Amazon AppSec CTF 2025

About THE CTF

 

INVITATION-ONLY GLOBAL SECURITY COMPETITION

The Amazon AppSec CTF 2025 is an invitation-only, global security competition designed to spotlight top talent in application security. Hosted by Amazon's Application Security (AppSec) team, the event brings together experienced security professionals from around the world to solve advanced, real-world security challenges.

Participants from Asia-Pacific (APAC), Europe, Middle East & Africa (EMEA), and North America (NAMER) will compete in a high-stakes environment reflecting Amazon's commitment to innovation, security, and technical excellence.

Event Format

Two-Phase Structure:

1 Phase 1: Global Virtual Qualifiers

  • Date: September 11 - 13, 2025
  • Duration: 48 hours
  • Format: Online (invitation-only)
  • Participants: 500 pre-selected individuals invited by Amazon
  • Advancement: Top 30 individuals per region qualify for Regional Finals

2 Phase 2: Regional Finals

  • Date: September 26, 2025
  • Format: Hybrid (in-person + virtual options)
  • Duration: 6-8 hours
  • Locations:
  • APAC: Bengaluru, India (BLR26)
  • EMEA: London, UK (LHR16)
  • NAMER: Austin, USA (AUS16)
Additional Activities: Network with Amazon security leaders, tech talks, and more

Registration & Eligibility

Registration Period

  • Opens: 22 August 2025
  • Closes: 07 September 2025

Selection Process

  • Applications are reviewed by Amazon AppSec experts
  • 500 participants will be selected based on:
    • Relevant experience and skills
    • Regional representation
    • Diversity of background and perspectives
  • Invitations will be sent by email
  • Participation is by invitation only; invitations are non-transferable

What to Expect

  • Individual-focused security challenges
  • Competitive leaderboard with regional recognition
  • Real-world application security scenarios
  • Access to Amazon security professionals
  • Prizes and bragging rights for top performers

Rules of Engagement

  1. Individual Competition Only
    Participants must compete independently. Collaboration or sharing of solutions is strictly prohibited.
  2. Invitation Required
    Only individuals who have received and confirmed official invitations may participate.
  3. Stay Ethical & In Scope
    All activity must remain within the boundaries of the provided CTF environment. No scanning or probing external systems.
  4. Original Work Required
    All solutions must be the participant's own. Use of unauthorized assistance, scripts, or AI-generated answers is not permitted.
  5. Bring Your Own Device (BYOD)
    Participants are responsible for using their own laptops and internet connectivity.
  6. Travel & Participation
    Finalists may choose to attend their regional final in person or virtually. Amazon will not cover travel, accommodation, or visa costs.
  7. Hack The Box Rules Apply
    All platform rules (HTB) must be followed throughout the competition.
  8. Code of Conduct
    All participants must adhere to the Code of Conduct and maintain professionalism throughout the event.
  9. Not an Offer of Employment
    Participation in this event does not constitute or imply any offer of employment with Amazon.

Important Notes

  • BYOD Event: Amazon will not supply devices or technical support
  • Self-funded Travel: Finalists are responsible for their own travel and lodging if attending in person
  • No Employment Offers: This is a skills-based competition, not a recruiting event
  • Data Privacy: Any data shared during registration will be used only for event management purposes in line with Amazon's privacy policies

Get Ready

Challenge yourself. Connect with global security peers. Compete at the highest level.

We look forward to seeing what you bring to the table.

Questions?

Please reach out to: appsec-ctf@amazon.com

Amazon AppSec CTF 2025
Registration closes
September 7, 2025
CTF start
September 11, 2025
Registration Closed