Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps has software behind it. Learn from the best of the best on exploiting software vulnerabilities and securing the software that is the foundation of our dynamic world. Join us in the AppSec Sandbox from Tuesday, April 25 through Thursday, April 27.
All times are in Pacific Time(GMT -7)
Day 1 - April 25, 2023
How Misconfigurations Can Sink Your Containers
09:30
-
11:30
April 25, 2023
Miguel Correia
|
Checkmarx
Mário Teixeira
|
Checkmarx
Miguel Correia | Checkmarx
Mário Teixeira | Checkmarx
Are you curious about the safety of containers in today's cloud-based world? With the rise of Infrastructure as Code, ensuring your container configuration is rock solid is more important than ever. But don't worry! In this activity, we'll show you how to ensure your containers are as safe as they s...
Continue reading...The Ultimate AppSec Trivia Challenge
09:30
-
11:30
April 25, 2023
Tiago Mendo
|
Probely
Nuno Loureiro
|
Probely
Tiago Mendo | Probely
Nuno Loureiro | Probely
The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You c...
Continue reading...Writing Malicious Open Source Packages Workshop
11:30
-
13:30
April 25, 2023
Jossef Harush Kadouri
|
Checkmarx
Jossef Harush Kadouri | Checkmarx
In this interactive workshop, participants will learn how to write malicious Python packages and gain a deeper understanding of how attackers can exploit our delicate software supply chains. By taking on the role of an attacker, participants can experiment with writing code that can exfiltrate host...
Continue reading...Code Busters - Appsec Code Review Challenges
11:30
-
13:30
April 25, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!
13:30
-
15:30
April 25, 2023
Dwayne McDaniel
|
GitGuardian
Dwayne McDaniel | GitGuardian
Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...
Continue reading...Code Busters - Appsec Code Review Challenges
13:30
-
15:30
April 25, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...Spot the False Positive
13:30
-
15:30
April 25, 2023
Amit Bismut
|
Backslash
Amit Bismut | Backslash
Find the true positives out of 5 SQLi.
You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!
You'll have 5 minutes to place the cards in the correct order and find the true positive(s).
The winner? Whoever finds the solution in the shortest a...
Continue reading...Code Busters - Appsec Code Review Challenges
16:15
-
18:00
April 25, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...Spot the False Positive
16:15
-
18:00
April 25, 2023
Amit Bismut
|
Backslash
Amit Bismut | Backslash
Find the true positives out of 5 SQLi.
You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!
You'll have 5 minutes to place the cards in the correct order and find the true positive(s).
The winner? Whoever finds the solution in the shortest a...
Continue reading...Faking GitHub Contributions Workshop-25
16:15
-
18:00
April 25, 2023
Tal Folkman
|
Checkmarx
Tal Folkman | Checkmarx
In this interactive workshop, participants will learn how to fake GitHub profiles to appear legitimate and understand how attackers can use social engineering techniques to gain access to sensitive information. By taking on the role of an attacker, participants can experiment with creating convincin...
Continue reading...Day 2 - April 26, 2023
Spot the False Positive
09:30
-
11:30
April 26, 2023
Amit Bismut
|
Backslash
Amit Bismut | Backslash
Find the true positives out of 5 SQLi.
You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!
You'll have 5 minutes to place the cards in the correct order and find the true positive(s).
The winner? Whoever finds the solution in the shortest a...
Continue reading...Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!
09:30
-
11:30
April 26, 2023
Dwayne McDaniel
|
GitGuardian
Dwayne McDaniel | GitGuardian
Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...
Continue reading...Code Busters - Appsec Code Review Challenges
09:30
-
13:30
April 26, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...How Misconfigurations Can Sink Your Containers
13:30
-
15:30
April 26, 2023
Miguel Correia
|
Checkmarx
Mário Teixeira
|
Checkmarx
Miguel Correia | Checkmarx
Mário Teixeira | Checkmarx
Are you curious about the safety of containers in today's cloud-based world? With the rise of Infrastructure as Code, ensuring your container configuration is rock solid is more important than ever. But don't worry! In this activity, we'll show you how to ensure your containers are as safe as they s...
Continue reading...The Ultimate AppSec Trivia Challenge
13:30
-
16:30
April 26, 2023
Tiago Mendo and Nuno Loureiro
|
Probely
Tiago Mendo and Nuno Loureiro | Probely
The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You c...
Continue reading...Day 3 - April 27, 2023
Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!
09:30
-
11:30
April 27, 2023
Dwayne McDaniel
|
GitGuardian
Dwayne McDaniel | GitGuardian
Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...
Continue reading...Code Busters - Appsec Code Review Challenges
09:30
-
10:30
April 27, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...Faking GitHub Contributions Workshop
10:30
-
12:30
April 27, 2023
Tal Folkman
|
Checkmarx
Tal Folkman | Checkmarx
In this interactive workshop, participants will learn how to fake GitHub profiles to appear legitimate and understand how attackers can use social engineering techniques to gain access to sensitive information. By taking on the role of an attacker, participants can experiment with creating convincin...
Continue reading...Book Signing Alice and Bob Learn Application Security
11:30
-
12:30
April 27, 2023
Tanya Janca
|
We Hack Purple
Tanya Janca | We Hack Purple
Join the author of “Alice and Bob Learn Application Security” for a book signing.
Learn application security from the very start, with this comprehensive and approachable guide!
Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, fro...
Continue reading...Code Busters - Appsec Code Review Challenges
12:30
-
15:00
April 27, 2023
ASV
ASV
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Continue reading...