This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Israel"
(→OWASP IL mini conference, Monday, November 13th, together with IDC) |
(→OWASP IL mini conference, Monday, November 13th, together with IDC) |
||
Line 8: | Line 8: | ||
The meeting is sponsored by [[www.breach.com|Breach Security]] and [[www.applicure.com|Applicure Technologies]]. | The meeting is sponsored by [[www.breach.com|Breach Security]] and [[www.applicure.com|Applicure Technologies]]. | ||
+ | |||
+ | [[Image:Breach_logo.gif]] [[Image:Applicure_logo.JPG]] | ||
the program: | the program: |
Revision as of 21:06, 9 November 2006
OWASP Israel
Welcome to the Israel chapter homepage. The chapter leader is Ofer Shezaf
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
OWASP IL mini conference, Monday, November 13th, together with IDC
We are pleased to announce that OWASP IL and the Interdisciplinary Center Herzliya (IDC) are holding a mini conference on application security. The event marks the establishment of a new academic program on information security in the net era at IDC's Efi Arazi School of Computer Science.
The meeting will be held on November 13th, Starting at 14:30 at IDC Herzliya campus (driving directions will be added later). Participation is free and open to all, but please inform us (e-mail to [email protected]) that you are coming as space is limited. Feel free to spread the word about this meeting to anyone you feel would be interested. You can also register to get the OWASP Israel mailing list and receive updates regarding chapter's meetings. For further details please contact me.
The meeting is sponsored by Breach Security and Applicure Technologies.
the program:
14:30 – 15:00 Gathering and refreshments (hopefully more elaborate than Pizza this time!)
15:00 – 15:10 Introducing the new information security program at the net era at the Efi Arazi School of Computer Science, IDC Herzliya
Dr. Anat Bremler-Barr, Program Academic Director.
15:10 – 15:40 Sophisticated Denial of Service attacks
Dr. Anat Bremler-Barr, Efi Arazi School of Computer Science, IDC Herzliya
In Denial of Service attack, the attackers consume the resources of the victim, a server or a network, causing degradation in performance or even total failure of the victim. The basic DDoS attack is a simple brute force flooding, where the attacker sends as much traffic as he can to consume the network resources. In contrast, the sophisticated DDoS attack aims to hurt the weakest point in the victim's applications by sending specific traffic type that burdens the application the most. In this talk we will cover recent works that show that several common mechanisms are vulnerable to sophisticated DDoS attacks. For example, Crosby and Wallach showed that using bandwidth of less than a typical dialup modem can bring a dedicated Bro server to its knees. We will discuss some basic guidelines of how to design applications to be resilient to sophisticated attacks.
15:40 – 16:00 Malicious content in enterprise portals
Shalom Carmel, A security icon, the world's authority on hacking AS/400 and a BlackHat 2006 speaker
In 2005, enterprise portals rank in the top 10 of CIO technology focus areas in many surveys. The main drivers of the portal business growth are the horizontal portal suites, which provide content management capabilities, application integration tools, and specific solutions for collaboration and knowledge management. This lecture will address the security problems an enterprise may have due to the various content management abilities in a typical Portal implementation, and will focus on cross site scripting attacks.
16:00 – 16:30 Information Warfare against commercial companies – lessons from dealing with hostile internet entities
Ariel Pisetsky, CISO and Infrastructure Manager, NetVision
During the recent war in the north, many information security events where detected in private and government organization. These events, usually no more than web site defacement, provide an opportunity to examine a large scale hostile activity against web sites affiliated with Israel. Commercial companies with no direct relation to the war found themselves under a direct attack or indirectly affected due to attacks on ISPs and the Internet Infrastructure in Israel.
In the presentation we will discuss what happened during this summer of war, whether it can be classified as information warfare and what are the lessons that can be learnt going forward
16:30 – 16:45 Break, coffee, tea & fruits
16:45 – 17:15 "The Core Rule Set": Generic detection of application layer attacks
Ofer Shezaf, CTO, Breach Security, OWASP IL chapter Leader, Director, the Web Application Security Consortium
Web Applications are unique, each one having its own vulnerabilities and therefore a positive security model is usually considered the optimal way to protect them. The ModSecurity open source project has recently released a "core rule set", essentially a set of super signatures that try to provide significant security to custom application without the effort of defining a positive security model.
The lecture will discuss generic application security signatures and rules, how they differ from network centric signatures and their strengths and limitations when dealing with the OWASP top 10 attacks.
17:15 – 17:50 The OWASP Top Ten Backdoors
Yaniv Simsolo, Application Security Consultant, Comsec Consulting
Just as the OWASP Top Ten outlines the top ten mistakes that developers make in applications, the top ten backdoors discuss the features developed on purpose, that do just the same: leave the application vulnerable. Backdoors are more common than developers and system professionals think. Hackers and malicious users can exploit backdoors easily, without leaving any special traces in the system. An SQL interface to an application, providing a lot of flexibility but little security is a good example of such a backdoor.
The presentation will discuss common backdoors found in web applications and how they relate to the OWASP top 10.
17:50 – 18:00 Break
18:00 – 18:30 Real vs. Virtual Patching
Ravid Lazinski, Technical Manager, Applicure Technologies
The penetration team has found a bug. What's next? In order to prevent exploitation, the application has to be patched.
The presentation will discuss the advantage and disadvantages of the two available solutions: patching the application or using an external patching solution in a process called "virtual patching".
18:30 – 19:15 Hacking The Framework
Nimrod Luria, Head Of Consulting Services, 2Bsecure
Modern development environment such as .Net and J2EE promise enhanced security by relying on the framework services rather than good coding. The presentation will demonstrate using real hacking demos the weak points in such frameworks using .Net as an example.
OWASP IL meeting, Wednesday, July 26th
Time of the next meeting of OWASP IL!
The meeting will be held on July 26th, 17:15, at Breach Security offices, 11th Bareket St. Herzliya. Participation is free and open to all, but please inform us (mail me at [email protected]) that you are coming so room is limited.
Feel free to distribute information regarding this meeting to others in your organization or outside that you think may be interested in the meeting. You can also register to the OWASP Israel mailing list in order to receive updates regarding chapter's meetings. For further details please contact me.
17:15 - Gathering, Socializing and Pizzas
17:30 - Exposing cryptography for software developers
Shai Zalalichin, Head of AppSec group, Comsec
Encryption is a very important tool in the application security tool chest, but is also a very complex technology. The presentation will explore common pitfalls & countermeasures that every developer should follow when writing crypto-aware applications.
The presentation was originally given at OWASP Europe conference in May.
18:30 - Preventing Spoofing, Phishing and Spamming by Secure Usability and Cryptography
Prof. Amir Herzberg, dept. of computer science, Bar-Ilan University, Israel
Spoofing, Phishing and spamming are of the worst security problems in the Internet. Amir will present vulnerabilities in the current email and web systems, causing the proliferation of such attacks. Amir will then discuss some recent proposals made by him as well as others to improve security against these threats. Some solutions involve secure usability, some use (simple) cryptographic protocols, while others involve both areas.
19:20 - Questions & Feedback