RSAC Conference 2026

At a developer meetup on secure software development, we asked a simple question: look at this login form, how could a hacker abuse it? Not one developer in the room dared to answer. The referral code field looked harmless. The backend had no validation: self-referrals, circular referrals, unlimited...

In AppSec Quiz Gauntlet: Spot the Vulnerability, you’ll join a hands-on security quiz built around real-world software risks. Analyze suspicious dependencies, uncover typosquatted packages, decode obfuscated snippets, and identify hidden vulnerabilities in short code samples.

Let’s play with blocks… and learn how real application attacks unfold.

You will build real application call stacks, one foam block at a time, with each block representing function calls in a normal execution flow.

Once your stack is complete, you will see first-hand how easy it is for exploits...

Join us for "Cards Against Security: Trust Me, It's Secure," a hilarious card game inspired by Cards Against Humanity! Test your wit as you create the funniest responses to prompts related to software development and security. Gather your friends at the AppSec Village and dive into a world of Chaing...

Step into the ring and prove your prompt-fu! In this fast-paced multiplayer game, you go head-to-head to craft the prompt that generates the most secure code - no keyboard coding allowed. Swing by for free play on Days 1 & 2 to warm up, then battle it out on Day 3 in our grand tournament for a very...

NPM Imposters is a fast-paced educational card game designed to teach players about supply chain security risks in software development, particularly through malicious NPM packages.

Recruit: help stop the Vibe Invasion. AI-generated code is flooding the frontier with insecure logic, and it’s your job to intercept it before it hits production. Vulnerable snippets (SQL injections, hardcoded secrets, broken crypto, and risky error handling) are falling toward the pipeline. Elimina...

This interactive session uses OWASP FinBot CTF to demonstrate how agentic AI systems can fail in practice and where their weaknesses emerge. Through a live walkthrough and audience participation, attendees will explore common agentic AI risk patterns and see how these issues play out in a realistic...

At a developer meetup on secure software development, we asked a simple question: look at this login form, how could a hacker abuse it? Not one developer in the room dared to answer. The referral code field looked harmless. The backend had no validation: self-referrals, circular referrals, unlimited...

Let’s play with blocks… and learn how real application attacks unfold.

You will build real application call stacks, one foam block at a time, with each block representing function calls in a normal execution flow.

Once your stack is complete, you will see first-hand how easy it is for exploits...

Step into the ring and prove your prompt-fu! In this fast-paced multiplayer game, you go head-to-head to craft the prompt that generates the most secure code - no keyboard coding allowed. Swing by for free play on Days 1 & 2 to warm up, then battle it out on Day 3 in our grand tournament for a very...

SBOM Find the Flaws is a short hands-on activity (with prizes!) where participants review SBOM files and identify intentional mistakes in the data, learning how to recognize common issues in software supply-chain documentation. Prizes will be Cassie Crossley's book or a solar-powered robot!

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. Participants engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, h...

Think you know AI pentesting? Put it to the test at this fast-paced, interactive trivia session at AppSec Village. AI Pentesting Trivia Showdown challenges participants with questions spanning offensive security fundamentals, real-world attack paths, AI-assisted testing concepts, vulnerability valid...

In AppSec Quiz Gauntlet: Spot the Vulnerability, you’ll join a hands-on security quiz built around real-world software risks. Analyze suspicious dependencies, uncover typosquatted packages, decode obfuscated snippets, and identify hidden vulnerabilities in short code samples.

Let’s play with blocks… and learn how real application attacks unfold.

You will build real application call stacks, one foam block at a time, with each block representing function calls in a normal execution flow.

Once your stack is complete, you will see first-hand how easy it is for exploits...

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. Participants engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, h...

NPM Imposters is a fast-paced educational card game designed to teach players about supply chain security risks in software development, particularly through malicious NPM packages.

Join us for "Cards Against Security: Trust Me, It's Secure," a hilarious card game inspired by Cards Against Humanity! Test your wit as you create the funniest responses to prompts related to software development and security. Gather your friends at the AppSec Village and dive into a world of Chaing...

At a developer meetup on secure software development, we asked a simple question: look at this login form, how could a hacker abuse it? Not one developer in the room dared to answer. The referral code field looked harmless. The backend had no validation: self-referrals, circular referrals, unlimited...

Recruit: help stop the Vibe Invasion. AI-generated code is flooding the frontier with insecure logic, and it’s your job to intercept it before it hits production. Vulnerable snippets (SQL injections, hardcoded secrets, broken crypto, and risky error handling) are falling toward the pipeline. Elimina...

Join us for "Cards Against Security: Trust Me, It's Secure," a hilarious card game inspired by Cards Against Humanity! Test your wit as you create the funniest responses to prompts related to software development and security. Gather your friends at the AppSec Village and dive into a world of Chaing...

This session walks through a practical AIBOM lifecycle using the open-source OWASP GenAI Security Project's AIBOM Generator, from generating an AIBOM for an AI model to using it for transparency, risk visibility, and downstream risk management activities. Attendees will see how AIBOM can help captur...

Join us for "Cards Against Security: Trust Me, It's Secure," a hilarious card game inspired by Cards Against Humanity! Test your wit as you create the funniest responses to prompts related to software development and security. Gather your friends at the AppSec Village and dive into a world of Chaing...

In AppSec Quiz Gauntlet: Spot the Vulnerability, you’ll join a hands-on security quiz built around real-world software risks. Analyze suspicious dependencies, uncover typosquatted packages, decode obfuscated snippets, and identify hidden vulnerabilities in short code samples.

The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. Participants engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, h...

Step into the ring and prove your prompt-fu! In this fast-paced multiplayer game, you go head-to-head to craft the prompt that generates the most secure code - no keyboard coding allowed. Swing by for free play on Days 1 & 2 to warm up, then battle it out on Day 3 in our grand tournament for a very...

SBOM Find the Flaws is a short hands-on activity where participants review SBOM files and identify intentional mistakes in the data, learning how to recognize common issues in software supply-chain documentation.