Brought to you by:


Hours of Operation

 1:00p – 5:00p  Tuesday
 8:00a – 4:00p  Wednesday
 8:00a – 4:00p  Thursday
        Closed  Friday

Minibadge Details

To earn an AppSec minibadge, you must visit the community and solve a simple challenge – don’t worry, we’ll help you!



Are you a developer looking to get your feet wet in code security? Have you hacked a thousand applications but never actually fixed any? In the all-new SAINTcon AppSec village, you will learn how to find and fix vulnerabilities in source code. From beginners, we’ll help you connect a vulnerability in OWASP Juice Shop to the problem in the code, and walk you through creating your first pull request to fix it. Make new connections by finding someone to review and approve your changes. Take vulnerabilities you found in the Red Team community and learn how to fix them. For more experienced developers, test your static analysis skills on a custom vulnerable application by fixing everything you can find and scoring against a set of automated tests.

Come and learn how secure coding should work, and what happens when it is not done well.

Our Main Events

We will be hosting a mini Capture The Flag (CTF) event with several challenges which include:

  • For complete beginners, learn how to write a regular expression (regex) to filter malicious input
  • Learn how to fix vulnerabilities in OWASP Juice Shop (talk to our friends at the Red Team community if need help finding some!), and write your first Pull Request
  • Compete against your peers to fix a custom vulnerable web application in the informal AppSec Challenge – swag will be given to participants (while supplies last), and winners will get bragging rights and their name at the top of a fancy scoreboard

Getting Started

Come visit the community! Be sure to tell us your previous experience with code so we can help you get started where you are most comfortable. Whether you are brand new to code or have been a software developer for 20 years, we have a challenge suited for you.

Bring vulnerabilities you’ve found or exploited in OWASP Juice Shop at the Red Team community to learn about the underlying problems that caused them. We’ll help you find the vulnerable code and fix it. A limited number of laptops running Linux will be provided at the community – it is recommend to bring your own in case they are being used.