OWASP Israel January 2017 - Revision history

Avi Douglen at 16:58, 23 January 2017

2017-01-23T16:58:00Z

Tal Mel at 09:56, 23 January 2017

2017-01-23T09:56:36Z

Tal Mel at 09:50, 23 January 2017

2017-01-23T09:50:29Z

Tal Mel at 09:39, 23 January 2017

2017-01-23T09:39:23Z

Avi Douglen: Created page with "The Israeli chapter of OWASP will hold a meeting on Wednesday, January 18th, at 17:00. The meeting will be held in Radware’s Tel Aviv offices, at Raul Wallenberg 22, Ramat..."

2017-01-12T11:12:38Z

Created page with "The Israeli chapter of OWASP will hold a meeting on Wednesday, January 18th, at 17:00. The meeting will be held in Radware’s Tel Aviv offices, at Raul Wallenberg 22, Ramat..."

New page

The Israeli chapter of OWASP will hold a meeting on Wednesday, January 18th, at 17:00.

The meeting will be held in Radware’s Tel Aviv offices, at Raul Wallenberg 22, Ramat HaChayal.

Attendance is free of course, but you must register if you are planning to attend:
https://www.meetup.com/OWASP-Israel/events/236372466/

== Agenda: ==

''' 17:00 '''
'''Gathering, food, and drinks (KOSHER)'''

''' 17:30 '''
''' Introductions and Opening Notes '''

''' 17:45 – IP Agnostic Bot Detection ''' 
''' Michael Groskop, Director of WAF & R&D Security, Radware ''' 

Bot-generated attacks targeting web application infrastructure are increasing in both volume and scope. Bots are becoming more sophisticated, leveraging headless browser technologies and use different evasion techniques such as dynamically changing IP addresses.

In this presentation we will review the challenges associated with IP agnostic detection of bot generated attacks, the complexity involved in distinguishing the good bots from the bad and the actions application developers can take for better thwarting of such attacks.

''' 18:30 – R U aBLE? - BLE Comm Hacking ''' 
''' Tal Melamed, Technical Lead, AppSec Labs ''' 

As IoT devices are increasingly embedded in our every day lives, vulnerabilities have real impact on our digital and physical security.

Bluetooth Low Energy (BLE), also known as Bluetooth Smart, is part of Bluetooth 4. Today Bluetooth is the most popular protocol used for interfacing IoT and smart devices, wearables and medical equipment. Like most rising technologies, security is often left out.

In this lecture we will demonstrate how to perform penetration-testing for applications communicating with connected-devices over BLE. What equipment, libraries and projects can be used.

''' 19:15 – Coffee break ''' 

''' 19:30 – Should I Trust My Vendor? ''' 
''' Yaniv Simsolo, CTO, Palantir Security ''' 

Modern systems and business models mandate different approaches to security. Sometimes, the business objectives of the vendor override the security objectives that we, the security community, think the product should have. When approaching a complex system design, numerous challenges arise when considering the trust we put on vendors’ hands and vendors’ responsibilities. Similar security challenges exist on the other scale: considering the maturity (or lack thereof) of small scale IoT products.

Does the aim sanctify the means?

In certain cases, either mal-coding or business practices result in a very poor security of a product or a service. This can get to extreme cases were the vendor outright attacks its own customers. Such was the case for example when I purchased a brand new laptop from a known manufacturer, and was attacked with viruses and malicious business practices software. Indeed, certain vendors are worse than others.

In the presentation we will explore notable examples of vendors abusing their customers’ trust and review the (few) mitigation alternatives we may incorporate in our products and systems.

@@ Line 20: / Line 20: @@
 ''' 17:45 – IP Agnostic Bot Detection ''' <br/>
 ''' Michael Groskop, Director of WAF & R&D Security, Radware ''' <br/>
 Bot-generated attacks targeting web application infrastructure are increasing in both volume and scope. Bots are becoming more sophisticated, leveraging headless browser technologies and use different evasion techniques such as dynamically changing IP addresses.

@@ Line 26: / Line 26: @@
-''' 18:30 – R U aBLE? - BLE Application Hacking ''' <br/>
+''' <span class="mw-headline" id="RUaBLE_BLE_Application_Hacking">18:30 - R U aBLE? BLE Application Hacking</span> ''' <br/>
 ''' Tal Melamed, Technical Lead, AppSec Labs ''' <br/>
 ([[Media:OWASP2017_HackingBLEApplications_TalMelamed.pdf|download presentation]]) <br/>

@@ Line 28: / Line 28: @@
 ''' 18:30 – R U aBLE? - BLE Application Hacking ''' <br/>
 ''' Tal Melamed, Technical Lead, AppSec Labs ''' <br/>
 As IoT devices are increasingly embedded in our every day lives, vulnerabilities have real impact on our digital and physical security.

← Older revision		Revision as of 09:39, 23 January 2017
Line 26:		Line 26:


−	''' 18:30 – R U aBLE? - BLE ~~Comm~~ Hacking ''' <br/>	+	''' 18:30 – R U aBLE? - BLE Application Hacking ''' <br/>
	''' Tal Melamed, Technical Lead, AppSec Labs ''' <br/>		''' Tal Melamed, Technical Lead, AppSec Labs ''' <br/>