Difference between revisions of "Israel"

Revision as of 12:25, 10 September 2007 (view source) Oshezaf (talk | contribs) (→‎Previous Chapter Meetings) ← Older edit		Revision as of 12:28, 10 September 2007 (view source) Oshezaf (talk | contribs) (→‎3rd OWASP IL Conference, Call for Papers, Contributors and Sponsors) Newer edit →
Line 1:		Line 1:
	{{Chapter Template|chaptername=Israel|extra=The chapter leader is [mailto:[email protected] Ofer Shezaf]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-israel|emailarchives=http://lists.owasp.org/pipermail/owasp-israel}}		{{Chapter Template|chaptername=Israel|extra=The chapter leader is [mailto:[email protected] Ofer Shezaf]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-israel|emailarchives=http://lists.owasp.org/pipermail/owasp-israel}}
−	== 8th OWASP IL Chapter Meeting at Watchfire, Herzliya, Wednesday, September 5th 2007, 16:45 ==	+	== 3rd OWASP IL Conference, Call for Papers, Contributors and  Sponsors ==
−	[[Image:OWASP_IL_global_security_week_logo.jpg|left|200px]]The next meeting of OWASP IL, The Israeli Chapter of OWASP, would be held at Watchfire offices in Herzliya on Wednesday, September 5th at 17:00. Watchfire will also sponsor the meeting. The meeting is part of OWASP Day, a Worldwide OWASP one day conferences on Privacy in the 21st Century which is in turn OWASP contribution to the [http://www.globalsecurityweek.com/ Global Security Week].	+	Presenters, contributors and sponsors are most welcomed to contact me at ofer@shezaf.com to discuss opportunities for the upcoming conference, planned to be, as usuall, even larger and more interesting.
−	Watchfire office is located at 1 Sapir St. Herzeliya Pituach, You can find instructions on how to get to Watchfire office in the [[Media:Owasp_il_map_to_watchfire_offices.gif|map]]. Parking lots which charge a flat reasonable fee are marked on the map.	+	Details about the conference will be published as they become available.
−
−	The agenda of the meeting is:
−
−
−	'''16:45 – 17:00 Gathering and refreshments'''[[Image:OWASP_IL_Sponsor_Watchfire.jpg‎|right]]
−
−
−	<big>'''17:00 – 17:15 OWASP Updates'''</big>
−
−
−	<big>'''17:15 – 18:00 Straight from Blackhat: Dangling Pointers'''</big>
−
−	Jonathan Afek, Senior Security Researcher, [http://www.watchfire.com Watchfire]
−
−	Jonthan will bring to us his acclaimed Blackhat presentation. Dangling pointers are a common programming error, but even OWASP experts assumed, until now, that exploiting this vulnerability can lead only to crashes and therefore only to denial of service attacks (see [http://www.owasp.org/index.php/Using_freed_memory OWASP vulnerability guide]). The research team at Watchfire proved that dangling pointers can be exploited to take control of a vulnerable system, elevating the severity of dangling pointers.
−
−	The presentation will explain the vulnerability and demonstrate a real exploit of the vulnerability using IIS as an example.
−
−
−	'''18:00 – 18:15 Break'''
−
−
−	<big>'''18:15 – 19:00 Evasive Crimeware attacks, Business drivers, and Proposed Defense'''</big>
−
−	Iftach Amit, Director Security Research, [http://www.finjan.com Finjan]
−
−	Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly successful web attacks focusing on client abuse and malware installation and the community that creates them. In the presentation Iftach will share with us his research findings.
−
−	The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.
−
−
−	<big>'''19:00 – 19:30 Content Injection as a solution for client side browser vulnerabilities'''</big>
−
−	Ofer Shezaf, OWASP IL Leader; CTO, Breach Security, [http://www.breach.com Breach Security]
−
−	As we have seen in Iftach's presentation, clients are not very secure. While we, as web site owners, may not be directly responsible, this situation is just as much a problem for us: law might hold us responsible and the conquered and potentially trusted client may pose a risk to our web site. Good examples of problems which blurs the lines between client and server are the [http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/ Universal PDF XSS] and [http://en.wikipedia.org/wiki/Cross-site_request_forgery Cross Site Request Forgery].
−
−	Content Injection is a method proposed by Ivan Ristic, the creator of [http://www.modsecurity.org ModSecurity] to enable a Web Application Firewall to protect against this family of problems. The presentation will explain this novel method and build on it to offer some practical recipes for protection against client side problems.
	== Previous Chapter Meetings ==		== Previous Chapter Meetings ==

---

Revision as of 12:28, 10 September 2007

OWASP Israel

Welcome to the Israel chapter homepage. The chapter leader is Ofer Shezaf

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

3rd OWASP IL Conference, Call for Papers, Contributors and Sponsors

Presenters, contributors and sponsors are most welcomed to contact me at [email protected] to discuss opportunities for the upcoming conference, planned to be, as usuall, even larger and more interesting.

Details about the conference will be published as they become available.

Previous Chapter Meetings

8th OWASP IL chapter meeting - the meeting was held at Watchfire on Septemner 5th 2007. Watchfire also sponsored the meeting. The meeting was part of OWASP week, a Worldwide OWASP one week of conferences on privacy in the 21st Century which is in turn OWASP contribution to the Global Security Week.

Meeting program and presentations.

2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya, May 21th 2007 - The event was a huge success with nearly 200 people attending and 8 companies and organizations sponsoring the event (Breach Security, Checkpoint, Hacktics, Microsoft, Zend, 2Bsecure, F5 Networks and the Efi Arazi school of Computer Science at the IDC).

You can review the conference program and presentations and view pictures from the conference.

6th OWASP IL chapter meeting - the meeting was held at Breach Security on January 24th 2007 and was sponsored by Breach Security. Nearly 50 people attended the meeting.

Meeting program and presentations.

OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya, November 13th 2006 - OWASP IL and the Interdisciplinary Center Herzliya (IDC) held a half day conference on application security on Nov 13th 2006. The event marked the establishment of a new academic program on information security in the net era at IDC's Efi Arazi School of Computer Science. More than 90! people attended the conference, enjoyed professional catering and heard no less than 7 presentations. The meeting was sponsored by Breach Security and Applicure.

Conference program and presentations.

4th OWASP IL chapter meeting - the meeting was help at Breach Security on July 26th 2005 and was sponsored by Breach Security.

Meeting program and presentations.