Come flex your AppSec muscles and win amazing prizes.

Secure Code Review Challenge

Secure Code Review is an important β€œtool” in an AppSec practitioners tool box. This contest aims to challenge contestants on performing Secure Code Review and crown someone supreme Secure Code Reviewer. Contestants will be asked questions after being presented with merge requests taken from Open Source projects where a confirmed vulnerability has been addressed or CVE descriptions.

Sign up at the Contest table in the back of the room.

*Contest ends at 11:00 on Sunday.

Threat Modeling Challenge

Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist. As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner.

*Results are due by 17:00 on Saturday.

Mini CTF

Welcome to AppSec Village's mini-CTF with several bite-sized challenges to wet your pallette. These challenges contain some simple web applications which you must use abuse to find a flag. Flags will be a string of text enclosed in CTF{}.

*Winners will be determined by 16:00 on Sunday.