RSAC 2025

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

Ready to put your Code Security knowledge to the test? Dive into our activity and tackle real-world code snippets riddled with vulnerabilities. Pick your challenge level, spot the flaws, and suggest the fix. Don't miss this hands-on opportunity to level up your AppSec game - it's all in the cards!

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

Ready to put your Code Security knowledge to the test? Dive into our activity and tackle real-world code snippets riddled with vulnerabilities. Pick your challenge level, spot the flaws, and suggest the fix. Don't miss this hands-on opportunity to level up your AppSec game - it's all in the cards!