This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Israel June 2014"
Avi Douglen (talk | contribs) (updated speaker titles) |
Avi Douglen (talk | contribs) m (re-added Eldad's cleansed preso) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | The 3rd meeting of 2014 for the Israel chapter of OWASP | + | The 3rd meeting of 2014 for the Israel chapter of OWASP took place on June 16, at 17:00, with over 110 participants. |
| − | The meeting | + | The meeting was held at F5’s office, in Kiryat Atidim (Tel Aviv), Building #8, 30th floor. |
(There is parking in Building #6). | (There is parking in Building #6). | ||
| − | + | [https://www.facebook.com/sigal.amano.3/posts/713928078669014 Some pictures from the event], and [https://www.facebook.com/media/set/?set=a.10152339569023780.1073741884.676733779&type=1&l=a4ee7f4c3b some more pictures]. | |
| − | + | ||
| Line 21: | Line 21: | ||
''' 17:40 – 18:20 <br/> ''' | ''' 17:40 – 18:20 <br/> ''' | ||
'''Rise of the Machines''' <br/> | '''Rise of the Machines''' <br/> | ||
| − | '''Shlomo Yona, Applied Researcher and Innovation Group Leader, F5 Networks''' | + | '''Shlomo Yona, Applied Researcher and Innovation Group Leader, F5 Networks''' |
| + | ([http://www.slideshare.net/ShlomoYona/rise-of-the-machines-owasp-israel-june-2014-meetup online presentation]) | ||
Why we need machines to handle machine generated intel and how to do it. | Why we need machines to handle machine generated intel and how to do it. | ||
| Line 29: | Line 30: | ||
''' 18:20 – 19:00 <br/> ''' | ''' 18:20 – 19:00 <br/> ''' | ||
'''Security Testing & The Depth Behind OWASP Top 10''' <br /> | '''Security Testing & The Depth Behind OWASP Top 10''' <br /> | ||
| − | '''Yaniv Simsolo, Senior Security Expert''' | + | '''Yaniv Simsolo, Senior Security Expert''' |
| + | ([[Media:OWASPIL-2014-06-16_OWASP-Top-10_-_Security-Testing.pptx|download presentation]]) | ||
OWASP changed the Top 10 List in 2013. Some new security areas are incorporated into the updated Top 10 list. In the past few years modern systems’ architecture and coding practices have also changed, evolved and transformed exponentially. Relying on proven security concepts is not sufficient anymore and therefore other approaches are required. | OWASP changed the Top 10 List in 2013. Some new security areas are incorporated into the updated Top 10 list. In the past few years modern systems’ architecture and coding practices have also changed, evolved and transformed exponentially. Relying on proven security concepts is not sufficient anymore and therefore other approaches are required. | ||
| Line 43: | Line 45: | ||
'''DDoS Attacks: Peeling The Onion On One Of The Most Sophisticated Ever Seen''' <br /> | '''DDoS Attacks: Peeling The Onion On One Of The Most Sophisticated Ever Seen''' <br /> | ||
'''Eldad Chai, VP Products, Incapsula''' | '''Eldad Chai, VP Products, Incapsula''' | ||
| + | ([[Media:OWASP-2014-06-16_DDoS-Attacks_Peeling-the-Onion.pdf|download presentation]]) | ||
| + | |||
Taking down a competitor's website can be very valuable. Unlike Hacktivists, with generally short attention spans, or regular cybercriminals, who usually give up when faced with adequate protection, these well-funded attacks persist over time, and employ multiple, sophisticated vectors. This session will review a real case study defending against one of the largest, most sophisticated and persistent DDoS attacks. These include: Networking Capacity, Client Classification, Whitelisting/Blacklisting/Crowdsourcing, Challenge mechanisms, Anomaly detection and the secret sauce... | Taking down a competitor's website can be very valuable. Unlike Hacktivists, with generally short attention spans, or regular cybercriminals, who usually give up when faced with adequate protection, these well-funded attacks persist over time, and employ multiple, sophisticated vectors. This session will review a real case study defending against one of the largest, most sophisticated and persistent DDoS attacks. These include: Networking Capacity, Client Classification, Whitelisting/Blacklisting/Crowdsourcing, Challenge mechanisms, Anomaly detection and the secret sauce... | ||
[[Category:Israel]] | [[Category:Israel]] | ||
Latest revision as of 08:41, 8 July 2014
The 3rd meeting of 2014 for the Israel chapter of OWASP took place on June 16, at 17:00, with over 110 participants.
The meeting was held at F5’s office, in Kiryat Atidim (Tel Aviv), Building #8, 30th floor. (There is parking in Building #6).
Some pictures from the event, and some more pictures.
Agenda:
17:00 – 17:30
Gathering, food, and drinks (KOSHER)
17:30 – 17:40
Opening note
17:40 – 18:20
Rise of the Machines
Shlomo Yona, Applied Researcher and Innovation Group Leader, F5 Networks
(online presentation)
Why we need machines to handle machine generated intel and how to do it. We will discuss a severe and growing problem of IT/Ops/Security professionals and exemplify concretely with a description of how we reproduced results reported in “An Empirical Study Of Passive 802.11 Device Fingerprinting” (http://arxiv.org/abs/1404.6457) with some modifications and use the opportunity to see how Automated Statistical Inference can be utilized to identify spoofed MAC addresses.
18:20 – 19:00
Security Testing & The Depth Behind OWASP Top 10
Yaniv Simsolo, Senior Security Expert
(download presentation)
OWASP changed the Top 10 List in 2013. Some new security areas are incorporated into the updated Top 10 list. In the past few years modern systems’ architecture and coding practices have also changed, evolved and transformed exponentially. Relying on proven security concepts is not sufficient anymore and therefore other approaches are required.
We will venture into the depth of the more obscure security areas now included in the Top 10, and the reality of the security of modern systems. The pitfalls of security tests will be reviewed and an alternative approach for modern systems security testing will be discussed in length.
19:00 – 19:20
Coffee break
19:20 – 20:00
DDoS Attacks: Peeling The Onion On One Of The Most Sophisticated Ever Seen
Eldad Chai, VP Products, Incapsula
(download presentation)
Taking down a competitor's website can be very valuable. Unlike Hacktivists, with generally short attention spans, or regular cybercriminals, who usually give up when faced with adequate protection, these well-funded attacks persist over time, and employ multiple, sophisticated vectors. This session will review a real case study defending against one of the largest, most sophisticated and persistent DDoS attacks. These include: Networking Capacity, Client Classification, Whitelisting/Blacklisting/Crowdsourcing, Challenge mechanisms, Anomaly detection and the secret sauce...
