Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps has software behind it. Learn from the best of the best on exploiting software vulnerabilities and securing the software that is the foundation of our dynamic world.

Stop by RSAC Sandbox in Moscone South at RSA Conference starting Tuesday, May 7 at 4:30 PM through Thursday, May 9 at 2:30 PM to visit the AppSec Sandbox and participate in seven more hands-on activities. Register today using code 34USBAPPVFD to save $150 on your RSAC 2024 Full Conference Pass.

Day 1 - May 07, 2024

16:30

16:30 - 18:00

Spot the False Positive

Backslash

Find the true positives out of 5 SQLi. You've got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You'll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount o...

More info...
16:30 - 18:00

Hacking GPTs Using Prompt Manipulation

CATO

Language Language Models, also known as LLMs, have become an essential part of our daily work routine. OpenAI is a leading company in this field, having launched the first LLM, called ChatGPT, and constantly improving the model by adding new features. One such feature is GPTs, a customizable version...

More info...
16:30 - 18:00

Spot the Secrets: Finding The Valid Secrets Throughout Your Environments

GitGuardian

Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets goes beyond just the top layer of code that you put in production. It affects feature branches, old commits, logs, and communication and collabor...

More info...

Day 2 - May 08, 2024

09:30

09:30 - 11:30

Capture the Container

ChainGuard

In this session, we will dive into bloated containers, a pressing problem plaguing open source software supply chains. We will discuss this phenomena and demonstrate how to use scanners and the National Vulnerability Database to address bloat in your own containers. The bulk of this session will con...

More info...
09:30 - 11:30

Hacking Developers’ Trust – Faking GitHub Contribution

Checkmarx

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

More info...
09:30 - 11:30

Test Your AppSec Knowledge—It's in the Cards

Deepfactor

Pick 5 cards with random levels of difficulty. Answer questions ranging from true/false to multiple choice to spot the vulnerable code. Test your knowledge on risky deployment scenarios, rack up the points, and get to the top of the leaderboard to win!

More info...

11:30

11:30 - 13:30

Untitled

Akto

11:30 - 13:30

Spot the Secrets: Finding The Valid Secrets Throughout Your Environments

GitGuardian

Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets goes beyond just the top layer of code that you put in production. It affects feature branches, old commits, logs, and communication and collabor...

More info...
11:30 - 13:30

Spot the False Positive

Backslash

Find the true positives out of 5 SQLi. You've got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You'll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount o...

More info...

13:30

13:30 - 15:30

Test Your AppSec Knowledge—It's in the Cards

Deepfactor

Pick 5 cards with random levels of difficulty. Answer questions ranging from true/false to multiple choice to spot the vulnerable code. Test your knowledge on risky deployment scenarios, rack up the points, and get to the top of the leaderboard to win!

More info...
13:30 - 15:30

Hacking GPTs Using Prompt Manipulation

CATO

Language Language Models, also known as LLMs, have become an essential part of our daily work routine. OpenAI is a leading company in this field, having launched the first LLM, called ChatGPT, and constantly improving the model by adding new features. One such feature is GPTs, a customizable version...

More info...
13:30 - 15:30

Hacking Developers’ Trust – Faking GitHub Contribution

Checkmarx

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

More info...

15:30

15:30 - 16:30

Capture the Container

ChainGuard

In this session, we will dive into bloated containers, a pressing problem plaguing open source software supply chains. We will discuss this phenomena and demonstrate how to use scanners and the National Vulnerability Database to address bloat in your own containers. The bulk of this session will con...

More info...
15:30 - 16:30

Spot the False Positive

Backslash

Find the true positives out of 5 SQLi. You've got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You'll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount o...

More info...
15:30 - 16:30

Spot the Secrets: Finding The Valid Secrets Throughout Your Environments

GitGuardian

Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets goes beyond just the top layer of code that you put in production. It affects feature branches, old commits, logs, and communication and collabor...

More info...

Day 3 - May 09, 2024

09:30

09:30 - 12:00

Hacking GPTs Using Prompt Manipulation

CATO

Language Language Models, also known as LLMs, have become an essential part of our daily work routine. OpenAI is a leading company in this field, having launched the first LLM, called ChatGPT, and constantly improving the model by adding new features. One such feature is GPTs, a customizable version...

More info...
09:30 - 12:00

Untitled

Akto

12:00

12:00 - 14:30

Hacking Developers’ Trust – Faking GitHub Contribution

Checkmarx

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

More info...

Thanks to our Sponsors

Gold Sponsors


Silver Sponsors

Is your organization passionate about application security and want to sponsor?

Read on how to become a sponsor and checkout our available sponsorship opportunities.