Brought to you by:


Hours of Operation

See FAQ for Expo Area Hours

Minibadge Details

To earn an AppSec minibadge, you must visit the community and solve a simple challenge – don’t worry, we’ll help you!



Are you a developer looking to get your feet wet in code security? Have you hacked a thousand applications but never actually fixed any? In the all-new SAINTcon AppSec village, you will learn how to find and fix vulnerabilities in source code. Whether you want to get your feet wet with a simple regex filter or put your skills to the test with the AppSec Challenge, we have something for you.

Come and learn how secure coding should work, and what happens when it is not done well.

Our Main Events

We will be hosting a mini Capture The Flag (CTF) event with several challenges which include:

  • For complete beginners, learn how to write a regular expression (regex) to filter malicious input
  • Learn how to fix vulnerabilities in OWASP Juice Shop (talk to our friends at the Red Team community if need help finding some!), and write your first Pull Request
  • Compete against your peers to fix a custom vulnerable web application in the informal AppSec Challenge – swag will be given to participants (while supplies last), and winners will get bragging rights and their name at the top of a fancy scoreboard

Getting Started

Come visit the community! Be sure to tell us your previous experience with code so we can help you get started where you are most comfortable. Whether you are brand new to code or have been a software developer for 20 years, we have a challenge suited for you.

Bring vulnerabilities you’ve found or exploited in OWASP Juice Shop at the Red Team community to learn about the underlying problems that caused them. We’ll help you find the vulnerable code and fix it. A limited number of laptops running Linux will be provided at the community – it is recommend to bring your own in case they are being used.