There are 3 scheduled workshops: Secure Coding Tournament by Secure Code Warrior, Network Cyber Threat Hunting and Offensive WMI. Here is what you can expect:

Secure Coding Tournament by Secure Code Warrior

Improve your secure coding skills by joining our live Secure Coding Tournament by Secure Code Warrior. The tournament allows you to compete against other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

Offensive WMI

WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario.
To effectively participate in this workshop, attendees will need to bring a laptop and have a Windows VM where they have admin rights on that windows VM.

Network Cyber Threat Hunting

Denver OWASP will be teaming up with Active Countermeasures to present Network Cyber Threat Hunting. We will spend the first parts of the discussing threat hunting, from C2 to becons and then use a virtual machine with Bro/Zeek to find threat on the network.

To be successful for this workshop, participants will need to have a laptop with virtualization software (VMWare or Virtual Box) and to download the virtual machine. Slides and virtual machine can be found here: access to everything that was presented during the Cyber Threat Hunting Course!

This includes:

  • Course slides
  • Course video recordings (with timeline breakdowns)
  • Chat logs (from both platforms)
  • VM images for doing the labs
  • Download notes
  • The video is broken into four parts and hosted on YouTube so you have full video controls. By using the timeline breakdowns you should be able to quickly reference anything you are looking for.

    Just a reminder, you can access all of the above content through this link

    The password to access the page is: ahuntingWEwillGO!

    If you want to perform the labs, the login credentials for the VM is... logon name: thunt AND password: aybab2u

    Special thanks to Active Countermeasures and specifically Chris Benton for allowing Denver OWASP to teach his class.

Event Schedule

Please see below for the schedule of events for SnowFROC 2020. This schedule will be updated as required to depict the most accurate information on presentations, room locations and general event scheduling information. It's meant to be concise and easy to consume: Details on the presentations and speakers are here.


There are multiple scheduled presentations on a wide range of cyber security topics which will be hosted in three different rooms (The Bresnan Boardroom, the Great Hall and the Malone Theater). Most talks are scheduled for 55 minutes however some are 25 minutes in length. Each presenter has been given instructions to make their presentation available, with the idea that their presentation will be shared on this website after the event. Please come prepared to listen, learn and ask questions; have fun!


Security Innovation (CMD+CTRL)

The CMD+CTRL Cyber Range suite features intentionally vulnerable applications and websites that tempt players to steal money, find out their boss’s salary, purchase costly items for free, and conduct other nefarious acts. Hundreds of vulnerabilities, common to most business applications, lay waiting to be exposed.


SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference. It is an annual, one-day conference which draws about 400 people. In 2020, SnowFROC took place Thursday March 5th. While billed as, "Denver's premier application security conference", SnowFROC's presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration. For reference, tickets cost between $75 and $105 per person.

Meet the Team

Every year the Denver OWASP Board of Directors works diligently to bring our cybersecurity security community the very best. This 100% volunteer team is comprised of:

Frank Vianzon

Matt Shufeldt

Steve Kosten

Brad Gable

Aaron Cure

Serge Borso

The Denver OWASP Chapter is proud to present SnowFROC '20!

SnowFROC (Front Range OWASP Conference) is Denver Colorado's premier application security conference and is taking place Thursday March 5th, 2020 for one day only. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

This Call For Papers (CFP) is open to anyone that would like to submit a presentation. The final date to submit your presentation is Sunday January 19th, 2020 - if your presentation is selected you will be notified by Friday January 31st, 2020.


Presentation Guidelines
Please ensure your topic falls under the realm of information security: (appsec, crypto, emerging trends, privacy, compliance, technology, etc.). The basic guidelines are as follow:

  • Presentations should be detailed and in-depth; please avoid cursory overviews
  • Presenters will ideally be well versed in public speaking
  • A mixture of lecture and demos or hands-on presentations are encouraged
  • Focus the topic, presentation and delivery on actionable information that attendees can leverage and put to use
  • Allow sufficient time for Q&A or otherwise plan for audience participation

Presentations are slotted for 25 or 55 minutes which accounts for your presentation time, Q&A and to ensure the next presenter has time to setup and start promptly. Please plan your talk accordingly.

HDMI adapters, necessary dongles and microphones will be provided for your use.

Sales pitches, presentations focusing on commercial tools or vendors and the like will not be accepted. You will be expected to submit your slide-deck (if applicable) prior to the event and use a standard OWASP template for presentations (which will be provided to you).

As we are aiming for 400+ attendees, expect an audience of 50+ for your presentation, go here to view last year's presentations and use the form below to submit your presentation.

SnowFROC 20 Presentations

A request was made for all SnowFROC 20 Presenters to share their presentation. See below for those presentations and note that some PDFs are large in size.

AppData Oh My... Oh No!

As Bs And Four Cs Of Testing Cloud Native Applications

Climbing AppSec Mountains


JavaScript Framework Security


Patch Production Now

Purposeful Personal Branding

Demystifying CTFs

Top 10 Proactive Privacy Controls

Why AppSec is Hard for Devs

Automate or Die

Insufficient Logging & Monitoring