OWASP - User contributions [en]

OWASP Jerusalem 2013 04

2013-04-22T11:30:22Z

Josh Amishav-Zlatin:

OWASP Jerusalem Apr 2013 meeting was held on the 3/4/2013 Tuesday at the Bynet building in Har Hozvim in Jerusalem.

The meeting’s agenda was as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Josh Amishav-Zlatin - A is for Anonymous and Application Layer DoS Attacks:'''

'''Slides: http://prezi.com/b5rmsx4lrxwo/a-is-for-anonymous-and-application-layer-dos-attacks/'''

Abstract: Denial of service (DoS) attacks are like an annoying pest that wont go
away. DoS attacks are a persistent problem on the Internet, which are
extremely difficult to solve in a scalable fashion. According to WHID data,
Denial of Service attacks make up a very significant portion of web based
attacks. Despite efforts to code your app securely, a malicious user with
minimum bandwidth might still be able to take your application offline at
will. In this talk, we will focus on Slow HTTP DoS attacks which have been
a popular attack method by various hacktivist groups such as Anonymous. We
will also discuss several techniques that can be used to mitigate this
threat.

Bio: Josh leads the R&D team at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Josh specializes in web application penetration testing and FOSS based security solutions. He is an active member of the ModSecurity community and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He works as a cyber intelligence analyst at Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Jerusalem

2013-04-04T14:35:38Z

Josh Amishav-Zlatin:

Jerusalem

2013-04-04T13:58:42Z

Josh Amishav-Zlatin:

OWASP Jerusalem 2013 04

2013-04-04T13:56:26Z

Josh Amishav-Zlatin: Created page with "OWASP Jerusalem Apr 2013 meeting was held on the 3/4/2013 Tuesday at the Bynet building in Har Hozvim in Jerusalem. The meeting’s agenda was as follows: '''Gathering - Ref..."

OWASP Jerusalem Apr 2013 meeting was held on the 3/4/2013 Tuesday at the Bynet building in Har Hozvim in Jerusalem.

The meeting’s agenda was as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Josh Amishav-Zlatin - A is for Anonymous and Application Layer DoS Attacks:'''

Abstract: Denial of service (DoS) attacks are like an annoying pest that wont go
away. DoS attacks are a persistent problem on the Internet, which are
extremely difficult to solve in a scalable fashion. According to WHID data,
Denial of Service attacks make up a very significant portion of web based
attacks. Despite efforts to code your app securely, a malicious user with
minimum bandwidth might still be able to take your application offline at
will. In this talk, we will focus on Slow HTTP DoS attacks which have been
a popular attack method by various hacktivist groups such as Anonymous. We
will also discuss several techniques that can be used to mitigate this
threat.

Bio: Josh leads the R&D team at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Josh specializes in web application penetration testing and FOSS based security solutions. He is an active member of the ModSecurity community and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He works as a cyber intelligence analyst at Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Jerusalem

2013-04-04T13:53:06Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Previous Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our last chapter meeting was on April 3rd 2013 at 18:00. The agenda was as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Josh Amishav-Zlatin - A is for Anonymous and Application Layer DoS Attacks:'''

Abstract: Denial of service (DoS) attacks are like an annoying pest that wont go
away. DoS attacks are a persistent problem on the Internet, which are
extremely difficult to solve in a scalable fashion. According to WHID data,
Denial of Service attacks make up a very significant portion of web based
attacks. Despite efforts to code your app securely, a malicious user with
minimum bandwidth might still be able to take your application offline at
will. In this talk, we will focus on Slow HTTP DoS attacks which have been
a popular attack method by various hacktivist groups such as Anonymous. We
will also discuss several techniques that can be used to mitigate this
threat.

Bio: Josh leads the R&D team at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Josh specializes in web application penetration testing and FOSS based security solutions. He is an active member of the ModSecurity community and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He works as a cyber intelligence analyst at Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-24T09:33:49Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Josh Amishav-Zlatin - A is for Anonymous and Application Layer DoS Attacks:'''

Abstract: Denial of service (DoS) attacks are like an annoying pest that wont go
away. DoS attacks are a persistent problem on the Internet, which are
extremely difficult to solve in a scalable fashion. According to WHID data,
Denial of Service attacks make up a very significant portion of web based
attacks. Despite efforts to code your app securely, a malicious user with
minimum bandwidth might still be able to take your application offline at
will. In this talk, we will focus on Slow HTTP DoS attacks which have been
a popular attack method by various hacktivist groups such as Anonymous. We
will also discuss several techniques that can be used to mitigate this
threat.

Bio: Josh leads the R&D team at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Josh specializes in web application penetration testing and FOSS based security solutions. He is an active member of the ModSecurity community and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He works as a cyber intelligence analyst at Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-19T13:19:01Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He works as a cyber intelligence analyst at Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-19T13:13:45Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan researches strategic and tactical cyber attack methods from databases, telecommunication and phreaking as well as medical field attacks.
He is working as a cyber intelligence analyst in Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-19T12:55:36Z

Josh Amishav-Zlatin: removed: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan works on strategic and tactical cyber methods from databases,telecommunication and phreaking as well as medical field attack and other interesting area.
He is working as a cyber intelligence analyst in Black Cube

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-14T09:15:59Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:11:27Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).

'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:11:00Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
'''The workshop will be delivered in English.'''

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:10:29Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
**The workshop will be delivered in English.**

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:09:59Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

'''Gathering - Refreshments & Opening Remarks: 18:00-18:15'''

'''First Lecture 18:15-18:45 Almog Ohayon () - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
**The workshop will be delivered in English.**

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:09:40Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

Gathering - Refreshments & Opening Remarks: 18:00-18:15

'''First Lecture 18:15-18:45 Almog Ohayon () - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

'''Second Lecture 18:50-19:25 Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

'''Workshop 19:30-20:30 David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
**The workshop will be delivered in English.**

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:08:50Z

Josh Amishav-Zlatin:

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

Gathering - Refreshments & Opening Remarks: 18:00-18:15

First Lecture 18:15-18:45
'''Almog Ohayon () - DNS Hacks and Attacks'''

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

Second Lecture 18:50-19:25
'''Amitay Dan - Car Phone Intelligence'''

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

Workshop 19:30-20:30
'''David Kaplan - Intro to Timing Attacks '''

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
**The workshop will be delivered in English.**

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

Jerusalem

2013-03-13T18:07:12Z

Josh Amishav-Zlatin: Updated April event

{{Chapter Template|chaptername=Jerusalem|extra=The chapter leaders are [mailto:jamuse@owasp.org Josh Amishav-Zlatin] and [mailto:5013box@gmail.com Jacob Kili].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Jerusalem|emailarchives=http://lists.owasp.org/pipermail/owasp-Jerusalem}}

== Upcoming Meetings ==

'''Meeting Location: Bynet building (next to Intel), Har Hozvim - Jerusalem'''
Our next chapter meeting will be on April 3rd 2013 at 18:00. The agenda is as follows:

Gathering - Refreshments & Opening Remarks: 18:00-18:15

First Lecture 18:15-18:45
Almog Ohayon () - DNS Hacks and Attacks

Abstract:
DNS is one of the main components of each company and organization. Any damage can easily negatively affect the company's business and availability, thus it is a primary focus of hackers. We will delve into the world of of DNS and present the latest DNS attacks from around the world.

Bio: Almog is a communications and information security expert with over two decades of experience. He works at ioptimize.it

Second Lecture 18:50-19:25
Amitay Dan - Car Phone Intelligence

Many hackers try to demonstrate how to attack cars and mobile phones, but like any other battle there is a need for proper Intelligence. This lecture will show how to use systematic flaws like number's floor, hidden numbers and tenders to pinpoint and attack targets. In the close future almost every car will have a cellular modem, thus we need to start creating our defense right now.

Bio: Amitay Dan is a Cyber Intelligence Analyst at Black Cube where he works on strategic and tactical cyber methods from databases, telecommunication and phreaking as well as medical field attack and other interesting areas.

Workshop 19:30-20:30
David Kaplan - Intro to Timing Attacks

Timing Attacks have become popular over the past number of years and have been employed successfully against numerous targets ranging from network-based attacks to games consoles.
During the hour-long workshop, participants will have a chance to learn about simple software timing attacks and will attempt to attack vulnerable pieces of software.
Participants are required to bring their own laptops. A Virtual Box image with all tools needed for the workshop will be provided in advance of the day (participants are expected to have this installed prior to the start of the workshop).
Some experience with Linux – an advantage.
Programming experience – a must (Python + gcc will be provided in the VM, any other languages participants should bring necessary software).
**The workshop will be delivered in English.**

Bio: Security Researcher working for Intel Corp. by day and hacker by night - breaking things for both fun and profit!
Previously part of the red team at NDS (now Cisco).
Interested in all things security; with a special interest in real-time and Linux-based embedded systems.

Everyone is welcome to join us at our chapter meetings.

[[Category:OWASP Chapter]]
[[Category:Middle East]]

User:Josh Amishav-Zlatin

2013-03-12T15:45:50Z

Josh Amishav-Zlatin:

Josh leads the R&D team at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Josh specializes in web application penetration testing and FOSS based security solutions. He is an active member of the ModSecurity community and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications.

Jerusalem

2013-01-24T09:16:50Z

Josh Amishav-Zlatin: Added Jacob's contact detail

Defenders

2012-11-13T21:25:46Z

Josh Amishav-Zlatin:

==== OWASP Defenders ====

{| width="100%"
|- valign="top"
|
'''Defenders Community'''

A community of security professionals and stakeholders with the common goal of advancing the state of security in the area of application defense, including the tools and techniques that enable the detection and response to application layer attacks.

 '''Examples'''

AppSensor, ModSecurity, Real Time Log Analysis, Application Trending Techniques

 '''Target Audience'''

Application Security Professionals, Infrastructure Security Teams, Developers looking to integrate defensive technologies

 '''What Are OWASP Communities?'''

[http://www.owasp.org/index.php/Builders Builders], [http://www.owasp.org/index.php/Breakers Breakers] and Defenders; the idea of OWASP Communities is to bring together experts in the area that they are best at with the common goal of advancing the state of application security. This approach allows similar groups of professionals and experts to tackle security problems with the involvement of the most relevant stakeholders. The intent is to drive high quality output that is immediately usable by the target audience. More information about this vision can be found [http://michael-coates.blogspot.com/2011/02/vision-for-owasp.html here]

|
[[Image:OWASP-vision.jpg]]

|}

==== The Community ====

      

{| cellspacing="1" cellpadding="1" style="width: 404px; height: 413px;"
|-
| [[Image:MichaelCoates-OWASP.jpg|100px]] 
| '''Michael Coates''' Mozilla michael.coates@owasp.org http://michael-coates.blogspot.com @_mwc
|
|
|-
| [[Image:JohnMelton-OWASP.jpg|100px]] 
| '''John Melton''' Wells Fargo john.melton@owasp.org http://www.jtmelton.com 
|
|
|-
| [[Image:IvanRistic-OWASP.jpg|100px]] 
| '''Ivan Ristic''' Qualys ivanr@webkreator.com http://blog.ivanristic.com/ @ivanristic
|
|
|-
| [[Image:ColinWatson-OWASP.jpg|100px]] 
| '''Colin Watson''' Watson Hall Ltd. colin.watson@owasp.org http://www.clerkendweller.com @clerkendweller
|
|
|-
| [[Image:RyanBarnett-OWASP.jpg|100px]] 
| '''Ryan Barnett''' Trustwave ryan.barnett@owasp.org http://tacticalwebappsec.blogspot.com/ @ryancbarnett
|
|
|-
| [[Image:LucasFerreira-OWASP.jpg|100px]] 
| '''Lucas C. Ferreira''' Câmara dos Deputados (Brazilian Chamber of Deputies) lucas.ferreira@owasp.org http://blog.sapao.net @lucassapao
|
|
|-
| [[Image:PrzemyslawSkowron-OWASP.jpg|100px]] 
| '''Przemyslaw Skowron''' Alior Bank S.A. przemyslaw.skowron@owasp.org - -
|
|
|-
|  
| '''Chen King'''      
|
|
|-
|  
| '''Fernando A. Damião'''      
|
|
|-
|  
| '''Yvan Boily''' yvanboily@gmail.com @ygjb  
|
|
|-
|  
| '''Josh Amishav-Zlatin''' jamuse@gmail.com @jamuse  
|

|}

Want to contribute to the OWASP Defenders Community? Add your info and send an email to [mailto:michael.coates@owasp.org michael.coates@owasp.org]
 

==== Roadmap ====
* Determine the current market need. This requires involvement from people in enterprise that are tacking these problems. No guessing about what we think people need.
* Evaluate current OWASP projects to understand match with market need and quality of projects
* Identify 3-4 projects that will be focused on for growth and promotion
* Archive other projects (within defender domain) that are abandoned or not inline with market need
* Cross training - We should all be able to help out to advance our 3-4 core projects
* Significantly advance quality of selected projects
* Community outreach for adoption
* High quality marketing efforts
* Conference presentations across multiple projects

==== Official Defender Projects ====

To be determined - see roadmap

==== All Defender Related Projects ====
All projects that are related to the OWASP Defenders community can be found at the following link: [[:Category:OWASP_Defenders]]

__NOTOC__ <headertabs />

ModSecurity CRS RuleID-960000

2012-06-27T13:20:08Z

Josh Amishav-Zlatin: Created page with "== Rule ID: 960000 == <table style="border-style:double;border-width:3px;" > <tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:upperc..."

== Rule ID: 960000 ==

<table style="border-style:double;border-width:3px;" >
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule ID</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
960000
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule Message</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Attempted multipart/form-data bypass
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule Summary</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Identify multipart/form-data name evasion attempts
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Impact</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
2 - Critical
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
<code>
SecRule FILES_NAMES|FILES "['\";=]" "phase:2,t:none,id:'960000',rev:'2.2.5',block,capture,msg:'Attempted multipart/form-data bypass',logdata:'%{matched_var}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:'tx.id=%{rule.id}',tag:'RULE_MATURITY/7',tag:'RULE_ACCURACY/7',tag:'https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-%{tx.id}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{tx.0}"
</code>
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Detailed Rule Information</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
*There are possible impedance mismatches between how ModSecurity interprets multipart file names and how a destination app server such as PHP might parse the Content-Disposition data.
*These rules check for the existence of the ' " ; = meta-characters in either the file or file name variables in order to detect evasion attempts.
<pre>
/// A description of the regular expression:
///
/// Match any (single) character contained within the brackets
</pre>
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Example Payload</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Content-Disposition: form-data; name="fileRap"; filename="file=.txt"
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Example Audit Log Entry</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Include an example ModSecurity Audit Log Entry for when this rule matchs.
<pre>
--50b28e4c-A--
[27/Jun/2012:16:07:22 +0300] T@sFin8AAQEAADwGDRIAAAAA 127.0.0.1 56803 127.0.0.1 80
--50b28e4c-B--
POST /fileupload.asp HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://localhost/
Content-Type: multipart/form-data; boundary=--------397236876
Content-Length: 930

--50b28e4c-C--
----------397236876
Content-Disposition: form-data; name="fileRap"; filename="file=.txt"
Content-Type: text/plain

555-555-0199@example.com
----------397236876

--50b28e4c-F--
HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

--50b28e4c-E--

--50b28e4c-H--
Message: Access denied with code 403 (phase 2). Pattern match "['\";=]" at FILES:fileRap. [file "/opt/modsecurity/etc/crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "73"] [id "960000"] [rev "2.2.5"] [msg "Attempted multipart/form-data bypass"] [data "file=.txt"] [severity "CRITICAL"] [tag "RULE_MATURITY/7"] [tag "RULE_ACCURACY/7"] [tag "https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-960000"]
Action: Intercepted (phase 2)
Stopwatch: 1340802442388746 3425 (- - -)
Stopwatch2: 1340802442388746 3425; combined=2114, p1=1798, p2=300, p3=0, p4=0, p5=15, sr=91, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.0-dev1 (http://www.modsecurity.org/); core ruleset/2.2.5.
Server: Apache/2.2.22 (Debian)
Engine-Mode: "ENABLED"

--50b28e4c-K--
SecRule "FILES_NAMES|FILES" "@rx ['\";=]" "phase:2,log,t:none,id:960000,rev:2.2.5,block,capture,msg:'Attempted multipart/form-data bypass',logdata:%{matched_var},severity:2,setvar:tx.msg=%{rule.msg},setvar:tx.id=%{rule.id},tag:RULE_MATURITY/7,tag:RULE_ACCURACY/7,tag:https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-%{tx.id},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{tx.0}"

--50b28e4c-Z--

</pre>
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Attack Scenarios</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
An attacker manipulated the file name which is mistakenly treated as code by the backend server.
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Ease of Attack</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Easy
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Ease of Detection</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Easy with regular expressions
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >False Positives</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
'''None known''' 
If there are any known false positives - specify them here
Also sign-up for the Reporting False Positives mail-list here:
https://lists.sourceforge.net/lists/listinfo/mod-security-report-false-positives
 
Send FP Report emails here: 
mod-security-report-false-positives[[Image:Justat.gif|10x]]lists.sourceforge.net
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >False Negatives</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
'''None known'''
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule Maturity</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
'''7''' 
10 point scale (0-9) where: 0 = Beta/Experimental 9 = Heavily Tested
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule Accuracy</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
'''7''' 
10 point scale (0-9) where: 0 = High % of FP 5 = No false positives reported
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Rule Documentation Contributor(s)</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
Josh Amishav-Zlatin - jamuse[[Image:Justat.gif|10px]]gmail.com.com
</td></tr>
<tr><td style="border-style:solid;border-width:1px;background-color:#CCCCCC;text-transform:uppercase " >Additional References</td>
<td style="background-color:#F2F2F2;table-layout:fixed;width:700px;" >
http://www.ietf.org/rfc/rfc2183.txt
</td></tr>
</table>
[[Category:OWASP ModSecurity Core Rule Set Project]]

User:Josh Amishav-Zlatin

2011-03-22T09:46:25Z

Josh Amishav-Zlatin:

Josh is the Director of Research and Development at Pure Hacking and is involved with the OSVDB, WASC Threat Classification and ModSecurity projects.

User talk:Josh Amishav-Zlatin

2011-02-01T09:18:02Z

Josh Amishav-Zlatin: Blanked the page

User:Josh Amishav-Zlatin

2010-12-30T21:35:34Z

Josh Amishav-Zlatin:

Josh is Senior Security Consultant with Pure Hacking and is involved with the OSVDB, WASC Threat Classification and ModSecurity projects.

User talk:Josh Amishav-Zlatin

2010-12-30T18:31:48Z

Josh Amishav-Zlatin:

Josh is the Director of Research Development at Pure Hacking.

User talk:Josh Amishav-Zlatin

2010-12-30T18:31:16Z

Josh Amishav-Zlatin:

Josh is the Director of Research Development at Pure Hacking