OWASP - User contributions [en]

September 2019

2019-09-24T17:04:21Z

Ofer Maor:

Meeting Date:
Sept 25

Meeting Time:
7 PM CET (Amsterdam, Netherlands)
1 PM ET US (New York, USA)

Meeting Location:
Remote

Virtual:
[https://zoom.us/j/282821949 Zoom Meeting Link] Meeting ID: 282 821 949 - [https://zoom.us/u/kvUg3969 local dial in numbers]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1uyvKi1yrisahNnZpT6cWUs6yMwje89PI2WvjhIMgkH4/edit?usp=sharing July 2019 Minutes]

REPORTS
*[https://drive.google.com/a/owasp.org/file/d/1RtTbFd6R6PERa93UOj7EIqsGfI8Sfxty/view?usp=sharing August 2019 Balance Sheet Summary]
*[https://drive.google.com/a/owasp.org/file/d/11gfS1XtSRiUbPLgCJO8MmagV6oxawkmN/view?usp=sharing Agust 2019 OWASP Combined P&L]
*[https://drive.google.com/a/owasp.org/file/d/1rATdQS0bhSRqN0yJShCSMY3tUQ1O4LTs/view?usp=sharing Agust 19 OWASP 2019 Combined Fin pkg]

OLD BUSINESS

NEW BUSINESS

Resolution: Beginning January 1, 2020, the OWASP Foundation will no longer split profits of Global AppSec events with local chapters' internal accounting budgets. The Foundation/Chapter split for these events will be 100/0.

Resolution: Beginning January 1, 2020, the OWASP Foundation will only pay a pre-determined flat fee for trainers offering sessions at Global AppSec events. There will no longer be a Foundation/Trainer revenue split for these events.

Resolution: Starting next Board Meeting (October), All Board Meetings will require Board and Staff Members to participate using Video Conference, as provided by the meeting organizer.

Resolution: Frequency and Structure of Executive Board Face 2 Face Meetings:
* The board will hold at least two, and ideally three, face to face executive board meetings. (These are intended to advance activities in a focused productive environment, as well as discuss OWASP Staff and other issues with associated privacy aspects).
* Attendance of board members is mandatory in all face-to-face executive meetings, except for extenuating circumstances.
* With the exception of private matters of staff, all notes from face-to-face meetings will be published after the meetings.
* The suggested motions coming up during the meeting will be presented to the community and be put up to vote in the next public board meeting (other than executive matters, the board shall not vote on any motion during the face-to-face meetings)
* Face-to-face meetings will be 2 full consecutive days, unless otherwise decided by the board
* For purpose of cost-saving, the Face-to-face meetings will be done in conjunction with other significant OWASP events, such as Global AppSec events, Project summit, etc.
* The first face-to-face meeting of each year must be held in the first two months of the year (Jan/Feb). The exact time will be determined by the staff and the board of the previous year.
* The schedule for the second (and third) face-to-face meeting of each year will be determined by the newly elected board in the first face-to-face meeting.
Resolution: Set 2020 First Face-to-Face meeting to Take place in February, alongside the Project Summit

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
ADJOURNMENT

Update - Assignment of each Board Member to a specific area - as agreed upon in the last Face to Face executive board meeting.
===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

September 2019

2019-09-24T10:05:22Z

Ofer Maor: New suggested resolutions for governance of the board face to face meetings and public board meetings.

Meeting Date:
Sept 25

Meeting Time:
7 PM CET (Amsterdam, Netherlands)
1 PM ET US (New York, USA)

Meeting Location:
Remote

Virtual:
[https://zoom.us/j/282821949 Zoom Meeting Link] Meeting ID: 282 821 949 - [https://zoom.us/u/kvUg3969 local dial in numbers]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1uyvKi1yrisahNnZpT6cWUs6yMwje89PI2WvjhIMgkH4/edit?usp=sharing July 2019 Minutes]

REPORTS
*[https://drive.google.com/a/owasp.org/file/d/1RtTbFd6R6PERa93UOj7EIqsGfI8Sfxty/view?usp=sharing August 2019 Balance Sheet Summary]
*[https://drive.google.com/a/owasp.org/file/d/11gfS1XtSRiUbPLgCJO8MmagV6oxawkmN/view?usp=sharing Agust 2019 OWASP Combined P&L]
*[https://drive.google.com/a/owasp.org/file/d/1rATdQS0bhSRqN0yJShCSMY3tUQ1O4LTs/view?usp=sharing Agust 19 OWASP 2019 Combined Fin pkg]

OLD BUSINESS

NEW BUSINESS

Resolution: Beginning January 1, 2020, the OWASP Foundation will no longer split profits of Global AppSec events with local chapters' internal accounting budgets. The Foundation/Chapter split for these events will be 100/0.

Resolution: Beginning January 1, 2020, the OWASP Foundation will only pay a pre-determined flat fee for trainers offering sessions at Global AppSec events. There will no longer be a Foundation/Trainer revenue split for these events.

Resolution: Starting next Board Meeting (October), All Board Meetings will require Board and Staff Members to participate using Video Conference, as provided by the meeting organizer.

Resolution: Frequency and Structure of Executive Board Face 2 Face Meetings:
* The board will hold at least two, and ideally three, face to face executive board meetings. (These are intended to advance activities in a focused productive environment, as well as discuss OWASP Staff and other issues with associated privacy aspects).
* Attendance of board members is mandatory in all face-to-face executive meetings, except for extenuating circumstances.
* With the exception of private matters of staff, all notes from face-to-face meetings will be published after the meetings.
* The suggested motions coming up during the meeting will be presented to the community and be put up to vote in the next public board meeting (other than executive matters, the board shall not vote on any motion during the face-to-face meetings)
* Face-to-face meetings will be 2 full consecutive days, unless otherwise decided by the board
* For purpose of cost-saving, the Face-to-face meetings will be done in conjunction with other significant OWASP events, such as Global AppSec events, Project summit, etc.
* The first face-to-face meeting of each year must be held in the first two months of the year (Jan/Feb). The exact time will be determined by the staff and the board of the previous year.
* The schedule for the second (and third) face-to-face meeting of each year will be determined by the newly elected board in the first face-to-face meeting.
Resolution: Set 2020 First Face-to-Face meeting to Take place in February, alongside the Project Summit

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
ADJOURNMENT

===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

Ofer Maor 2019 Bio and Why me

2019-08-28T22:42:34Z

Ofer Maor:

==About Myself==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

'''Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.'''

== Candidate Election Video ==
[https://www.youtube.com/watch?v=r9x_36VKMYg&feature=youtu.be Ofer Maor's OWASP 2019 Elections Candidate Interview]

==Why Me?==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, made me join the board in the first place and do the best I can to contribute to OWASP. I would like to continue the work I have started so that we can truly turn the page onto OWASPs next chapter, making it a leading global organization in the cybersecurity industry.
===Focus===
I plan to continue focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I am already working on and plan on continuing:
*'''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I took upon myself to be the lead board member, working with the staff, on changing our membership models to make OWASP a more professional organization, run by its members and better supported by the corporates in our industry. Some of these changes have already been made and published, while others are still in work and are likely to take effect over the course of the next 12-18 months.
*'''Chapters''': Chapters are one of the two main pillars OWASP thrives upon. Without our chapters we have no audience and can reach no one. Yet our chapters are not all the same. Some chapters are run very well and reach a great audience, while others are struggling and failing to get traction. In my upcoming term, should I get elected, I plan to put more emphasize on helping chapters run more professionally and more consistently, giving our members and target audience a better, more consistent experience worldwide.
*'''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I supported initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
*'''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

=== Relevant Experience ===
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
*I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
*I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
*I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
*For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
*I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
==Contact Me==
If you'd like to know more - feel free to reach out to me:
*Mail: ofer.maor@owasp.org
*Twitter: @OferMaor

Ofer Maor 2019 Bio and Why me

2019-08-28T21:52:39Z

Ofer Maor: /* About Ofer */

==About Myself==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

'''Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.'''

Link to my Video here:

==Why Me?==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, made me join the board in the first place and do the best I can to contribute to OWASP. I would like to continue the work I have started so that we can truly turn the page onto OWASPs next chapter, making it a leading global organization in the cybersecurity industry.
===Focus===
I plan to continue focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I am already working on and plan on continuing:
*'''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I took upon myself to be the lead board member, working with the staff, on changing our membership models to make OWASP a more professional organization, run by its members and better supported by the corporates in our industry. Some of these changes have already been made and published, while others are still in work and are likely to take effect over the course of the next 12-18 months.
*'''Chapters''': Chapters are one of the two main pillars OWASP thrives upon. Without our chapters we have no audience and can reach no one. Yet our chapters are not all the same. Some chapters are run very well and reach a great audience, while others are struggling and failing to get traction. In my upcoming term, should I get elected, I plan to put more emphasize on helping chapters run more professionally and more consistently, giving our members and target audience a better, more consistent experience worldwide.
*'''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I supported initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
*'''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

=== Relevant Experience ===
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
*I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
*I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
*I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
*For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
*I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
==Contact Me==
If you'd like to know more - feel free to reach out to me:
*Mail: ofer.maor@owasp.org
*Twitter: @OferMaor

Staff-Projects/Board Elections/2019 Global Board of Directors Election

2019-08-28T18:39:36Z

Ofer Maor: /* Meet the Candidates and listen to their interviews */

== General Election Information ==
For general election information, including eligibility requirements, who can vote and how to vote, along with other frequently asked questions, please visit:

[https://www.owasp.org/index.php/Staff-Projects/Board_Elections OWASP Board Elections]

== Board Member Seats ==
The following individuals' Board Member Seats will expire on December 31, 2019.

* Owen Pendlebury
* Chenxi Wang
* Sherif Mansour
* Ofer Maor

== Meet the Candidates and listen to their interviews ==
''Links to the interviews will be posted here on or before September 6''

''4 seats are open for this election''

Ricardo Supo Picón

Haral Tsitsivas

Sherif Mansour

Kenneth Farrow

Teuta Hyseni

Ryan Tierney

Valencia Payne

[[Ofer Maor 2019 Bio and Why me|Ofer Maor]]

Vandana Verma Sehgal

Jon Nice

Santosh Pandit

Andrew Stevens

Ali AlEnezi

Ricardo Rodriguez

Joe Blanchard

Bil Corry

Shawn Kammerdiener

Grant Ongers

Owen Pendlebury

Trevor Hogan

== Milestones ==

* 2019-07-02 - Notify the current board member(s) whose term is up [Mike] COMPLETE
* 2019-07-03 - Call for Candidates Opens https://mailchi.mp/owasp/2019election ([https://owasp.wufoo.com/forms/m18o8vlr0svp1uk/ Apply Here!])
* 2019-07-03 - Submission for Questions From the Community for the Candidate Interviews - ([https://github.com/OWASP-Foundation/Board-Election-Call-for-Questions/issues/2 Submit a Question Here])
* 2019-07-10 - Email Reminder Call For Candidates & Questions from the Community https://mailchi.mp/owasp/2019election-222595
* 2019-07-17 - Email Reminder Call For Candidates & Questions from the Community https://mailchi.mp/owasp/2019election-222603
* 2019-07-24 - Email Reminder Call For Candidates & Questions from the Community https://mailchi.mp/owasp/2019election-222607
* 2019-07-31 - '''Deadline for Call for Candidates Closes'''
* 2019-07-31 - Deadline for Questions from the Community
* 2019-08-06 - Verification of candidates
* 2019-08-08 - Scheduling of group interviews
* 2019-08-13 - Candidates announced via email and social media
* 2019-08-15 - The 6-7 top questions from the community will be selected & shared with Candidates
* 2019-08-17 - Email Reminder Membership Required to Vote
* 2019-08-20 - Email Candidates with questions and guidelines for producing video and upload in 10 days.
* 2019-08-24 - Email Reminder Membership Required to Vote
* 2019-08-30 - Deadline for interview recordings to be completed
* 2019-09-06 - Recordings posted on the election wiki page
* 2019-09-06 - Email/Social Media notifying the community the recordings are posted
* 2019-09-07 - Final Email Reminder Membership Required to Vote
* 2019-09-13 - Paid Membership Deadline
* 2019-09-16 - '''Voting opens'''
* 2019-10-16 - '''Voting closes'''
* 2019-10-17 - Results shared with all candidates (morning per US Eastern time)
* 2019-10-17 - Results shared via email and social media (evening per US Eastern time)

== Notifying Email to Expiring Board Members ==

Dear Board Member,

As the 2019 Global Board of Directors election gets set to kick off this week, I wanted to reach out to you and thank you for all of the countless hours you have donated to the OWASP Foundation.

Come December 31, 2019 your term will be successfully fulfilled. According to the OWASP Foundation Bylaws you are eligible to run again in the upcoming election should you choose to run for the open Board seats.

Thank you again for your contributions in helping to improve the OWASP Foundation!

Ofer Maor 2019 Bio and Why me

2019-08-28T18:37:06Z

Ofer Maor:

==About Ofer==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

'''Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.'''

Link to my Video here:

==Why Me?==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, made me join the board in the first place and do the best I can to contribute to OWASP. I would like to continue the work I have started so that we can truly turn the page onto OWASPs next chapter, making it a leading global organization in the cybersecurity industry.
===Focus===
I plan to continue focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I am already working on and plan on continuing:
*'''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I took upon myself to be the lead board member, working with the staff, on changing our membership models to make OWASP a more professional organization, run by its members and better supported by the corporates in our industry. Some of these changes have already been made and published, while others are still in work and are likely to take effect over the course of the next 12-18 months.
*'''Chapters''': Chapters are one of the two main pillars OWASP thrives upon. Without our chapters we have no audience and can reach no one. Yet our chapters are not all the same. Some chapters are run very well and reach a great audience, while others are struggling and failing to get traction. In my upcoming term, should I get elected, I plan to put more emphasize on helping chapters run more professionally and more consistently, giving our members and target audience a better, more consistent experience worldwide.
*'''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I supported initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
*'''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

=== Relevant Experience ===
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
*I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
*I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
*I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
*For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
*I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
==Contact Me==
If you'd like to know more - feel free to reach out to me:
*Mail: ofer.maor@owasp.org
*Twitter: @OferMaor

Ofer Maor 2019 Bio and Why me

2019-08-28T08:40:13Z

Ofer Maor: Created page with "==About Ofer== I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 yea..."

==About Ofer==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

'''Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.'''

Link to my Video here:

==Why Me?==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.
===Focus===
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I plan to focus on include:
*'''Chapters:''' I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation. As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
*'''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue, while recognizing community contribution.
*'''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
*'''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

=== Relevant Experience ===
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
*I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
*I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
*I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
*For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
*I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
==Contact Me==
If you'd like to know more - feel free to reach out to me:
*Mail: ofer.maor@owasp.org
*Twitter: @OferMaor

August 2019

2019-08-14T13:27:57Z

Ofer Maor: added motion to update owasp board meetings

Meeting Date:
Aug 19

Meeting Time:
11 AM US Pacific - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=8&day=19&hour=18&min=0&sec=0&p1=16&p2=919&p3=78&p4=136&p5=137&p6=676 other time zones]

Meeting Location:
Remote

Virtual:
[https://zoom.us/j/282821949 Zoom Meeting Link] Meeting ID: 282 821 949 - [https://zoom.us/u/kvUg3969 local dial in numbers]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1uyvKi1yrisahNnZpT6cWUs6yMwje89PI2WvjhIMgkH4/edit?usp=sharing July 2019 Minutes]

REPORTS

OLD BUSINESS

NEW BUSINESS
- Announce Board F2F Discussion regarding Director Criteria

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
Suggested updates to the board meeting guidelines:
* The OWASP Board will hold a public 1-Hour Board Meeting once a month.
* All board meetings will be held by Zoom video conference. All board members and staff members are required to participate with their Video on.
* Board meetings are generally scheduled to be on the third Tuesday of each month, at 11am Pacific / 2pm Eastern / 8pm Central Europe timeframe.
* Board meeting schedule may be changed to address scheduling issues such as holidays, alignment with Global AppSec Conferences, etc. Changes must be announced no later than 2 weeks before the board meeting.
* All OWASP Board Members must attend at least 75% of public board meetings.
* In addition to the public board meetings, OWASP Board will hold executive board meetings. These are designed to prepare the public board meetings as well as discuss OWASP Staff and other issues with associated privacy aspects. With the exception of issues with privacy aspects (such as staff salaries, etc.) - all suggested motions coming up in these meetings will be presented in the next public board meeting.
* To ensure smooth operations of OWASP Board, the board will hold twice a year 2-days face-to-face executive board meetings. These will be held during two days prior to the two large Global AppSec events, one in Europe and one in the USA. All board members must attend these meetings.
* In addition, each January, following the nomination of the new board, a 4 Hours, video-based meeting will take place to discuss the initiatives for the new year and get the new board up and running.

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

User:Ofer Maor

2019-07-09T18:34:23Z

Ofer Maor: /* Chapter Board, OWASP Israel */

=== '''Ofer Maor''' ===

==== '''Director, Solutions Management, Synopsys''' ====

==== Member of the Board, OWASP ====
[[File:OferMaorProfile.jpg|thumb]]
A leading technology expert and entrepreneur with over 20 years of experience in information and application security. In the past two decades, I have been involved with a wide range of activities around information and application security, from hands on technology research, development, networking, IT and (ethical) hacking, through product building, strategy, marketing and sales, and all the way to M&A. In my current role I am part of an exciting journey with Synopsys (SNPS) to become the leader in Software Security & Quality through the acquisition and integration of various leading technologies and solutions in this space.

Prior to Synopsys I founded several security technology companies, the latter acquired by Synopsys, and the rest were all acquired or are public to date. As Founder and CTO of Seeker, now acquired by Synopsys, I've pioneered IAST, the next generation of application security testing technology, currently used by some of the largest organizations in the world to continuously improve their software security. Prior to Seeker I was the Founder and CTO of Hacktics, a world-leading security services group, later acquired by Ernst & Young, and was previously the leader of Imperva's Application Defense Center research group.

Over the past 15 years I have been involved with OWASP and its community, and was part of the journey of OWASP growing from a small initiative to the unquestionable standard in software security. Over the years I've been involved with multiple projects an activities within OWASP. I have served as the Chairman of OWASP Israel, and helped grow the Israeli community to over 1000 people, with over 500 attendees each year in our annual event. I've also served on the OWASP Global Membership Committee.

'''Links:'''

LinkedIn: https://www.linkedin.com/in/ofermaor/

Twitter: https://twitter.com/OferMaor

Ofer Maor 2018 Bio and Why me

2018-09-13T21:21:30Z

Ofer Maor: factual correction and spelling mistake.

== About Ofer ==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity to take part of different activities and wear different hats with OWASP through those years, seeing how OWASP has grown and evolved over the years from a tiny idea to what drives the industry standard in application security today.

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I can bring to the OWASP Board. I will strive to help the foundation to grow and improve so that it can better support the community which OWASP has always been and should be. I will work to keep this balance, so that OWASP can become even better than it is today.

=== Experience ===
I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
* I’ve been on the board of OWASP Israel for 9 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
* For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
* I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.

Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/

== Why Me? ==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.

=== Focus ===
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I plan to focus on include:
* '''Chapters:''' I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation. As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
* '''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue, while recognizing community contribution.
* '''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
* '''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

== Contact Me ==
If you'd like to know more - feel free to reach out to me:
* Mail: ofer.maor@owasp.org
* Twitter: @OferMaor

Ofer Maor 2018 Bio and Why me

2018-09-13T20:41:28Z

Ofer Maor: Contact Me Info

== About Ofer ==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity to take part of different activities and wear different hats with OWASP through those years, seeing how OWASP has grown and evolved over the years from a tiny idea to what drives the industry standard in application security today.

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I can bring to the OWASP Board. I will thrive to help the foundation to grow and improve so that it can better support the community which OWASP has always been and should be. I will work to keep this balance, so that OWASP can become even better than it is today.

=== Experience ===
I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
* I’ve been on the board of OWASP Israel for 9 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
* For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a single-day, single-track event with 100 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
* I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.

Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/

== Why Me? ==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.

=== Focus ===
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I plan to focus on include:
* '''Chapters:''' I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation. As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
* '''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue.
* '''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
* '''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

== Contact Me ==
If you'd like to know more - feel free to reach out to me:
* Mail: ofer.maor@owasp.org
* Twitter: @OferMaor

Ofer Maor 2018 Bio and Why me

2018-09-13T20:38:20Z

Ofer Maor: Recreated the page with my Board Candidacy information.

== About Ofer ==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity to take part of different activities and wear different hats with OWASP through those years, seeing how OWASP has grown and evolved over the years from a tiny idea to what drives the industry standard in application security today.

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I can bring to the OWASP Board. I will thrive to help the foundation to grow and improve so that it can better support the community which OWASP has always been and should be. I will work to keep this balance, so that OWASP can become even better than it is today.

=== Experience ===
I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
* I’ve been on the board of OWASP Israel for 9 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
* For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a single-day, single-track event with 100 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
* I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.

Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/

== Why Me? ==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.

=== Focus ===
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I plan to focus on include:
* '''Chapters:''' I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation. As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
* '''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue.
* '''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
* '''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

If you'd like to know more - feel free to reach out to me through my email at OWASP (ofer.maor@owasp.org) or my Twitter (@OferMaor)

User:Ofer Maor

2018-07-10T15:40:56Z

Ofer Maor: added line space

=== '''Ofer Maor''' ===

==== '''Director, Solutions Management, Synopsys''' ====

==== Chapter Board, OWASP Israel ====
[[File:OferMaorProfile.jpg|thumb]]
A leading technology expert and entrepreneur with over 20 years of experience in information and application security. In the past two decades, I have been involved with a wide range of activities around information and application security, from hands on technology research, development, networking, IT and (ethical) hacking, through product building, strategy, marketing and sales, and all the way to M&A. In my current role I am part of an exciting journey with Synopsys (SNPS) to become the leader in Software Security & Quality through the acquisition and integration of various leading technologies and solutions in this space.

Prior to Synopsys I founded several security technology companies, the latter acquired by Synopsys, and the rest were all acquired or are public to date. As Founder and CTO of Seeker, now acquired by Synopsys, I've pioneered IAST, the next generation of application security testing technology, currently used by some of the largest organizations in the world to continuously improve their software security. Prior to Seeker I was the Founder and CTO of Hacktics, a world-leading security services group, later acquired by Ernst & Young, and was previously the leader of Imperva's Application Defense Center research group.

Over the past 15 years I have been involved with OWASP and its community, and was part of the journey of OWASP growing from a small initiative to the unquestionable standard in software security. Over the years I've been involved with multiple projects an activities within OWASP. I have served as the Chairman of OWASP Israel, and helped grow the Israeli community to over 1000 people, with over 500 attendees each year in our annual event. I've also served on the OWASP Global Membership Committee.

'''Links:'''

LinkedIn: https://www.linkedin.com/in/ofermaor/

Twitter: https://twitter.com/OferMaor

User:Ofer Maor

2018-07-10T15:40:30Z

Ofer Maor: Added Links

User:Ofer Maor

2018-07-10T15:37:49Z

Ofer Maor: Updated Title, Bio and Headhost

File:OferMaorProfile.jpg

2018-07-10T15:27:51Z

Ofer Maor:

Ofer Maor Profile Picture

Appendix A: Testing Tools

2014-02-13T14:02:40Z

Ofer Maor:

{{Template:OWASP Testing Guide v4}}

==Open Source Black Box Testing tools==

=== General Testing ===

* '''[[OWASP_WebScarab_Project|OWASP WebScarab]]'''
** WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins.
* '''[[OWASP_CAL9000_Project|OWASP CAL9000]]'''
** CAL9000 is a collection of browser-based tools that enable more effective and efficient manual testing efforts.
** Includes an XSS Attack Library, Character Encoder/Decoder, HTTP Request Generator and Response Evaluator, Testing Checklist, Automated Attack Editor and much more.
* '''[[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]'''
** Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine. The primary goal of Pantera is to combine automated capabilities with complete manual testing to get the best penetration testing results.
* '''[[:OWASP Zed Attack Proxy Project]]'''
** The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
** ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
* '''[[:OWASP Mantra - Security Framework]]'''
**Mantra is a web application security testing framework built on top of a browser. It supports Windows, Linux(both 32 and 64 bit) and Macintosh, in addition, it can work with other software like ZAP using built in proxy management function which makes it much more convenient. Mantra is available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish.
* '''SPIKE''' - http://www.immunitysec.com/resources-freesoftware.shtml
** SPIKE designed to analyze new network protocols for buffer overflows or similar weaknesses. It requires a strong knowledge of C to use and only available for the Linux platform.
* '''Burp Proxy''' - http://www.portswigger.net/Burp/
** Burp Proxy is an intercepting proxy server for security testing of web applications it allows Intercepting and modifying all HTTP/S traffic passing in both directions, it can work with custom SSL certificates and non-proxy-aware clients.
* '''Odysseus Proxy''' - http://www.wastelands.gen.nz/odysseus/
** Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. It will intercept an HTTP session's data in either direction.
* '''Webstretch Proxy''' - http://sourceforge.net/projects/webstretch
** Webstretch Proxy enable users to view and alter all aspects of communications with a web site via a proxy. It can also be used for debugging during development.
* '''WATOBO''' - http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Main_Page
** WATOBO works like a local proxy, similar to Webscarab, ZAP or BurpSuite and it supports passive and active checks.
* '''Firefox LiveHTTPHeaders''' - https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
** View HTTP headers of a page and while browsing.
* '''Firefox Tamper Data''' - https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
** Use tamperdata to view and modify HTTP/HTTPS headers and post parameters
* '''Firefox Web Developer Tools''' - https://addons.mozilla.org/en-US/firefox/addon/web-developer/
** The Web Developer extension adds various web developer tools to the browser.
* '''DOM Inspector''' - https://developer.mozilla.org/en/docs/DOM_Inspector
** DOM Inspector is a developer tool used to inspect, browse, and edit the Document Object Model (DOM)
* '''Firefox Firebug''' - http://getfirebug.com/
** Firebug integrates with Firefox to edit, debug, and monitor CSS, HTML, and JavaScript.
* '''Grendel-Scan''' - http://securitytube-tools.net/index.php?title=Grendel_Scan
** Grendel-Scan is an automated security scanning of web applications and also supports manual penetration testing.
* '''OWASP SWFIntruder''' - http://www.mindedsecurity.com/swfintruder.html
** SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime.
* '''SWFScan''' - http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167
** Flash decompiler
* '''Wikto''' - http://www.sensepost.com/labs/tools/pentest/wikto
** Wikto features including fuzzy logic error code checking, a back-end miner, Google-assisted directory mining and real time HTTP request/response monitoring.
* '''w3af''' - http://w3af.org
** w3af is a Web Application Attack and Audit Framework. The project’s goal is finding and exploiting web application vulnerabilities.
* '''skipfish''' - http://code.google.com/p/skipfish/
** Skipfish is an active web application security reconnaissance tool.
* '''Web Developer toolbar''' - https://chrome.google.com/webstore/detail/bfbameneiokkgbdmiekhjnmfkcnldhhm
** The Web Developer extension adds a toolbar button to the browser with various web developer tools. This is the official port of the Web Developer extension for Firefox.
** '''HTTP Request Maker''' - https://chrome.google.com/webstore/detail/kajfghlhfkcocafkcjlajldicbikpgnp?hl=en-US
* Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests
** '''Cookie Editor''' - https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedifhccceomclgfbg?hl=en-US
* Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies
** '''Cookie swap''' - https://chrome.google.com/webstore/detail/dffhipnliikkblkhpjapbecpmoilcama?hl=en-US
* Swap My Cookies is a session manager, it manages cookies, letting you login on any website with several different accounts.
** '''Firebug lite for Chrome"" - https://chrome.google.com/webstore/detail/bmagokdooijbeehmkpknfglimnifench
*Firebug Lite is not a substitute for Firebug, or Chrome Developer Tools. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elemements with your mouse, and live editing CSS properties
** '''Session Manager"" - https://chrome.google.com/webstore/detail/bbcnbpafconjjigibnhbfmmgdbbkcjfi
*With Session Manager you can quickly save your current browser state and reload it whenever necessary. You can manage multiple sessions, rename or remove them from the session library. Each session remembers the state of the browser at its creation time, i.e the opened tabs and windows.

=== Testing for specific vulnerabilities ===

==== Testing for DOM XSS ====
* DOMinator Pro - https://dominator.mindedsecurity.com

==== Testing AJAX ====
* '''[[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]'''
==== Testing for SQL Injection ====
* '''[[:Category:OWASP_SQLiX_Project|OWASP SQLiX]]'''
* Sqlninja: a SQL Server Injection & Takeover Tool - http://sqlninja.sourceforge.net
* Bernardo Damele A. G.: sqlmap, automatic SQL injection tool - http://sqlmap.org/
* Absinthe 1.1 (formerly SQLSqueal) - http://sourceforge.net/projects/absinthe/
* SQLInjector - Uses inference techniques to extract data and determine the backend database server. http://www.databasesecurity.com/sql-injector.htm
* Bsqlbf-v2: A perl script allows extraction of data from Blind SQL Injections - http://code.google.com/p/bsqlbf-v2/
* Pangolin: An automatic SQL injection penetration testing tool - http://www.darknet.org.uk/2009/05/pangolin-automatic-sql-injection-tool/
* Antonio Parata: Dump Files by sql inference on Mysql - SqlDumper - http://www.ruizata.com/
* Multiple DBMS Sql Injection tool - SQL Power Injector - http://www.sqlpowerinjector.com/
* MySql Blind Injection Bruteforcing, Reversing.org - sqlbftools - http://packetstormsecurity.org/files/43795/sqlbftools-1.2.tar.gz.html

==== Testing Oracle ====
* TNS Listener tool (Perl) - http://www.jammed.com/%7Ejwa/hacks/security/tnscmd/tnscmd-doc.html
* Toad for Oracle - http://www.quest.com/toad
==== Testing SSL ====
* Foundstone SSL Digger - http://www.mcafee.com/us/downloads/free-tools/ssldigger.aspx
==== Testing for Brute Force Password ====
* THC Hydra - http://www.thc.org/thc-hydra/
* John the Ripper - http://www.openwall.com/john/
* Brutus - http://www.hoobie.net/brutus/
* Medusa - http://www.foofus.net/~jmk/medusa/medusa.html
*Ncat - http://nmap.org/ncat/

==== Testing Buffer Overflow ====
* OllyDbg - http://www.ollydbg.de
** "A windows based debugger used for analyzing buffer overflow vulnerabilities"
* Spike - http://www.immunitysec.com/downloads/SPIKE2.9.tgz
** A fuzzer framework that can be used to explore vulnerabilities and perform length testing
* Brute Force Binary Tester (BFB) - http://bfbtester.sourceforge.net
** A proactive binary checker

[[Category:FIXME|link not working

* Metasploit - http://www.metasploit.com/projects/Framework/
** A rapid exploit development and Testing frame work

]]
==== Fuzzer ====
* '''[[:Category:OWASP_WSFuzzer_Project|OWASP WSFuzzer]]'''
* Wfuzz - http://www.darknet.org.uk/2007/07/wfuzz-a-tool-for-bruteforcingfuzzing-web-applications/

==== Googling ====
* Stach & Liu's Google Hacking Diggity Project - http://www.stachliu.com/resources/tools/google-hacking-diggity-project/
* Foundstone Sitedigger (Google cached fault-finding) - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx

==Commercial Black Box Testing tools==

* NGS Typhon III - http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/information-security-software/ngs-typhon-iii/
* NGSSQuirreL - http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/information-security-software/ngs-squirrel-vulnerability-scanners/
* IBM AppScan - http://www-01.ibm.com/software/awdtools/appscan/
* Cenzic Hailstorm - http://www.cenzic.com/products_services/cenzic_hailstorm.php
* Burp Intruder - http://www.portswigger.net/burp/intruder.html
* Acunetix Web Vulnerability Scanner - http://www.acunetix.com
* Sleuth - http://www.sandsprite.com
* NT Objectives NTOSpider - http://www.ntobjectives.com/products/ntospider.php
* MaxPatrol Security Scanner - http://www.maxpatrol.com
* Ecyware GreenBlue Inspector - http://www.ecyware.com
* Parasoft SOAtest (more QA-type tool)- http://www.parasoft.com/jsp/products/soatest.jsp?itemId=101
* MatriXay - http://www.dbappsecurity.com/webscan.html
* N-Stalker Web Application Security Scanner - http://www.nstalker.com
* HP WebInspect - http://www.hpenterprisesecurity.com/products/hp-fortify-software-security-center/hp-webinspect
* SoapUI (Web Service security testing) - http://www.soapui.org/Security/getting-started.html
* Netsparker - http://www.mavitunasecurity.com/netsparker/
* SAINT - http://www.saintcorporation.com/
* QualysGuard WAS - http://www.qualys.com/enterprises/qualysguard/web-application-scanning/
* Retina Web - http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx

[[Category:FIXME|check these links

* Cenzic Hailstorm - http://www.cenzic.com/products_services/cenzic_hailstorm.php

link broken:

* ScanDo - http://www.kavado.com

]]

==Source Code Analyzers==

===Open Source / Freeware===
* [[:Category:OWASP_Orizon_Project|Owasp Orizon]]
* '''[[:Category:OWASP_LAPSE_Project|OWASP LAPSE]]'''
* [[OWASP O2 Platform]]
* Google CodeSearchDiggity - http://www.stachliu.com/resources/tools/google-hacking-diggity-project/attack-tools/
* PMD - http://pmd.sourceforge.net/
* FlawFinder - http://www.dwheeler.com/flawfinder
* Microsoft’s [[FxCop]]
* Splint - http://splint.org
* Boon - http://www.cs.berkeley.edu/~daw/boon
* FindBugs - http://findbugs.sourceforge.net
* Oedipus - http://www.darknet.org.uk/2006/06/oedipus-open-source-web-application-security-analysis/
* W3af - http://w3af.sourceforge.net/

[[Category:FIXME|broken link

* Pscan - http://www.striker.ottawa.on.ca/~aland/pscan

]]

===Commercial ===

* Armorize CodeSecure - http://www.armorize.com/index.php?link_id=codesecure
* Parasoft C/C++ test - http://www.parasoft.com/jsp/products/cpptest.jsp/index.htm
* Checkmarx CxSuite - http://www.checkmarx.com
* HP Fortify - http://www.hpenterprisesecurity.com/products/hp-fortify-software-security-center/hp-fortify-static-code-analyzer
* GrammaTech - http://www.grammatech.com
* ITS4 - http://seclab.cs.ucdavis.edu/projects/testing/tools/its4.html
* Appscan - http://www-01.ibm.com/software/rational/products/appscan/source/
* ParaSoft - http://www.parasoft.com
* Virtual Forge CodeProfiler for ABAP - http://www.virtualforge.de
* Veracode - http://www.veracode.com

[[Category:FIXME|link not working

* Armorize CodeSecure - http://www.armorize.com/product/

]]

==Acceptance Testing Tools==
Acceptance testing tools are used to validate the functionality of web applications. Some follow a scripted approach and typically make use of a Unit Testing framework to construct test suites and test cases. Most, if not all, can be adapted to perform security specific tests in addition to functional tests.

===Open Source Tools===

* WATIR - http://wtr.rubyforge.org
** A Ruby based web testing framework that provides an interface into Internet Explorer.
** Windows only.
* HtmlUnit - http://htmlunit.sourceforge.net
** A Java and JUnit based framework that uses the Apache HttpClient as the transport.
** Very robust and configurable and is used as the engine for a number of other testing tools.
* jWebUnit - http://jwebunit.sourceforge.net
** A Java based meta-framework that uses htmlunit or selenium as the testing engine.
* Canoo Webtest - http://webtest.canoo.com
** An XML based testing tool that provides a facade on top of htmlunit.
** No coding is necessary as the tests are completely specified in XML.
** There is the option of scripting some elements in Groovy if XML does not suffice.
** Very actively maintained.
* HttpUnit - http://httpunit.sourceforge.net
** One of the first web testing frameworks, suffers from using the native JDK provided HTTP transport, which can be a bit limiting for security testing.
* Watij - http://watij.com
** A Java implementation of WATIR.
** Windows only because it uses IE for its tests (Mozilla integration is in the works).
* Solex - http://solex.sourceforge.net
** An Eclipse plugin that provides a graphical tool to record HTTP sessions and make assertions based on the results.
* Selenium - http://seleniumhq.org/
** JavaScript based testing framework, cross-platform and provides a GUI for creating tests.
** Mature and popular tool, but the use of JavaScript could hamper certain security tests.

==Other Tools==

===Runtime Analysis===

* Rational PurifyPlus - http://www-01.ibm.com/software/awdtools/purify/
* Seeker by Quotium - http://www.quotium.com/prod/security.php

===Binary Analysis===

* BugScam IDC Package - http://sourceforge.net/projects/bugscam
* Veracode - http://www.veracode.com

===Requirements Management===

* Rational Requisite Pro - http://www-306.ibm.com/software/awdtools/reqpro

===Site Mirroring===
* wget - http://www.gnu.org/software/wget, http://www.interlog.com/~tcharron/wgetwin.html
* curl - http://curl.haxx.se
* Sam Spade - http://www.samspade.org
* Xenu's Link Sleuth - http://home.snafu.de/tilman/xenulink.html

Source Code Analysis Tools

2014-02-13T10:30:06Z

Ofer Maor:

Source Code Analysis tools are designed to analyze source code and/or compiled version of code in order to help find security flaws. Ideally, such tools would automatically find security flaws with a high degree of confidence that what is found is indeed a flaw. However, this is beyond the state of the art for many types of application security flaws. Thus, such tools frequently serve as aids for an analyst to help them zero in on security relevant portions of code so they can find flaws more efficiently, rather than a tool that simply finds flaws automatically.

Some tools are starting to move into the IDE. For the types of problems that can be detected during the software development phase itself, this is a powerful phase within the development lifecycle to employ such tools, as it provides immediate feedback to the developer on issues they might be introducing into the code during code development itself. This immediate feedback is very useful as compared to finding vulnerabilities much later in the development cycle.

==Strengths and Weaknesses of such tools==

=== Strengths ===
* Scales Well (Can be run on lots of software, and can be repeatedly (like in nightly builds))
* For things that such tools can automatically find with high confidence, such as buffer overflows, SQL Injection Flaws, etc. they are great.
* Output is good for developers - it highlights the precise source files and line numbers that are affected

=== Weaknesses ===
* Many types of security vulnerabilities are very difficult to find automatically, such as authentication problems, access control issues, insecure use of cryptography, etc. The current state of the art only allows such tools to automatically find a relatively small percentage of application security flaws. Tools of this type are getting better, however.
* High numbers of false positives.
* Frequently can't find configuration issues, since they are not represented in the code.
* Difficult to 'prove' that an identified security issue is an actual vulnerability.
* Many of these tools have difficulty analyzing code that can't be compiled. Analysts frequently can't compile code because they don't have the right libraries, all the compilation instructions, all the code, etc.

==Important Selection Criteria==

* Requirement: Must support your language, but not usually a key factor once it does.

* Types of Vulnerabilities it can detect (Out of the [[OWASP Top Ten]]?) (plus more?)
* Does it require a fully buildable set of source?
* Can it run against binaries instead of source?
* Can it be integrated into the developer's IDE?
* License cost for the tool. (Some are sold per user, per org, per app, per line of code analyzed. Consulting licenses are frequently different than end user licenses.)

==OWASP Tools Of This Type==
* [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
* [[OWASP_LAPSE_Project | OWASP LAPSE Project]]
* [[OWASP O2 Platform]]

==Disclaimer==

Disclaimer: The tools listed in the tables below are presented in alphabetical order. OWASP does not endorse any of the Vendors or Tools by listing them in the table below. We have made every effort to provide this information as accurately as possible. If you are the vendor of a tool below and think that this information is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

==Open Source or Free Tools Of This Type==

* [http://www.stachliu.com/resources/tools/google-hacking-diggity-project/attack-tools/ Google CodeSearchDiggity] - Utilizes Google Code Search to identifies vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, Github, and more. The tool comes with over 130 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, and much more. ''Essentially, Google CodeSearchDiggity provides a source code security analysis of nearly every single open source code project in existence – simultaneously.''
* [http://findbugs.sourceforge.net/ FindBugs] - Find Bugs (including some security flaws) in Java Programs
* [http://msdn.microsoft.com/en-us/library/bb429476(VS.80).aspx FxCop] (Microsoft) - FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements.
* [http://pmd.sourceforge.net/ PMD] - PMD scans Java source code and looks for potential code problems (this is a code quality tool that does not focus on security issues)
* [http://msdn.microsoft.com/en-us/library/ms933794.aspx PreFast] (Microsoft) - PREfast is a static analysis tool that identifies defects in C/C++ programs
* [https://www.fortify.com/ssa-elements/threat-intelligence/rats.html RATS] (Fortify) - Scans C, C++, Perl, PHP and Python source code for security problems like buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions
* [https://www.owasp.org/index.php/Category:OWASP_SWAAT_Project OWASP SWAAT Project] - Simplistic Beta Tool - Languages: Java, JSP, ASP .Net, and PHP
* [http://www.dwheeler.com/flawfinder/ Flawfinder] Flawfinder - Scans C and C++
* [http://sourceforge.net/projects/rips-scanner/ RIPS] - RIPS is a static source code analyzer for vulnerabilities in PHP web applications
* [http://brakemanscanner.org/ Brakeman] - Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications
* [http://rubygems.org/gems/codesake-dawn Codesake Dawn] - Codesake Dawn is an open source security source code analyzer designed for Sinatra, Padrino and Ruby on Rails applications. It can work also for non web application wrote in Ruby programming language
* [http://sourceforge.net/projects/visualcodegrepp/ VCG] - Scans C/C++, Java, C# and PL/SQL for security issues and for comments which may indicate defective code. The config files can be used to carry out additional checks for banned functions or functions which commonly cause security issues.

==Commercial Tools Of This Type==

* [http://www.contrastsecurity.com/ Contrast from Contrast Security] (Contrast Security is a subsidiary of [https://www.aspectsecurity.com/ Aspect Security])
** Contrast is not a static analysis tool like these others. It instruments the running application and provides code level results, but doesn't actually performing static analysis.
* [http://www-01.ibm.com/software/rational/products/appscan/source/ IBM Security AppScan Source Edition] (formerly Ounce)
* [http://www.klocwork.com/products/insight.asp Insight] (KlocWork)
* [http://www.parasoft.com/jsp/capabilities/static_analysis.jsp?itemId=547 Parasoft Test] (Parasoft)
* [http://www.quotium.com/prod/security.php Seeker] ([http://www.quotium.com/ Quotium])
** Seeker performs code security without actually doing static analysis. Seeker does Interactive Application Security Testing (IAST), correlating runtime code & data analysis with simulated attacks. It provides code level results without actually relying on static analysis.
* [http://www.sourcepatrol.co.uk/ Source Patrol] (Pentest)
* [http://www.armorize.com/codesecure/ Static Source Code Analysis with CodeSecure™] (Armorize Technologies)
* [http://www.checkmarx.com/technology/static-code-analysis-sca/ Static Code Analysis] (Checkmarx)
* [http://www.coverity.com/products/security-advisor.html Security Advisor] (Coverity)
* [https://www.fortify.com/products/hpfssc/source-code-analyzer.html Source Code Analysis] (HP/Fortify)
* [http://www.veracode.com/ Veracode] (Veracode)

==More Info==

* TODO: add comments from: http://lists.owasp.org/pipermail/owasp-dotnet/2006-August/000002.html
* [[Appendix_A:_Testing_Tools | Appendix A: Testing Tools]]
* [http://samate.nist.gov/index.php/Source_Code_Security_Analyzers NIST's list of Source Code Security Analysis Tools]

[[Category:OWASP .NET Project]]

__NOTOC__

Source Code Analysis Tools

2014-02-13T10:05:55Z

Ofer Maor:

Source Code Analysis tools are designed to analyze source code and/or compiled version of code in order to help find security flaws. Ideally, such tools would automatically find security flaws with a high degree of confidence that what is found is indeed a flaw. However, this is beyond the state of the art for many types of application security flaws. Thus, such tools frequently serve as aids for an analyst to help them zero in on security relevant portions of code so they can find flaws more efficiently, rather than a tool that simply finds flaws automatically.

Some tools are starting to move into the IDE. For the types of problems that can be detected during the software development phase itself, this is a powerful phase within the development lifecycle to employ such tools, as it provides immediate feedback to the developer on issues they might be introducing into the code during code development itself. This immediate feedback is very useful as compared to finding vulnerabilities much later in the development cycle.

==Strengths and Weaknesses of such tools==

=== Strengths ===
* Scales Well (Can be run on lots of software, and can be repeatedly (like in nightly builds))
* For things that such tools can automatically find with high confidence, such as buffer overflows, SQL Injection Flaws, etc. they are great.
* Output is good for developers - it highlights the precise source files and line numbers that are affected

=== Weaknesses ===
* Many types of security vulnerabilities are very difficult to find automatically, such as authentication problems, access control issues, insecure use of cryptography, etc. The current state of the art only allows such tools to automatically find a relatively small percentage of application security flaws. Tools of this type are getting better, however.
* High numbers of false positives.
* Frequently can't find configuration issues, since they are not represented in the code.
* Difficult to 'prove' that an identified security issue is an actual vulnerability.
* Many of these tools have difficulty analyzing code that can't be compiled. Analysts frequently can't compile code because they don't have the right libraries, all the compilation instructions, all the code, etc.

==Important Selection Criteria==

* Requirement: Must support your language, but not usually a key factor once it does.

* Types of Vulnerabilities it can detect (Out of the [[OWASP Top Ten]]?) (plus more?)
* Does it require a fully buildable set of source?
* Can it run against binaries instead of source?
* Can it be integrated into the developer's IDE?
* License cost for the tool. (Some are sold per user, per org, per app, per line of code analyzed. Consulting licenses are frequently different than end user licenses.)

==OWASP Tools Of This Type==
* [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
* [[OWASP_LAPSE_Project | OWASP LAPSE Project]]
* [[OWASP O2 Platform]]

==Disclaimer==

Disclaimer: The tools listed in the tables below are presented in alphabetical order. OWASP does not endorse any of the Vendors or Tools by listing them in the table below. We have made every effort to provide this information as accurately as possible. If you are the vendor of a tool below and think that this information is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

==Open Source or Free Tools Of This Type==

* [http://www.stachliu.com/resources/tools/google-hacking-diggity-project/attack-tools/ Google CodeSearchDiggity] - Utilizes Google Code Search to identifies vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, Github, and more. The tool comes with over 130 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, and much more. ''Essentially, Google CodeSearchDiggity provides a source code security analysis of nearly every single open source code project in existence – simultaneously.''
* [http://findbugs.sourceforge.net/ FindBugs] - Find Bugs (including some security flaws) in Java Programs
* [http://msdn.microsoft.com/en-us/library/bb429476(VS.80).aspx FxCop] (Microsoft) - FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements.
* [http://pmd.sourceforge.net/ PMD] - PMD scans Java source code and looks for potential code problems (this is a code quality tool that does not focus on security issues)
* [http://msdn.microsoft.com/en-us/library/ms933794.aspx PreFast] (Microsoft) - PREfast is a static analysis tool that identifies defects in C/C++ programs
* [https://www.fortify.com/ssa-elements/threat-intelligence/rats.html RATS] (Fortify) - Scans C, C++, Perl, PHP and Python source code for security problems like buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions
* [https://www.owasp.org/index.php/Category:OWASP_SWAAT_Project OWASP SWAAT Project] - Simplistic Beta Tool - Languages: Java, JSP, ASP .Net, and PHP
* [http://www.dwheeler.com/flawfinder/ Flawfinder] Flawfinder - Scans C and C++
* [http://sourceforge.net/projects/rips-scanner/ RIPS] - RIPS is a static source code analyzer for vulnerabilities in PHP web applications
* [http://brakemanscanner.org/ Brakeman] - Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications
* [http://rubygems.org/gems/codesake-dawn Codesake Dawn] - Codesake Dawn is an open source security source code analyzer designed for Sinatra, Padrino and Ruby on Rails applications. It can work also for non web application wrote in Ruby programming language
* [http://sourceforge.net/projects/visualcodegrepp/ VCG] - Scans C/C++, Java, C# and PL/SQL for security issues and for comments which may indicate defective code. The config files can be used to carry out additional checks for banned functions or functions which commonly cause security issues.

==Commercial Tools Of This Type==

* [http://www.contrastsecurity.com/ Contrast from Contrast Security] (Contrast Security is a subsidiary of [https://www.aspectsecurity.com/ Aspect Security])
** Contrast is not a static analysis tool like these others. It instruments the running application and provides code level results, but doesn't actually performing static analysis.
* [http://www-01.ibm.com/software/rational/products/appscan/source/ IBM Security AppScan Source Edition] (formerly Ounce)
* [http://www.klocwork.com/products/insight.asp Insight] (KlocWork)
* [http://www.parasoft.com/jsp/capabilities/static_analysis.jsp?itemId=547 Parasoft Test] (Parasoft)
* [http://www.quotium.com/prod/security.php Seeker] ([http://www.quotium.com/ Quotium])
** Seeker is not a static code analysis tool. It is an Interactive Application Security Testing, correlating runtime code & data analysis with simulated attacks. It provides code level results through runtime analysis rather than static analysis.
* [http://www.sourcepatrol.co.uk/ Source Patrol] (Pentest)
* [http://www.armorize.com/codesecure/ Static Source Code Analysis with CodeSecure™] (Armorize Technologies)
* [http://www.checkmarx.com/technology/static-code-analysis-sca/ Static Code Analysis] (Checkmarx)
* [http://www.coverity.com/products/security-advisor.html Security Advisor] (Coverity)
* [https://www.fortify.com/products/hpfssc/source-code-analyzer.html Source Code Analysis] (HP/Fortify)
* [http://www.veracode.com/ Veracode] (Veracode)

==More Info==

* TODO: add comments from: http://lists.owasp.org/pipermail/owasp-dotnet/2006-August/000002.html
* [[Appendix_A:_Testing_Tools | Appendix A: Testing Tools]]
* [http://samate.nist.gov/index.php/Source_Code_Security_Analyzers NIST's list of Source Code Security Analysis Tools]

[[Category:OWASP .NET Project]]

__NOTOC__

OWASP Top10 Hebrew

2012-09-02T20:45:10Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
OWASP Top 10 Hebrew Edition is available in PDF format. 
Download at [[Media:OWASP_Top_10_Heb.pdf]]

== Credit ==
The Migration of OWASP Top 10 to Hebrew is lead by Or Katz, OWASP Israel Board Member. 
 
Other Contributors (Translation/Editing/etc.): 
Eyal Estrin 
Shay Sivan 
Assaf Reshef 
Boaz Shunami 
Guilad Regev 
Uri Fleyder 
Hemed Gur Ari 
Rotem Matok 
Igor Livshitz 
Limor Kessem 
Shlomi Gagulashvili 
Nadav Atias 
Robert Moskovitz 
Eliraz Broyer

OWASP Top10 Hebrew

2012-09-02T20:44:02Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
OWASP Top 10 Hebrew Edition is available in PDF format. 
Download at [[Media:OWASP_Top_10_Heb.pdf]]

== Credit ==
The project leader is Or Katz. 
 
Contributors: 
Eyal Estrin 
Shay Sivan 
Assaf Reshef 
Boaz Shunami 
Guilad Regev 
Uri Fleyder 
Hemed Gur Ari 
Rotem Matok 
Igor Livshitz 
Limor Kessem 
Shlomi Gagulashvili 
Nadav Atias 
Robert Moskovitz 
Eliraz Broyer

OWASP Top10 Hebrew

2012-09-02T20:41:16Z

Ofer Maor:

OWASP Top10 Hebrew

2012-09-02T20:41:08Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
OWASP Top 10 Hebrew Edition is available in PDF format.
Download at [[Media:OWASP_Top_10_Heb.pdf]]

== Credit ==
The project leader was Or Katz. 
 
Contributors: 
... 
... 
...

OWASP Top10 Hebrew

2012-09-02T20:40:04Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
Download at [[Media:OWASP_Top_10_Heb.pdf OWASP_Top_10_Heb.pdf]]

== Credit ==
The project leader was Or Katz. 
 
Contributors: 
... 
... 
...

OWASP Top10 Hebrew

2012-09-02T20:38:58Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
Download at [[File:OWASP_Top_10_Heb.pdf]]

== Credit ==
The project leader was Or Katz. 
 
Contributors: 
... 
... 
...

OWASP Top10 Hebrew

2012-09-02T20:38:21Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
Click for download [[Media:OWASP_Top_10_Heb.pdf]]

== Credit ==
The project leader was Or Katz. 
 
Contributors: 
... 
... 
...

File:OWASP Top 10 Heb.pdf

2012-09-02T20:37:28Z

Ofer Maor:

OWASP Top10 Hebrew

2012-09-02T20:36:29Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
Click for download

== Credit ==
The project leader was Or Katz. 
 
Contributors: 
... 
... 
...

OWASP Top10 Hebrew

2012-09-02T20:36:13Z

Ofer Maor:

== About ==
Welcome to OWASP Top 10 Hebrew Edition

== OWASP Top 10 Hebrew Edition ==
Click for download

== Credit ==
The project leader was Or Katz.
Contributors:
...
...
...

OWASP Top10 Hebrew

2012-09-02T20:35:03Z

Ofer Maor: Created page with " == OWASP Top 10 Hebrew =="

== OWASP Top 10 Hebrew ==

Template:OWASP IL 2012 Agenda

2012-09-01T17:07:01Z

Ofer Maor:

{| style="border-collapse: collapse; border-width: 1px; border-style: solid; border-color: #000" cellpadding=2
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D;white-space:nowrap" width="90" height="40" align="center" valign="center" | 08:45-09:15
| align=center valign="center" colspan=2 style="border-style: solid; border-width: 1px;font-size:12pt" | '''Registration, Gathering, Socializing & Networking'''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 09:15-09:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Opening Words''' 
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP'' 
''Dr. Anat Bremler-Barr, Efi Arazi School of Computer Science, IDC''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 09:45-10:10
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt"| '''OWASP Top 10 Hebrew Edition'''
''Or Katz, OWASP Israel Board''
|- style="border-style: solid; border-width: 1px;font-size:12pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="30" align="right" valign="center" |  
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Breakers (Track #1)'''
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Defenders (Track #2)'''

|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 10:15-11:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" | '''The Diviner – Digital Clairvoyance: Getting an Insight Into Server Code & Memory Using Blackbox Techniques''' 
''Shay Chen, CTO, Hacktics ASC, Ernst & Young'' 
''Eran Tamari, Team Leader, Hacktics ASC, Ernst & Young''
| align="center" valign="top" style="font-size:11pt" | '''Case Study: Providing Secure SDLC in an Agile Environment Using ESAPI '''
''Yair Rovek, Security Specialist, Liveperson''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 11:00-11:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 11:15-12:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''FYI: You've Got LFI'''
''Tal Beery, Web Security Research Team Leader, Imperva''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST '''
''Ofer Maor, CTO, Quotium''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 12:00-12:30
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Zip It! – Owning Archived File Uploads '''
''Alex Landa, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Secure Development Lifecycle – Lessons Learned '''
''Boaz Shunami, Founder, Komodo Consulting''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 12:30-13:30
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Lunch Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 13:30-14:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Advanced Pen-Testing of iPhone Applications'''
''Chilik Tamir, Chief Scientist, AppSec Labs ''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Positive Logic XSS Detection & Prevention using Generalized JavaScript Assembly '''
''Tsvi Cherny, Interdisciplinary Center''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 14:15-15:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Attacking Android Mobile Applications'''
''Erez Metula, Founder, AppSec Labs''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Application Counter Attack'''
''Ziv Gadot, SOC Team Leader, Radware''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 15:00-15:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:15-15:45
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''The Dark World of Mobile Payments'''
''Nir Valtman, CSO, Retalix''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Identifying Maladvertisements'''
''Maty Siman, CTO, Checkmarx'' ''Meny Duek, Director of R&D, Mediamind''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:45-16:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Stylish XSS: Fonts Name Injection'''
''Adi Cohen, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''My Authentication Album: Adaptive Image-Based Login Mechanism '''
''Ronen Margulis, Bar Ilan University''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:15-16:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Guest Lecture   The New art of WAR & PEACE- a REAL FANTASY''' A drill down to the "money time": Was Iran Stuxnet’s main target? how economy is a battle zone? 
''Guy Phillip Goldstein (Author of "Babel Minute Zero")''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:45-17:00
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''End Notes'''  
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP''
|}

Template:OWASP IL 2012 Agenda

2012-08-30T15:11:14Z

Ofer Maor:

{| style="border-collapse: collapse; border-width: 1px; border-style: solid; border-color: #000" cellpadding=2
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D;white-space:nowrap" width="90" height="40" align="center" valign="center" | 08:45-09:15
| align=center valign="center" colspan=2 style="border-style: solid; border-width: 1px;font-size:12pt" | '''Registration, Gathering, Socializing & Networking'''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 09:15-09:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Opening Words''' 
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP'' 
''Dr. Anat Bremler-Barr, Efi Arazi School of Computer Science, IDC''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 09:45-10:10
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt"| '''OWASP Top 10 Hebrew Edition'''
''Or Katz, OWASP Israel Board''
|- style="border-style: solid; border-width: 1px;font-size:12pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="30" align="right" valign="center" |  
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Breakers (Track #1)'''
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Defenders (Track #2)'''

|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 10:15-11:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" | '''The Diviner – Digital Clairvoyance: Getting an Insight Into Server Code & Memory Using Blackbox Techniques''' 
''Shay Chen, CTO, Hacktics ASC, Ernst & Young'' 
''Eran Tamari, Team Leader, Hacktics ASC, Ernst & Young''
| align="center" valign="top" style="font-size:11pt" | '''Case Study: Providing Secure SDLC in an Agile Environment Using ESAPI '''
''Yair Rovek, Security Specialist, Liveperson''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 11:00-11:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 11:15-12:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''FYI: You've Got LFI'''
''Tal Beery, Web Security Research Team Leader, Imperva''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST '''
''Ofer Maor, CTO, Quotium''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 12:00-12:30
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Zip It! – Owning Archived File Uploads '''
''Alex Landa, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Secure Development Lifecycle – Lessons Learned '''
''Boaz Shunami, Founder, Komodo Consulting''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 12:30-13:30
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Lunch Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 13:30-14:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Advanced Pen-Testing of iPhone Applications'''
''Chilik Tamir, Chief Scientist, AppSec Labs ''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Positive Logic XSS Detection & Prevention using Generalized JavaScript Assembly '''
''Tsvi Cherny, Interdisciplinary Center''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 14:15-15:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Attacking Android Mobile Applications'''
''Erez Metula, Founder, AppSec Labs''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Application Counter Attack'''
''Ziv Gadot, SOC Team Leader, Radware''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 15:00-15:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:15-15:45
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''The Dark World of Mobile Payments'''
''Niv Valtman, CSO, Retalix''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Identifying Maladvertisements'''
''Maty Siman, CTO, Checkmarx'' ''Meny Duek, Director of R&D, Mediamind''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:45-16:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Stylish XSS: Fonts Name Injection'''
''Adi Cohen, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''My Authentication Album: Adaptive Image-Based Login Mechanism '''
''Ronen Margulis, Bar Ilan University''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:15-16:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Guest Lecture   The New art of WAR & PEACE- a REAL FANTASY''' A drill down to the "money time": Was Iran Stuxnet’s main target? how economy is a battle zone? 
''Guy Phillip Goldstein (Author of "Babel Minute Zero")''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:45-17:00
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''End Notes'''  
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP''
|}

OWASP Israel 2012

2012-08-30T15:09:53Z

Ofer Maor:

== Location and Time ==

The 2012 annual OWASP Israel conference will be held at the Interdisciplinary Center Herzliya (IDC) on September 5th in the Efi Arazi school of computer science.

The conference is sponsored by:

{{Template:OWASP_IL_2012_Sponsors}}

For further details contact Ofer Maor (ofer.maor at owasp.org)

== Registration ==

'''OWASP Israel 2012 is FREE!'''

Early registration is, however, required. '''YOU MUST REGISTER TO GUARANTEE YOUR ADMISSION.'''

While attending the conference is free, '''we urge you to take this opportunity to become an OWASP Member''', supporting the OWASP cause and gaining additional benefits.

Please register at '''[http://www.cvent.com/d/1cqwcq OWASP AppSec Israel 2012 Registration Page]'''

== Agenda ==

{{Template:OWASP_IL_2012_Agenda}}

== The people behind the conference ==

OWASP Israel is made by the people who contribute their time and brain to its success. The following people are working to ensure that OWASP Israel 2012 is a success. If you feel that you also can contribute or have interesting ideas regarding the conference, don't hesitate to contact me.

[[Category:Israel]] [[Category:OWASP_Israel_2012]]

Template:OWASP IL 2012 Sponsors

2012-08-30T14:55:45Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|
|     [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|
|-
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|     [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|-
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|                [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
| [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg] [http://www.hp.com/ https://www.owasp.org/images/6/6c/HPLogoIL.png]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

Template:OWASP IL 2012 Sponsors

2012-08-30T14:55:26Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|
|-
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|     [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|-
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|                [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
| [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg] [http://www.hp.com/ https://www.owasp.org/images/6/6c/HPLogoIL.png]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

Template:OWASP IL 2012 Sponsors

2012-08-30T14:54:54Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|
|-
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|-
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
| [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg] [http://www.hp.com/ https://www.owasp.org/images/6/6c/HPLogoIL.png]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

File:HPLogoIL.png

2012-08-30T14:53:45Z

Ofer Maor: uploaded a new version of "File:HPLogoIL.png"

Template:OWASP IL 2012 Sponsors

2012-08-30T14:53:09Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
| [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg] [http://www.hp.com/ https://www.owasp.org/images/6/6c/HPLogoIL.png]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

File:HPLogoIL.png

2012-08-30T14:52:37Z

Ofer Maor:

Template:OWASP IL 2012 Sponsors

2012-08-30T14:52:16Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
| [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

File:SecOZ-ILLogo.jpg

2012-08-30T14:51:29Z

Ofer Maor: uploaded a new version of "File:SecOZ-ILLogo.jpg"

Template:OWASP IL 2012 Sponsors

2012-08-30T14:46:26Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]   [http://www.foresight-air.com/ https://www.owasp.org/images/c/c1/ForesightIL.jpg]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
|       [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

File:RafaelLogo.jpg

2012-08-30T07:36:45Z

Ofer Maor: uploaded a new version of "File:RafaelLogo.jpg"

Template:OWASP IL 2012 Sponsors

2012-08-30T07:35:58Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
|       [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg]
|   [//http://www.rafael.co.il/ https://www.owasp.org/images/3/31/RafaelLogo.jpg]
|}

File:RafaelLogo.jpg

2012-08-30T07:34:46Z

Ofer Maor:

Template:OWASP IL 2012 Agenda

2012-08-30T07:22:25Z

Ofer Maor:

{| style="border-collapse: collapse; border-width: 1px; border-style: solid; border-color: #000" cellpadding=2
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D;white-space:nowrap" width="90" height="40" align="center" valign="center" | 08:45-09:15
| align=center valign="center" colspan=2 style="border-style: solid; border-width: 1px;font-size:12pt" | '''Registration, Gathering, Socializing & Networking'''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 09:15-09:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Opening Words''' 
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 09:45-10:10
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt"| '''OWASP Top 10 Hebrew Edition'''
''Or Katz, OWASP Israel Board''
|- style="border-style: solid; border-width: 1px;font-size:12pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="30" align="right" valign="center" |  
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Breakers (Track #1)'''
| style="border-style: solid; border-width: 1px;" valign="center" align="center" width=500 | '''Defenders (Track #2)'''

|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 10:15-11:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" | '''The Diviner – Digital Clairvoyance: Getting an Insight Into Server Code & Memory Using Blackbox Techniques''' 
''Shay Chen, CTO, Hacktics ASC, Ernst & Young'' 
''Eran Tamari, Team Leader, Hacktics ASC, Ernst & Young''
| align="center" valign="top" style="font-size:11pt" | '''Case Study: Providing Secure SDLC in an Agile Environment Using ESAPI '''
''Yair Rovek, Security Specialist, Liveperson''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 11:00-11:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 11:15-12:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''FYI: You've Got LFI'''
''Tal Beery, Web Security Research Team Leader, Imperva''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST '''
''Ofer Maor, CTO, Quotium''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 12:00-12:30
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Zip It! – Owning Archived File Uploads '''
''Alex Landa, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Secure Development Lifecycle – Lessons Learned '''
''Boaz Shunami, Founder, Komodo Consulting''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 12:30-13:30
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Lunch Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 13:30-14:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Advanced Pen-Testing of iPhone Applications'''
''Chilik Tamir, Chief Scientist, AppSec Labs ''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Positive Logic XSS Detection & Prevention using Generalized JavaScript Assembly '''
''Tsvi Cherny, Interdisciplinary Center''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 14:15-15:00
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Attacking Android Mobile Applications'''
''Erez Metula, Founder, AppSec Labs''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Application Counter Attack'''
''Ziv Gadot, SOC Team Leader, Radware''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="40" align="center" valign="center" | 15:00-15:15
| valign="center" align="center" style="border-style: solid; border-width: 1px;font-size:12pt" colspan="2" | '''Coffee Break'''
|- style="border-style: solid; border-width: 1px;font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:15-15:45
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''The Dark World of Mobile Payments'''
''Niv Valtman, CSO, Retalix''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Identifying Maladvertisements'''
''Maty Siman, CTO, Checkmarx'' ''Meny Duek, Director of R&D, Mediamind''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" height="25" align="center" valign="center" | 15:45-16:15
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''Stylish XSS: Fonts Name Injection'''
''Adi Cohen, Security Researcher, IBM''
| align="center" valign="top" style="border-style: solid; border-width: 1px;font-size:11pt" cellpadding=5 | '''My Authentication Album: Adaptive Image-Based Login Mechanism '''
''Ronen Margulis, Bar Ilan University''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:15-16:45
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''Guest Lecture   The New art of WAR & PEACE- a REAL FANTASY''' A drill down to the "money time": Was Iran Stuxnet’s main target? how economy is a battle zone? 
''Guy Phillip Goldstein (Author of "Babel Minute Zero")''
|- style="font-size:10pt"
|style="border-style: solid; border-width: 1px;color:#1F497D" align="center" valign="center" | 16:45-17:00
| align=center valign="center" colspan="2" style="border-style: solid; border-width: 1px;font-size:11pt" | '''End Notes'''  
''Ofer Maor - Chairman, OWASP Israel; Global Membership Committee, OWASP''
|}

Template:OWASP IL 2012 Sponsors

2012-08-30T06:05:26Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.quotium.com https://www.owasp.org/images/5/56/LogoQuotium.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
|       [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg]

|}

File:RadwareIL-Logo.jpg

2012-08-29T20:06:14Z

Ofer Maor: uploaded a new version of "File:RadwareIL-Logo.jpg"

Template:OWASP IL 2012 Sponsors

2012-08-29T20:05:38Z

Ofer Maor:

{|
|
|      [[File:GoldIL.png]]
|
|-
|   [http://www.idc.ac.il https://www.owasp.org/images/f/f1/OWASP_IL_Sponsors_IDC_New.JPG]
|     [http://www.seekersec.com https://www.owasp.org/images/4/45/SeekerIL.png]
|   [http://www.imperva.com https://www.owasp.org/images/8/89/OWASP_IL_Sponsors_Imperva.png]
|-
|   [http://www.ey.com https://www.owasp.org/images/3/34/EY-IL.jpg]
|   [http://www.akamai.com https://www.owasp.org/images/9/93/Akamai_logoIL.gif]
|              [http://www.ibm.com/ https://www.owasp.org/images/a/a5/IBM-IL.png]
|-
|
| [http://www.radware.com https://www.owasp.org/images/a/a3/RadwareIL-Logo.jpg]
|-
 
|  
|-
|  
|  
|-
|
|   [[File:SilverIL.png]]
|
|-
|     [http://www.grsee.co.il https://www.owasp.org/images/0/0d/GRSEEIL.jpg]
|    [http://www.liveperson.com/ https://www.owasp.org/images/3/33/LivepersonIL.png]  
|   [http://www.rsa.com https://www.owasp.org/images/5/5e/RSA-IL.png]
|-
|   [http://www.komodosec.com/ https://www.owasp.org/images/0/03/Komodo-small.jpg]
|       [http://www.secoz.com/ https://www.owasp.org/images/4/4e/SecOZ-ILLogo.jpg]

|}

File:RadwareIL-Logo.jpg

2012-08-29T20:05:23Z

Ofer Maor: uploaded a new version of "File:RadwareIL-Logo.jpg"