality, and conduct other nefarious acts.
More details Here.
Secure Coding Tournament by Secure Code Warrior
Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code
Warrior. The tournament allows you to compete against other participants in a series of vulnerable
code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.
Secure Coding Tournament
Secure Code Warrior brings you a defensive security-based tournament from a developer's perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure.
You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs
The tournament is run virtually so you can join through your laptop. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes! 🥇 🥈 🥉
Instructions for playing:
- Register for the Secure Code Warrior platform HERE
- Check your email for the confirmation and access the unique link to create your profile.
- Once logged in: click "Tournaments"
- Join the tournament
The Secure Code Warrior platform will be open before and after the tournament, so feel free to practice in the "Training" tab. Monitor the live leaderboard to see how you're performing!
Please see below for the schedule of events for SnowFROC 2023. This schedule will be updated as
required to depict the most accurate information on presentations, room locations and general event
scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.
SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2023
the event was on Thursday March 2nd. While billed as, "Denver's premier application security conference",
SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC
has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking,
great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.
2023's keynote speaker was: Kevin Johnson!
SnowFROC includes breakfast, lunch, presentations, vendor giveaways, a panel discussion and optional
hands on training and workshops.
The location of this event was The Cable Center on the University of Denver campus near I-25 and
Check out our Slack Channel Join our slack channel
Meet the Team
Every year the Denver OWASP team works diligently to bring our cybersecurity security
community the very best. This 100% volunteer team is comprised of:
The Denver OWASP Chapter is proud to present SnowFROC '23! LIVE AND IN-PERSON!
SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security
conference and is taking place Thursday March 2rd, 2023 for one day only. The location of
this event is The
Cable Center on the University of Denver campus near I-25 and University.
This Call For Papers (CFP) is open to anyone that would like to submit a presentation.
Use the form below to submit your presentation.
Please ensure your topic falls under the realm of information
security: (appsec, cloud, crypto, emerging trends/tech, privacy, compliance, technology,
etc.). The basic guidelines are as follow:
- Presentations should be detailed and in-depth; please avoid cursory overviews
- Presenters will ideally be well versed in public speaking
- A mixture of lecture and demos or hands-on presentations are encouraged
- Focus the topic, presentation and delivery on actionable information that attendees can leverage
and put to use
- Allow sufficient time for Q&A or otherwise plan for audience participation
Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to
ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.
HDMI adapters, necessary dongles and microphones will be provided for your use.
Sales pitches, presentations focusing on commercial tools or vendors, and the like will not be
accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use
a standard OWASP template for presentations (which will be provided to you).
As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation. Presentations are chosen using a blind selection process. This CFP closes on January 27, 2023 and we'll aim to have speakers selected by January 31, 2023.
Use the form below to submit your presentation.
SnowFROC 20 Presentations
A request was made for all SnowFROC 20 Presenters to share their presentation. See below for those presentations and note that some PDFs are large in size.
AppData Oh My... Oh No!
As Bs And Four Cs Of Testing Cloud Native Applications
Climbing AppSec Mountains
Patch Production Now
Purposeful Personal Branding
Top 10 Proactive Privacy Controls
Why AppSec is Hard for Devs
Automate or Die