AppSec DC 2012 CTF will be a competition in which participants compete for prizes in a test of application and network hacking skills. The contestants will participate in real-world scenarios designed to simulate vulnerabilities discovered in production environments. The competition will focus on application security but participants should arrive ready with an arsenal of skill-sets to complete these challenges.

The contest begins on April 4th at 1pm and ends the next day, April 5th at 1pm.
Competitors are allowed to team up with a other contestants but prizes are only available for four (4) participants. All participants must physically attending the conference and external access ot the system is not available. Additionally, we are bound by the Convention Center’s hours of operation to conduct the CTF so this will not be an all night competition.

The scoring system and any other system NOT designated as “In-Scope” is considered OFF-LIMITS and any malicious activity towards or on those systems will result in an immediate disqualification for the team from which the participant(s) exists.

Contestants will use their own equipment to compete with but it is HIGHLY recommended that contestants do not bring equipment which hosts personal or sensitive data.
Scoring will take place via a web-based scoreboard portal. Teams will have individual logins that will be required to submit points.

Internet access will be offered at the conference as a means to obtain tools necessary for the competition, but we recommend that you bring the necessary tools to the event. We cannot guarantee access to all sites via the standard convention network, and visiting some sites you would normally obtain hacking tools from may be blocked from the normal convention Wi-Fi. OWASP AppSec DC will provide an isolated the environment and systems which will host the vulnerable applications.


  • Bring…
    • Android SDK (Emulator)
    • Any other Android related testing tools (Mallory, Eclipse & DDMS, etc.)
    • Your toolkit, of course :-)
    • Energy!

First Place: TBD
Second Place: TBD
Third Place: Free admission to AppSecDC 2013
Fourth Place: TBD

Registration will be held up to the day of the competition 4/4/2012 at 12:30PM and can be done either by sending an email to in the format listed below or in person in room 207A. We urge participants to register prior to the conference as space is limited.

Name: First, Last
Alias: Ex: 1337h4xx0r
Team Name: Ex: E4tU4br34kf4s7
Team Size: Max of 4
List Teammates: By Alias, if none, list N/A