Call for Research

OWASP AppSec conferences are the premier gathering for software security leaders, and software engineers and researchers from all over the world. It brings together the application security community to share cutting-edge ideas, initiatives and technological advancements.

As in the previous editions, the OWASP AppSec Europe 2015 conference will feature a dedicated research track. The goal of the research track is twofold:

  • to give academic researchers in Web application security the opportunity to share their research results with practitioners, and
  • to give industry people the possibility to share experiences with academia and the OWASP community.

Hence both research papers as well as experience papers pertaining to all aspects of web application security are solicited. Papers should describe new ideas, new implementations, or experiences related to web application security. We explicitly encourage members of the Web security community to explore leading-edge topics and ideas before they are presented at a major conference.

Topics of interest

We are interested in all topics related to Web Application Security, in particular:

  • Mobile security and security for the mobile web
  • Browser security and HTML5 security
  • Novel web vulnerabilities and countermeasures
  • Research and experience on emerging web security technology, such as CSP, HSTS, Key-pinning, …
  • Security of server-side Web frameworks and servers
  • Security of client-side frameworks and JavaScript libraries
  • JavaScript security and sandboxing
  • Large-scale security assessments of Web application and services
  • Privacy in web apps, Web services and data storage
  • Security in Real-time communications on the Web (WebRTC)
  • Novel results and best practices in securing the transport layer (TLS, HTTPS, HTTP 2.0, …)
  • Security aspects of new/emerging web technologies/paradigms/languages/frameworks/tools
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC

Submission format

The Call for Research track solicits two submission formats: full papers and extended abstracts.

We offer researchers the opportunity to present and discuss novel research results as well as promising work in progress results in the form of a full paper (consisting up to 16 pages).

In addition to full papers, we also offer the opportunity for researchers to present a top selection of their recent, successful papers at the upcoming OWASP AppSec conference. For this type of submission, we ask that you write an extended abstract of your research topic (tailored to the OWASP audience), and submit this extended abstract along with the original paper.

Important dates

  • Submission deadline: 20 January, 2015 Extended to 15 February, 2015 (11:59pm GMT) CLOSED
  • Notification of acceptance: 5 March, 2015 Now announced! Check the Talks page!
  • Final version due: 1 April, 2015 (tbc)
  • Conference date: 21-22 May, 2015

Instructions for Authors

Submissions should be at most 4 pages (for extended abstracts) and 16 pages (for full papers) in the Springer LNCS Style for Proceedings and Other Multiauthor Volumes. Extended abstracts should append a PDF of the original paper for reference during the review process.

Submissions deviating from these requirements may be rejected without review. Templates for preparing papers in this style for LaTeX, Word, and other word processors can be downloaded from here (Please use instructions for Proceedings and Other Multiauthor Volumes for different text processing platforms).

Submissions are due by January 20, 2015 (23:59 GMT). All submissions should be sent in Adobe Portable Document Format (pdf) via EasyChair.

The research track has no published proceedings. Presenting a paper at the research track should not preclude submission to or publication in other venues. Copies of the extended abstracts and full papers presented at research track will be made available in electronic format, but this will not constitute part of official proceedings.


By your submission you agree to the OWASP Speaker Agreement. It requires that you use an OWASP presentation template. You are welcome to include your university/organization/company logo to the first and last slide. All presentation slides will be published on the conference website. Please make sure that any pictures and other materials in your slides doesn’t violate any copyrights. You are solely liable for copyright violations. You may choose any CC licence for your slides, including CC0. OWASP does suggest open licenses.

Participants and speakers are all warmly invited to attend the conference dinner on Thursday. Subject to the budget situation there’s an extra evening program for all accepted speakers.

Program Committee Research

  • Devdatta Akhawe (Dropbox)
  • Marco Balduzzi (Trendmicro)
  • Davide Balzarotti (Eurecom)
  • Bastian Braun (University of Passau)
  • Stefano Calzavara (Università Ca’ Foscari Venezia)
  • Lorenzo Cavallaro (Royal Holloway, University of London)
  • Lieven Desmet (Katholieke Universiteit Leuven – track chair)
  • Adam Doupé (Arizona State University)
  • Dieter Gollmann (TU Harburg)
  • Martin Johns (SAP Research)
  • Alexandros Kapravelos (University of California, Santa Barbara)
  • Georgios Kontaxis (Columbia University)
  • Sebastian Lekies (Ruhr-University Bochum)
  • Federico Maggi (Politecnico di Milano)
  • Nick Nikiforakis (Stony Brook University – PC chair)
  • Phu Phung (University of Illinois at Chicago)
  • Andrei Sabelfeld (Chalmers University of Technology)
  • Sebastian Schinzel (University of Erlangen)
  • Gianluca Stringhini (University College London)