Brought to you by
sketrik and l4wke
Applications run everything, and we run the Applications. Join us!
Looking to get your feet wet in code security? Hacked a thousand applications but never actually fixed one? The AppSec Community teaches how to find and fix vulnerabilities in both running sites and source code. Attendees will have an opportunity to identify vulnerabilities via walkthroughs of known vulnerabilities and exploits, discover common security flaws in code, take application security tools for a spin, or participate in fixing a nuanced security edge case. Whether a beginner or an experienced pro, the AppSec Community will upgrade your abilities in both finding and fixing flaws.
Everything you need to know…
In the Application Security Community, where we show the importance of keeping your application code secure. We will run through practices on how to identify, fix, and prevent vulnerabilities in running applications and source code. In addition, we will show you how to evaluate your application security program, use common application security tools, and model threats to your applications.
What we will teach:
The AppSec community is back with more tools, more content, and more challenges!
We will guide attendees in the finding and fixing vulnerabilities, through manual processes and use of SAST, DAST, and SCA tools. Sample vulnerable repositories will be provided for attendees to learn and practice the use of these tools.
Static Application Security Testing (SAST): Use tools such as FluidAttacks and Snyk to identify vulnerabilities in code, and learn how to remediate them
Dynamic Application Security Testing (DAST): Use tools such as OWASP ZAP to analyze a running application for security misconfigurations
Software Composition Analysis (SCA): Use tools such as Google’s osv.dev to identify vulnerable third party components of an application
Once you’ve found a vulnerability, learn how to use Git to submit a fix through a pull request.
If you’ve never written any code in your life, don’t worry! We’ll have an introductory AppSec challenge for you to learn something about AppSec without having to learn how to write code.
What should I bring?
Participants will not need to bring any equipment to learn, we will have a limited number of workstations available to share.
For the best experience you should bring the following equipment when visiting the AppSec Community:
- Laptop
- Install Git
- Install Python
- Have a Linux virtual machine
Hours of Operation
- Monday
Expo Closed Monday - Tuesday
10:30a – 5:00p - Wednesday
10:30a – 5:00p - Thursday
9:00a – 5:00p - Friday
9:00a – 11:00a
What you Learn
- How to understand application development processes.
- How vulnerabilities in applications are managed
- How to interact with developers
- How to evaluate code for vulnerabilities
MiniBadge Details
Details are still being worked out, but to collect our MiniBadge, come visit our booth for more details on how get this cool MiniBadge.
Desktop Wallpaper
Our community has desktop wallpaper available for download.