OWASP Israel 2009 05 - Revision history

Oshezaf: /* Automation Attacks and Counter Measures */

2009-05-10T14:39:22Z

‎Automation Attacks and Counter Measures

Oshezaf at 11:39, 10 May 2009

2009-05-10T11:39:59Z

Oshezaf: New page: The meeting was held on May 7th 2009 and was hosted by IBM in Park Azorim in Petach-Tikva ([http://www.xiom.com/owasp-meeting-7-5-2009 Hebrew Version]) '''Web-Based Man-in-the-Middle Att...

2009-05-10T11:39:27Z

New page: The meeting was held on May 7th 2009 and was hosted by IBM in Park Azorim in Petach-Tikva ([http://www.xiom.com/owasp-meeting-7-5-2009 Hebrew Version]) '''Web-Based Man-in-the-Middle Att...

New page

The meeting was held on May 7th 2009 and was hosted by IBM in Park Azorim in Petach-Tikva

([http://www.xiom.com/owasp-meeting-7-5-2009 Hebrew Version])

'''Web-Based Man-in-the-Middle Attack'''
Adi Sharabani, IBM

We've all known for a long time that using a public wireless network is risky. We all think twice before logging into our bank account or accessing any kind of sensitive information. But what about simply reading the news on our favorite news site?
In this presentation, we will show how using a public network can expose you to practically any web-related client-side security issue on any domain, no matter how careful you think you're being. These issues range from XSS on any domain, through CSRF, to leaking of browser data and more.

We will show how the currently known best practices, which are supposed to keep you from harm when reading a blog in the neighborhood coffee shop, may be overcome. We'll demonstrate how such best practices, like those listed in http://www.microsoft.com/protect/yourself/mobile/publicwireless.mspx, are only useful against what we call "passive" attacks, which are passively gathering data from the network. We will introduce a new type of attack coined "Active attacks", and see how they easily work around a careful user's attempt to browse responsibly in a public network. We will demonstrate how these attacks can steal information from past browsing activities. and how they can monitor your future browsing, inside the safety of your home and your organization's networks.

Further Information: [http://blog.watchfire.com/AMitM.ppt Presentation] | [http://blog.watchfire.com/AMitM.pdf White Paper] | [http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html Blog]

'''Automation Attacks and Counter Measures'''
Ofer Shezaf, [http://www.xiom.com Xiom]

Abuse of web applications using automated program is becoming a major threat to web sites. Some attacks such as brute force and denial of service are clearly illegal, while others fall in the grey area of the law but harm the business of the web site owner. Example of grey area automation attacks are robots that play online gambling or automatic participation in online tenders.

The presentation will show several interesting automation incident and discuss the cat and mouse game between attackers and site owners in which the later are creating new defenses while the former are making the attacks more sophisticated. Lastly we will present novel ideas as to how to make sites mitigate automation attacks better.

Further Information: [http://www.owasp.org/images/c/c1/OWASP_IL_-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.ppt Presentation]

← Older revision		Revision as of 14:39, 10 May 2009
Line 22:		Line 22:
	The presentation will show several interesting automation incident and discuss the cat and mouse game between attackers and site owners in which the later are creating new defenses while the former are making the attacks more sophisticated. Lastly we will present novel ideas as to how to make sites mitigate automation attacks better.		The presentation will show several interesting automation incident and discuss the cat and mouse game between attackers and site owners in which the later are creating new defenses while the former are making the attacks more sophisticated. Lastly we will present novel ideas as to how to make sites mitigate automation attacks better.

−	Further Information: [http://www.owasp.org/images/c/c1/~~OWASP_IL_~~-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.~~ppt~~ Presentation]	+	Further Information: [http://www.owasp.org/images/5/58/OWASP_Israel_-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.pdf Presentation]

@@ Line 1: / Line 1: @@
 The meeting was held on May 7th 2009 and was hosted by IBM in Park Azorim in Petach-Tikva
 ([http://www.xiom.com/owasp-meeting-7-5-2009 Hebrew Version])
-'''Web-Based Man-in-the-Middle Attack'''
+== Web-Based Man-in-the-Middle Attack ==
 Adi Sharabani, IBM
@@ Line 13: / Line 14: @@
 Further Information: [http://blog.watchfire.com/AMitM.ppt Presentation] | [http://blog.watchfire.com/AMitM.pdf White Paper] | [http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html Blog]
-'''Automation Attacks and Counter Measures'''
 Ofer Shezaf, [http://www.xiom.com Xiom]