Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps has software behind it. Learn from the best of the best on exploiting software vulnerabilities and securing the software that is the foundation of our dynamic world. Join us in the AppSec Sandbox from Tuesday, April 25 through Thursday, April 27.

All times are in Pacific Time(GMT -7)

Day 1 - April 25, 2023

How Misconfigurations Can Sink Your Containers

09:30 - 11:30 April 25, 2023

Miguel Correia | Checkmarx

Mário Teixeira | Checkmarx

Are you curious about the safety of containers in today's cloud-based world? With the rise of Infrastructure as Code, ensuring your container configuration is rock solid is more important than ever. But don't worry! In this activity, we'll show you how to ensure your containers are as safe as they s...

Continue reading...

The Ultimate AppSec Trivia Challenge

09:30 - 11:30 April 25, 2023

Tiago Mendo | Probely

Nuno Loureiro | Probely

The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You c...

Continue reading...

Writing Malicious Open Source Packages Workshop

11:30 - 13:30 April 25, 2023

Jossef Harush Kadouri | Checkmarx

In this interactive workshop, participants will learn how to write malicious Python packages and gain a deeper understanding of how attackers can exploit our delicate software supply chains. By taking on the role of an attacker, participants can experiment with writing code that can exfiltrate host...

Continue reading...

Code Busters - Appsec Code Review Challenges

11:30 - 13:30 April 25, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!

13:30 - 15:30 April 25, 2023

Dwayne McDaniel | GitGuardian

Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...

Continue reading...

Code Busters - Appsec Code Review Challenges

13:30 - 15:30 April 25, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

Spot the False Positive

13:30 - 15:30 April 25, 2023

Amit Bismut | Backslash

Find the true positives out of 5 SQLi.

You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!

You'll have 5 minutes to place the cards in the correct order and find the true positive(s).

The winner? Whoever finds the solution in the shortest a...

Continue reading...

Code Busters - Appsec Code Review Challenges

16:15 - 18:00 April 25, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

CyBEER Ops

16:15 - 18:00 April 25, 2023

Spot the False Positive

16:15 - 18:00 April 25, 2023

Amit Bismut | Backslash

Find the true positives out of 5 SQLi.

You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!

You'll have 5 minutes to place the cards in the correct order and find the true positive(s).

The winner? Whoever finds the solution in the shortest a...

Continue reading...

Faking GitHub Contributions Workshop-25

16:15 - 18:00 April 25, 2023

Tal Folkman | Checkmarx

In this interactive workshop, participants will learn how to fake GitHub profiles to appear legitimate and understand how attackers can use social engineering techniques to gain access to sensitive information. By taking on the role of an attacker, participants can experiment with creating convincin...

Continue reading...

Day 2 - April 26, 2023

Spot the False Positive

09:30 - 11:30 April 26, 2023

Amit Bismut | Backslash

Find the true positives out of 5 SQLi.

You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go!

You'll have 5 minutes to place the cards in the correct order and find the true positive(s).

The winner? Whoever finds the solution in the shortest a...

Continue reading...

Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!

09:30 - 11:30 April 26, 2023

Dwayne McDaniel | GitGuardian

Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...

Continue reading...

Code Busters - Appsec Code Review Challenges

09:30 - 13:30 April 26, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

How Misconfigurations Can Sink Your Containers

13:30 - 15:30 April 26, 2023

Miguel Correia | Checkmarx

Mário Teixeira | Checkmarx

Are you curious about the safety of containers in today's cloud-based world? With the rise of Infrastructure as Code, ensuring your container configuration is rock solid is more important than ever. But don't worry! In this activity, we'll show you how to ensure your containers are as safe as they s...

Continue reading...

The Ultimate AppSec Trivia Challenge

13:30 - 16:30 April 26, 2023

Tiago Mendo and Nuno Loureiro | Probely

The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You c...

Continue reading...

Day 3 - April 27, 2023

Hunt the Hacker: Understand the Art of Detecting and Remediating Compromises in Your SDLC!

09:30 - 11:30 April 27, 2023

Dwayne McDaniel | GitGuardian

Step into the shoes of a member of the blue team in this exciting and educational exercise. Discover the threat of an ongoing application security attack by leveraging honeytokens to detect which repositories have been compromised by the hacker. You’ll gain hands-on experience mapping the attack sur...

Continue reading...

Code Busters - Appsec Code Review Challenges

09:30 - 10:30 April 27, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

Faking GitHub Contributions Workshop

10:30 - 12:30 April 27, 2023

Tal Folkman | Checkmarx

In this interactive workshop, participants will learn how to fake GitHub profiles to appear legitimate and understand how attackers can use social engineering techniques to gain access to sensitive information. By taking on the role of an attacker, participants can experiment with creating convincin...

Continue reading...

Book Signing Alice and Bob Learn Application Security

11:30 - 12:30 April 27, 2023

Tanya Janca | We Hack Purple

Join the author of “Alice and Bob Learn Application Security” for a book signing.

Learn application security from the very start, with this comprehensive and approachable guide!

Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, fro...

Continue reading...

Code Busters - Appsec Code Review Challenges

12:30 - 15:00 April 27, 2023

ASV

Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?

Continue reading...

Thanks to our Sponsors

Gold Sponsors


Silver Sponsors


Bronze Sponsors


Is your organization passionate about application security and want to sponsor?

Read on how to become a sponsor and checkout our available sponsorship opportunities.