This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Israel 2009

From OWASP
Revision as of 07:16, 18 August 2009 by Oshezaf (talk | contribs) (Created page with '== Presentations == === Dynamic Password Hardening === '''Robert Moskovitch, Ben-Gurion University''' Robert would present a project developed at the Deutsche Telekom Laboratori…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Presentations

Dynamic Password Hardening

Robert Moskovitch, Ben-Gurion University

Robert would present a project developed at the Deutsche Telekom Laboratories at Ben Gurion University which uses keystrokes dynamics and continuous verification using keystroke and mouse dynamics to harden password and prevent identity theft on the Internet. The presentation will touch on the technique challenges and state of development and would include a demo.   Robert is a researcher at the Deutsche Telekom Laboratories at Ben Gurion University

The Bank Job: A hacker’s day of work - Exploiting a vulnerable web site

Adi Sharabani , IBM

In this presentation we will show how severe a Cross-Site Scripting vulnerabilities are. We will build a step-by-step working exploit code for an XSS vulnerability found in an online banking site to hijack user sessions, transfer money and cover the traces. The money will be shared among the audience.

The presentation does not require any prior knowledge, but it is also aimed for technical people.

Adi is a security research group manager for IBM labs

IdM: the missing security link

Avi Douglen

Identity management is often driven by operational requirements rather than security requirements. The presentation will explore the security aspects of IdM as part of authentication and authorization. Among the issues discussed are: What security benefits can an IdM provide? What IdM types, techniques and methods best suit security requirements? And lastly what are the security pitfalls and disadvantages of IdM.

Avi is a freelance security consultant

ReDoS (Regular Expression Denial of Service) Revisited

Alex Roichman, Checkmarx

The presentation will explore the Regular Expression Denial of Service (ReDoS) attack and how it be used in order to implement new and old attacks. ReDoS is commonly known as a “bug” in systems, but the presentation will show how serious it is and how using this technique, various applications can be “ReDoSed”. These include, among others, Web Application, WAFs, IDS, AV, Web Servers, Client-side browsers (including cellular devices), and Database.

Alex is chief security architect at Checkmarx

BookMage: Secure Server Side Web Authentication with a Bookmark and an Interactive Custom Image

Ronen Margolis, IDF

BookMage combines two highly efficient mechanisms to defend against phishing attacks. The first mechanism is a specially crafted bookmark which provides two-factor authentication. The second mechanism is an interactive custom image which is presented to the user on each login, and which the user has to click on in order to submit his credentials. BookMage's main advantages are its enhanced security and simple deployment. These two defense mechanisms were proven to be the most efficient mechanisms among different defense mechanisms tested in real life experiments. Furthermore, the two mechanisms complement each other: each protects a different secret, creating a safer login method for. BookMage may be most useful in preventing a number of phishing attacks at high-value sites such as banking sites and single sign-on sites such as OpenID providers.

Ronen is a security systems engineer in the IDF information security unit

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Israel_2009&oldid=67658"