RSAC 2025

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

Ready to put your Code Security knowledge to the test? Dive into our activity and tackle real-world code snippets riddled with vulnerabilities. Pick your challenge level, spot the flaws, and suggest the fix. Don't miss this hands-on opportunity to level up your AppSec game - it's all in the cards!

Welcome to the wild world of vibe coding—where we let AI agents generate the code and hit merge without a second thought. What could possibly go wrong?

In this high-energy activity, we’ll generate pull requests using an LLM and challenge you to review it for hidden vulnerabilities before it ships...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

Lock It Down, using a little-known feature from OpenSSH—hardware attestation—Smallstep created a prototype that prevents developers from pushing code from personal devices. The system ensures only approved devices can access Git repositories. SSH keys are generated with attestation data, verified vi...

Step into the world of Byte Club, a fast-paced, strategic card game that makes cybersecurity concepts fun and approachable.

Byte Club lets players simulate real-world cyber threats and defenses using frameworks like the Cyber Kill Chain and NIST Cybersecurity Framework. Whether you're a seasoned...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

Lock It Down, using a little-known feature from OpenSSH—hardware attestation—Smallstep created a prototype that prevents developers from pushing code from personal devices. The system ensures only approved devices can access Git repositories. SSH keys are generated with attestation data, verified vi...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

Welcome to the wild world of vibe coding—where we let AI agents generate the code and hit merge without a second thought. What could possibly go wrong?

In this high-energy activity, we’ll generate pull requests using an LLM and challenge you to review it for hidden vulnerabilities before it ships...

Step into the castle walls of Fort Knox, a medieval-themed puzzle battle where “Testers” and “Hackers” face off to defend—or dismantle—the fort!

In this fun, hands-on group activity, each team races to complete their side of a jigsaw puzzle. It’s a test of teamwork, strategy, and speed! Will you...

Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software devel...

Lock It Down, using a little-known feature from OpenSSH—hardware attestation—Smallstep created a prototype that prevents developers from pushing code from personal devices. The system ensures only approved devices can access Git repositories. SSH keys are generated with attestation data, verified vi...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

Welcome to the wild world of vibe coding—where we let AI agents generate the code and hit merge without a second thought. What could possibly go wrong?

In this high-energy activity, we’ll generate pull requests using an LLM and challenge you to review it for hidden vulnerabilities before it ships...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardwa...

A strong security culture can’t be bought, it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing “how” is the difference between success and failure.

In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing...

NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight.

Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or packag...

Ready to put your Code Security knowledge to the test? Dive into our activity and tackle real-world code snippets riddled with vulnerabilities. Pick your challenge level, spot the flaws, and suggest the fix. Don't miss this hands-on opportunity to level up your AppSec game - it's all in the cards!

Lock It Down, using a little-known feature from OpenSSH—hardware attestation—Smallstep created a prototype that prevents developers from pushing code from personal devices. The system ensures only approved devices can access Git repositories. SSH keys are generated with attestation data, verified vi...

Ready to put your Code Security knowledge to the test? Dive into our activity and tackle real-world code snippets riddled with vulnerabilities. Pick your challenge level, spot the flaws, and suggest the fix. Don't miss this hands-on opportunity to level up your AppSec game - it's all in the cards!