OWASP Israel April 2014 - Revision history

Avi Douglen: post-meeting

2014-05-22T13:18:58Z

post-meeting

Avi Douglen at 12:32, 4 May 2014

2014-05-04T12:32:39Z

Avi Douglen at 22:09, 29 April 2014

2014-04-29T22:09:05Z

Avi Douglen: Added presentations

2014-04-29T00:34:05Z

Added presentations

Avi Douglen: Changed order of talks

2014-04-22T14:38:11Z

Changed order of talks

Avi Douglen: Added Heartbleed for Itsik

2014-04-17T01:21:18Z

Added Heartbleed for Itsik

Avi Douglen: Created page with "The 2nd meeting of 2014 for the Israel chapter of OWASP will take place on April 23, at 17:00. The meeting will be held at Akamai, 3 Ha’mada St. Herzliya Pituach, 2nd floo..."

2014-04-09T10:30:00Z

Created page with "The 2nd meeting of 2014 for the Israel chapter of OWASP will take place on April 23, at 17:00. The meeting will be held at Akamai, 3 Ha’mada St. Herzliya Pituach, 2nd floo..."

New page

The 2nd meeting of 2014 for the Israel chapter of OWASP will take place on April 23, at 17:00.

The meeting will be held at Akamai, 3 Ha’mada St. Herzliya Pituach, 2nd floor .

Please note that pre-registration is required, so that our host can organize accordingly.
Please register here: http://www.eventbrite.com/e/owasp-israel-meeting-april-2014-tickets-10890386439?aff=eorg (you can click “register with email” if you don’t want to register with Facebook).

== Agenda: ==

''' 17:00 – 17:30 '''
'''Gathering, food, and drinks (KOSHER)'''

''' 17:30 – 17:45 '''
'''Opening note '''

''' 17:45 – 18:30 '''
'''Cloudy with a chance of WAF - Or Katz, Akamai Technologies'''

Web application firewalls are a critical tool to those seeking to protect their web applications - it is the first line of defense that virtually shields modern web applications from the malicious actions of web hackers. 5 years ago a typical web application firewall was an on-premise solution, which was deployed and maintained by web application owners. Nowadays, as more and more applications are migrated to the cloud, we are also witnessing the cloudification of Web Application Firewalls.

In this presentation I will discuss the non-obvious benefits and advantages of cloud-based WAFs, for example - the ability to correlate web application firewall events across numerous applications around the internet, detecting widely distributed attack campaigns that in some cases go unnoticed and in other cases may use zero day exploits that could not be detected otherwise, etc.

''' 18:30 – 19:15 '''
'''The Security of SSL - Itsik Mantin, F5 Networks'''

Over last few years, a number of attacks have been discovered in the Transport Layer Security protocol.
The BEAST, TIME, BREACH and Lucky13 attacks were able to break the SSL protocol and extract data protected by SSL such as session cookies.

In the presentation I will discuss the details of these attacks from a cryptographic perspective, and in particular how does it happen that state-of-the-art cryptographic algorithms suffer from a relatively large number of vulnerabilities.

'''19:15 – 19:30 '''
'''Coffee break'''

'''19:30 – 20:15 '''
'''An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense - Ziv Mador, SpiderLabs (Trustwave)'''

During this talk we will show how security products can use hackers' advanced obfuscation tactics for their own defensive code. Once the malware is “improved” to overcome that obfuscation we will demonstrate how to back deploy these hacker tricks to a security product Proof Of Concept to better block exploit kits and other similar web based threats.

(Note that this is a repeat of the talk Ryan Barnett and Ziv gave at the RSA conference several weeks ago: http://www.rsaconference.com/events/us14/agenda/sessions/1056/an-arms-race-using-banking-trojan-and-exploit-kit. More details about it are included in the blog they posted after their talk: http://blog.spiderlabs.com/2014/03/bloodletting-the-arms-race-using-attackers-techniques-for-defense.html. )

← Older revision		Revision as of 13:18, 22 May 2014
Line 1:		Line 1:
−	The 2nd meeting of 2014 for the Israel chapter of OWASP ~~will take~~ place on April 23, at 17:00.	+	The 2nd meeting of 2014 for the Israel chapter of OWASP took place on April 23, at 17:00.
−
−	~~The meeting will be held at Akamai, 3 Ha’mada St. Herzliya Pituach, 2nd floor .~~
−
−	~~Please note that pre-registration is required, so that our host can organize accordingly.~~
−	~~Please register here: http://www.eventbrite.com/e/owasp-israel-meeting-april-2014-tickets-10890386439?aff=eorg (you can click “register with email” if you don’t want to register with Facebook)~~.

		+	The meeting was held at Akamai, 3 Ha’mada St. Herzliya Pituach, 2nd floor .

		+	Close to 100 people participated.

	== Agenda: ==		== Agenda: ==

← Older revision		Revision as of 12:32, 4 May 2014
Line 52:		Line 52:

	In addition, I will discuss the technical details and the implications of the recently discovered Heartbleed bug (http://heartbleed.com/).		In addition, I will discuss the technical details and the implications of the recently discovered Heartbleed bug (http://heartbleed.com/).
		+
		+	[[Category:Israel]]

← Older revision		Revision as of 01:21, 17 April 2014
Line 35:		Line 35:

	In the presentation I will discuss the details of these attacks from a cryptographic perspective, and in particular how does it happen that state-of-the-art cryptographic algorithms suffer from a relatively large number of vulnerabilities.		In the presentation I will discuss the details of these attacks from a cryptographic perspective, and in particular how does it happen that state-of-the-art cryptographic algorithms suffer from a relatively large number of vulnerabilities.
		+
		+	In addition, I will discuss the technical details and the implications of the recently discovered Heartbleed bug (http://heartbleed.com/).

@@ Line 43: / Line 43: @@
 '''19:30 – 20:30   <br/>   '''
 '''The Security of SSL - Itsik Mantin, F5 Networks'''
 Over last few years, a number of attacks have been discovered in the Transport Layer Security protocol.

@@ Line 21: / Line 21: @@
 ''' 17:45 – 18:30   <br/>   '''
 '''Cloudy with a chance of WAF - Or Katz, Akamai Technologies'''
 Web application firewalls are a critical tool to those seeking to protect their web applications - it is the first line of defense that virtually shields modern web applications from the malicious actions of web hackers. 5 years ago a typical web application firewall was an on-premise solution, which was deployed and maintained by web application owners. Nowadays, as more and more applications are migrated to the cloud, we are also witnessing the cloudification of Web Application Firewalls.
@@ Line 29: / Line 30: @@
 ''' 18:30 – 19:15   <br/>   '''
 '''An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense - Ziv Mador, SpiderLabs (Trustwave)'''
 During this talk we will show how security products can use hackers' advanced obfuscation tactics for their own defensive code. Once the malware is “improved” to overcome that obfuscation we will demonstrate how to back deploy these hacker tricks to a security product Proof Of Concept to better block exploit kits and other similar web based threats.