What we will teach:

The AppSec community is back with more tools, more content, and more challenges!

We will teach attendees how to use tools such as SAST, DAST, and SCA to analyze source code for vulnerabilities. Sample vulnerable repositories will be provided for attendees to learn and practice the use of these tools.

Static Application Security Testing (SAST): Use tools such as FluidAttacks and Snyk to identify vulnerabilities in code, and learn how to remediate them

Dynamic Application Security Testing (DAST): Use tools such as OWASP ZAP to analyze a running application for security misconfigurations

Software Composition Analysis (SCA): Use tools such as Google’s osv.dev to identify vulnerable third party components of an application

Once you’ve found a vulnerability, learn how to use Git to submit a fix through a pull request.

If you’ve never written any code in your life, don’t worry! We’ll have an introductory AppSec challenge for you to learn something about AppSec without having to learn how to write code.

What should I bring?

Participants will not need to bring any equipment to learn, we will have a limited number of workstations available to share.

For the best experience you should bring the following equipment when visiting the AppSec Community:

• Laptop
• Install Git
• Install Python
• Have a Linux virtual machine