Las Vegas Convention Center, West Hall, Level 2, Rooms 228-230

New location for 2024!!! Not on the Vegas Strip.

Village Hours

Day 1 Friday, August 9, 10am - 6pm
Day 2 Saturday, August 10, 10am - 6pm
Day 3 Sunday, August 11, 10am - 1pm

All times are in Pacific Time(GMT -7)

Day 1 - August 09, 2024

10:00

10:00 - 17:30

Fix the Flag Wargame (Day 1)

Harley Wilson

10:15

10:15 - 10:45

Winning big: AppSec Considerations From the Casino Industry

Talk All Audiences

Aleise McGowan

Tennisha Martin

11:00

11:00 - 13:00

Arsenal: AI Goat

Arsenal All Audiences

Ofir Yakobi

Shir Sadon

11:00 - 13:00

Activity: Spot the Reachable by Backslash

POD

Czesia Glik

Yossi Pik

11:00 - 13:00

Arsenal: CyberChef like Automation within BurpSuite - Let's get cooking with the CSTC

Arsenal All Audiences

Florian Haag

Matthias Göhring

11:00 - 13:00

Activity: Vulnerability Hunt - The Snippets Edition

POD

Mário Leitão-Teixeira

11:00 - 11:30

Securing Frontends at Scale: Paving our Way to the Post-XSS World

Talk Intermediate

jen-ozmen

Aaron Shim

11:45

11:45 - 12:15

Ticking SQLi

Talk Intermediate

Iggy

12:30

12:30 - 13:00

Hacking Corporate Banking for Fun and Profit

Talk All Audiences

niks

Charles Waterhouse

13:00

13:00 - 15:00

Activity: Q&A With OWASP

POD

Edmond Momartin

13:00 - 15:00

Activity: Capture the Container by Chainguard

POD

Jonathan Leitschuh

13:00 - 14:00

Arsenal: GraphQL Armor - Open Source GraphQL Security

Arsenal All Audiences

Tristan Kalos

Antoine Carossio

13:15

13:15 - 13:45

SDLC Nightmares - Defeating Secure Code Review GPT Hallucinations

Talk All Audiences

Wang Zhilong

Xinzhi Luo

14:00

14:00 - 14:30

Relative Path File Injection: The Next Evolution in RPO

Talk Intermediate

Ian Hickey

14:45

14:45 - 15:15

Threat Modeling in the Age of AI

Talk Intro

Adam Shostack

15:00

15:00 - 16:00

Arsenal: HunterBounter - Swiss Army Knife for Bug Bounty

Arsenal Intermediate

Utku Yildirim

15:30

16:15

16:15 - 16:45

I've got 99 problems but a prompt injection ain't watermelon

Talk All Audiences

Chloé Messdaghi

Kasimir Schulz

17:00

Day 2 - August 10, 2024

10:00

10:00 - 17:30

Fix the Flag Wargame (Day 2)

Harley Wilson

10:15

11:00

11:00 - 14:00

Application Threat Modeling with Trike

Workshop Intermediate

AreTillery

11:00 - 13:00

Activity: Capture the Container by Chainguard

POD

Jonathan Leitschuh

11:00 - 12:00

Arsenal: SCAGoat

Arsenal Intermediate

kvprashant

Gaurav Joshi

HK

11:00 - 11:30

BOLABuster: Harnessing LLMs for Automating BOLA Detection

Talk All Audiences

Ravid Mazon

Jay Chen

11:00 - 13:00

Activity: Vulnerability Hunt - The Snippets Edition

POD

Mário Leitão-Teixeira

Eugene Rojavski

11:40

12:20

12:20 - 12:50

Maturing Your Application Security Program

Talk Advanced

SheHacksPurple

13:00

13:00 - 15:00

Activity: Spot the Reachable by Backslash

POD

Czesia Glik

Yossi Pik

13:00 - 13:45

Transforming AppSec: Protecting 'Everything as Code' & Emerging Tech

Panel All Audiences

Kunal Bhattacharya

Shahar Man

Trupti Shiralkar

Sara Attarzadeh

13:00 - 14:30

Arsenal: SanicDNS

Arsenal Intermediate

Jasper Insinger

14:00

14:00 - 14:30

Web2 Meets Web3: Hacking Decentralized Applications

Talk Intermediate

Peiyu Wang

14:40

14:40 - 15:10

Engineers & Exploits: The Quest for Security

Talk Intermediate

Spyros Gasteratos

Andra

15:00

15:00 - 17:00

Injecting and Detecting Backdoors in Code Completion Models

Workshop Intermediate

Tal Folkman

Ori Ron

15:00 - 17:00

Activity: Spot the Reachable by Backslash

POD

Czesia Glik

Yossi Pik

15:00 - 17:00

Activity: API Security 101: Testing and Trivia by Akto.io

POD

Ankita Gupta

Ankush Jain

15:20

15:20 - 15:50

Speed Bumps and Speed Hacks: Adventures in Car Manufacturers Security

Talk All Audiences

Paulo A. Silva

David Sopas

16:00

16:00 - 16:30

The Missing Link - How we collect and leverage SBOMs

Talk Intro

Cassie Crossley

16:40

16:40 - 17:10

0.0.0.0 Day: Exploiting Localhost APIs From The Browser

Talk Advanced

Avi Lumelsky

Gal Elbaz

17:20

17:20 - 17:50

The Dark Side of Bug Bounty

Talk Intermediate

Jason Haddix

Day 3 - August 11, 2024

10:00

10:00 - 13:00

Fix the Flag Wargame (Day 3)

Harley Wilson

10:15

10:45

11:00

11:00 - 13:00

Activity: Threat modelling fun session with OWASP Cornucopia

POD Intermediate

Konstantinos Papapanagiotou

11:00 - 13:00

Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx

POD

Ori Ron

Mário Leitão-Teixeira

Tal Folkman

11:45

11:45 - 12:15

Your CI/CD Pipeline Is Vulnerable, But It's Not Your Fault

Talk Intermediate

Elad Pticha

Oreen Livni

12:30

Thanks to our Sponsors

Gold Sponsors


Silver Sponsors


Hacker Fuel Sponsor


CTF Prize Sponsor

Is your organization passionate about application security and want to sponsor?

Read on how to become a sponsor and checkout our available sponsorship opportunities.