OWASP Bristol x SecureFlag

Live Secure Coding Tournament

Join OWASP Bristol on Thursday 11 June 2026 for a hands-on secure coding evening in collaboration with SecureFlag.

This in-person meetup will be a little different from our usual talk format. After a short introduction attendees will then take part in a live, hackathon-style secure coding tournament where the goal is not just to find vulnerabilities, but to fix them.

SecureFlag’s tournament format gives participants access to fully provisioned, browser-based coding labs. You will work through real-world security challenges, identify vulnerable code, submit fixes, and see whether your solution passes both security and functional tests. Progress will be tracked on a live leaderboard throughout the evening, with prizes awarded to the top performers.

Whether you are a developer, AppSec practitioner, security engineer, student, tester, or simply someone interested in learning how secure coding works in practice, this session is designed to be practical, social, and accessible. Labs will support different skill levels, with hints available if you get stuck. Experienced participants can push for higher scores by solving challenges with fewer hints and fewer retries.

To help encourage those with less experience, SecureFlag will also have support onsite to help people if they get stuck. So, while there will be a competitive element for those aiming for the top of the leaderboard, the evening is also very much open to those who are interested in learning more but may not yet have extensive secure coding experience. Support will be available to help participants understand the challenges and work through the labs.

No local setup is required. Just bring a laptop, connect to the venue Wi-Fi, scan the registration QR code on the night, and you will be ready to take part.

What to expect
This will be a practical secure development tournament where participants will:

• Work through browser-based secure coding labs
• Find and fix vulnerabilities in real code
• Submit solutions that are tested for both security and functionality
• Compete on a live leaderboard
• Learn secure coding techniques by doing, not just listening
• Receive onsite support from SecureFlag if they get stuck
• Enjoy pizza, refreshments, and informal networking
• Compete for prizes provided by SecureFlag.

Participants can also compete under an alias if they prefer.

What to bring

• A laptop
• A charger
• Curiosity and a willingness to get hands-on

You do not need to install anything beforehand. The tournament runs in the browser, with the lab environments already prepared.

Who should attend
This event is suitable for:

• Software developers interested in secure coding
• AppSec and product security professionals
• Cybersecurity students and early-career practitioners
• Security engineers and penetration testers
• QA/test engineers working with application security
• Anyone interested in learning how vulnerabilities are fixed in practice

All skill levels are welcome. You do not need to be an expert to take part. The tournament will be competitive for those who want to challenge themselves, but it will also be supportive for attendees who are still learning and want to build confidence with secure coding in a practical environment.

Notes
Spaces for Thursday 11 June 2026 are limited, so If your plans change, kindly update your RSVP so someone else can take your place.

About

SecureFlag provides hands-on secure coding training through practical, interactive lab environments. For this OWASP Bristol session, they will be facilitating a live secure development tournament where attendees can learn by fixing real vulnerabilities in running applications, with support available onsite to help participants work through the challenges.

OWASP Bristol is part of the global OWASP community, bringing together people interested in application security, secure software development, security engineering, and practical knowledge-sharing. Our meetups are open to developers, security professionals, students, researchers, and anyone interested in building safer software.