This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Israel"

From OWASP
Jump to: navigation, search
(Next meeting: September 5th, at Watchfire, Herzeliya)
(The Team)
 
(92 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Israel|extra=The chapter leader is [mailto:[email protected] Ofer Shezaf]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-israel|emailarchives=http://lists.owasp.org/pipermail/owasp-israel}}
+
[[Category:OWASP_Chapter]]
 +
[[image:Owasp_Israel_logo.png|center|500px]]
 +
__NOTOC__ <!-- This removes the Table Of Contents on this page -->
 +
<!-- Any = Heading 1 = markup will create a new tab until after the </headertabs> -->
 +
<!-- 1st Tab start -->
 +
= Welcome =
  
== Next Meeting: September 5th, at Watchfire, Herzeliya ==
+
{{Chapter Template|chaptername=Israel|extra=<br>|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-israel|emailarchives=http://lists.owasp.org/pipermail/owasp-israel}}
 +
<!-- 1st Tab end -->
  
'''Save the day! 5/9, 17:00'''
+
<!-- 2nd Tab start -->
  
The next meeting of OWASP Israel will be held on September 5th at 17:00. This time Watchfire will host and sponsor the meeting. But don't rush to bring a map: it is the building adjacent to Breach in Herzeliya. Thanks to Ory Segal from Watchfire for organizing that.
+
= Chapter Details =
 +
== The Team ==
  
The event will be part of the global security week (September 3rd-9th: http://www.globalsecurityweek.com/). In this OWASP holds mini conference and chapter meetings around the world and so will we.
+
* Chapter Co-Chairs: '''[mailto:shira.shamban@owasp.org Shira Shamban]''' and '''[mailto:ori.troyna@owasp.org Ori Troyna]'''
  
More information about the OWASP and OWASP Israel chapter can be found at http://www.owasp.org/index.php/israel.
+
* Chapter Leaders:  '''[mailto:[email protected] Shira Shamban]''', '''[mailto:[email protected] Ori Troyna]''' and '''[mailto:[email protected] Avi Douglen]'''
 +
* Chapter Board:  '''[mailto:or.katz@owasp.org Or Katz]''', '''[[User:YossiOren|Dr. Yossi Oren]]''', '''Josh Grossman''', '''[mailto:Ofer.maor@owasp.org Ofer Maor]'''
 +
* Chapter Founder: '''[mailto:[email protected] Ofer Shezaf]'''
 +
* [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew]]: Or Katz
 +
* Homepage Maintenance: Avi Douglen, Ofer Maor, Yossi Oren
 +
* Mailing List Management: Shira Shamban, Ori Troyna, Or Katz
  
 +
== General Activity ==
 +
* An annual conference, usually in September or October.
 +
* Periodic meetings. If you would like to host a meeting or speak in one contact [mailto:[email protected] Avi Douglen] or [mailto:[email protected] Or Katz].
 +
* Translation of OWASP resources to Hebrew
 +
* Spreading the Word - Reaching out for more people, especially outside of the AppSec community.
 +
<!-- 2nd Tab end -->
  
'''Call for presenters'''
+
<!-- 3rd Tab start -->
 +
= Current Activity =
  
If you would like to present in the meeting, please send me ([email protected]) details of the presentation.
+
== Meetings ==
  
== 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya, May  21th 2007 ==
+
<span style="font-size:115%;font-weight:bold;"> Get ready for OWASP [https://2018.appsecil.org/ AppSec Israel 2018], to be held on 5-6 September, 2018! </span><br>
  
 +
* <meetup group="OWASP-Israel" />
  
The 2nd OWASP IL mini conference was herd at the Interdisciplinary Center (IDC) Herzliya on May  21th 2007. The event was a huge success with over a 150 people attending and 8 companies and organizations sponsoring the event. The feedback for the carefully selected presentations presentations, all of them relevant, informative and most importantly none commercial was great.  
+
== Hebrew Translations ==  
  
'''[http://www.owasp.org/index.php/2nd_OWASP_IL_mini_conference Conference program and presentations download]'''
+
; '''The OWASP Top 10, 2013 version was translated to Hebrew! <br> '''
 +
It is now [[OWASP_Top10_Hebrew|available for download]].
  
The meeting was sponsored by Breach Security, Checkpoint, Hacktics, Microsoft, Zend, 2Bsecure, F5 Networks and the Efi Arazi school of Computer Science at the Interdisciplinary Center (IDC) Herzliya.
+
The [[OWASP_Risk_Rating_Methodology|OWASP Risk Rating Methodology]], part of the [[OWASP_Testing_Project|OWASP Testing Project]], has been translated to Hebrew, and is available for download in [[Media:OWASP_Risk_Rating_Methodology-Hebrew.pdf|PDF format]].
 +
Much thanks to Tal Argoni from TriadSec.
  
<center>[[Image:Breach_logo.gif]]&nbsp;&nbsp;&nbsp;&nbsp;[[Image:OWASP_IL_Sponsor_Hacktics.jpg|160px]][[Image:OWASP_IL_Sponsor_Zend.jpg|110px]]&nbsp;&nbsp;&nbsp;&nbsp;[[Image:OWASP_IL_Sponsor_2B.jpg]]&nbsp;&nbsp;&nbsp;&nbsp;[[Image:OWASP_IL_Sponsor_F5.jpg]]</center><p><center>[[Image:OWASP_IL_Sponsor_Checkpoint.gif]]&nbsp;&nbsp;&nbsp;&nbsp;[[Image:OWASP_IL_Sponsor_Microsoft.gif]]&nbsp;&nbsp;&nbsp;&nbsp;[[Image:OWASP_IL_Sponsor_IDC.jpg]]</center>
+
== Additional Resources ==
 +
* Security discussion forum in Hebrew - on [https://www.facebook.com/groups/owasp.il/ Facebook]. [[file:Facebook_logo_small.jpg|100px|link=https://www.facebook.com/groups/owasp.il/]]
 +
* [https://www.linkedin.com/groups/39702 LinkedIn Group] for networking and announcements. [[file:Delhi_linkedin.jpg|100px|link=https://www.linkedin.com/groups/39702]]
 +
* [https://owasp.slack.com/messages/chapter-israel/ Chat room] for security in Hebrew. [[file:Slack.png|90px|link=https://owasp.slack.com/messages/chapter-israel/]]
 +
* [https://twitter.com/OWASP_IL Twitter] account. [[file:twitter_wide.jpg|75px|link=https://twitter.com/OWASP_IL]]
 +
* [[OWASP_IL_Sponsorship|Sponsorship opportunities]], including #AppSecIL conference sponsorship.
 +
* [http://www.meetup.com/OWASP-Israel/ Ongoing Meetings and socialization on Meetup]. [[file:Meetup-logo-2x.png|75px|link=http://www.meetup.com/OWASP-Israel/]]
  
== 6th OWASP IL meeting, January 24th 2007 ==
 
  
The 6th OWASP IL meeting was held on January 24th 2007, at 17:15, at Breach Security offices in Herzelya and was sponsored by [[www.breach.com|Breach Security]]. The meeting was very successful, with nearly 50 people attending the meeting.
+
If you have anything else on your mind, please speak up! Contact [mailto:avi.douglen@owasp.org Avi Douglen] with any ideas you have.
 +
<!-- 3rd Tab end -->
  
The agenda of the meeting was:
+
<!-- 4th Tab start -->
 +
= Previous Annual Conferences =
 +
{| class="wikitable" border="1" style="text-align:center;" |
 +
! width="200" | Name
 +
! width="200" | Date
 +
! width="350" | Location
 +
! width="200" | Attendance
 +
|- align="center"
 +
| '''[https://2017.appsecil.org/ AppSec Israel 2017]'''
 +
| '''October 17-18, 2017'''
 +
| '''College of Management'''
 +
| '''more than 800 attendees!'''
 +
|- align="left"
 +
| colspan="4" |Use the [https://2017.appsecil.org/ AppSec Israel 2017] website to download presentations and videos
 +
|- align="center"
 +
| '''[[AppSec_Israel_2016|AppSec Israel 2016]]'''
 +
| '''September 19th 2016'''
 +
| '''College of Management'''
 +
| '''more than 650 attendees!'''
 +
|- align="left"
 +
| colspan="4" |Use the [[AppSec_Israel_2016_Presentations|presentations info page]] to download presentations and videos
 +
|- align="center"
 +
| '''[[AppSec_Israel_2015|AppSec Israel 2015]]'''
 +
| '''October 13th, 2015'''
 +
| '''College of Management'''
 +
| '''over 550 participants!'''
 +
|- align="left"
 +
| colspan="4" |Use the [[AppSec_Israel_2015_Presentations|presentations info page]] to download presentations
 +
|- align="center"
 +
| '''[[AppSec_Israel_2014|AppSec Israel 2014]]'''
 +
| '''September 2nd, 2014'''
 +
| '''IDC'''
 +
| '''over 450 participants!'''
 +
|- align="left"
 +
| colspan="4" |Use the [[AppSec_Israel_2014_Presentations|presentations info page]] to download presentations
 +
|- align="center"
 +
| '''[[OWASP_Israel_2013|OWASP Israel 2013]]'''
 +
| '''October 1st, 2013'''
 +
|
 +
| '''480 participants!'''
 +
|- align="left"
 +
| colspan="4" |Use the [[OWASP_Israel_2013_Presentations|presentations info page]] to download presentations
 +
|- align="center"
 +
| '''[[OWASP_Israel_2012|OWASP Israel 2012 conference]]'''
 +
| '''Sep 5th, 2012'''
 +
| '''IDC'''
 +
|
 +
|- align="center"
 +
| '''[[OWASP_Israel_2011|OWASP Israel 2011 Conference]]'''
 +
| '''Sep 15th, 2011'''
 +
| '''IDC in Herzeliya'''
 +
| '''350 attendees'''
 +
|- align="center"
 +
| '''[[OWASP_Israel_2010|OWASP Israel 2010 Conference]]'''
 +
| '''Sep 6th, 2010'''
 +
| '''IDC in Herzliya'''
 +
| '''150 attendees'''
 +
|- align="center"
 +
| '''[[OWASP_Israel_2009|OWASP Israel 2009]]'''
 +
| '''Sunday, September 6th 2009'''
 +
| '''Interdisciplinary Center Herzliya'''
 +
|
 +
|- align="left"
 +
| colspan="4" |You can find the agenda and uploaded presentations [[OWASP_Israel_2009|here]]
 +
|- align="center"
 +
| '''[[OWASP_Israel_2008_Conference_at_the_Interdisciplinary_Center_Herzliya|The OWASP Israel 2008 conference
 +
at the Interdisciplinary Center Herzliya (IDC)]]'''
 +
| '''September 14th, 2008'''
 +
| '''Interdisciplinary Center Herzliya'''
 +
| '''250 attendees'''
 +
|- align="center"
 +
| '''OWASP Israel at the [http://www.idc.co.il/?showproduct=31108&content_lang=ENG IDC Security Road Show]'''
 +
| '''June 3rd, 2008'''
 +
|
 +
|
 +
|- align="left"
 +
| colspan="4" |OWASP sponsored the IDC Security Road Show event in Israel. Thanks for Iris Lev-Ari and Tomer Teller for the help in the OWASP booth.
 +
|- align="center"
 +
| '''[[OWASP_Israel_2007_Conference|OWASP Israel 2007 conference at the Interdisciplinary Center Herzliya (IDC)]]'''
 +
| '''Dec 3rd 2007'''
 +
| '''Interdisciplinary Center (IDC) Herzliya'''
 +
|
 +
|- align="left"
 +
| colspan="4" |The 1st official OWASP conference in Israel, was held on Dec 3rd 2007 at the Interdisciplinary Center (IDC) Herzliya.
 +
The conference really set itself as an event you must come to if you have anything to do with application security. [http://picasaweb.google.com/oshezaf/OWASPIsrael2007 pictures from the conference]
 +
|}
 +
<!-- 4th Tab end -->
 +
<!-- 5th Tab start -->
 +
= Previous Meetings =
 +
{| class="wikitable" border="1" style="text-align:center;" |
 +
! width="250" | Name
 +
! width="200" | Date
 +
! width="350" | Location
 +
! width="200" | Attendance
 +
|- align="center"
 +
| [[OWASP_Israel_June_2017|OWASP Israel June 2017]]
 +
| June 20th, 2017
 +
| Intuit Israel, HaHarash St. 4, Hod Hasharon
 +
|
 +
|- align="center"
 +
| [[OWASP_Israel_April_2017|OWASP Israel April 2017]]
 +
| April 3rd, 2017
 +
| Checkmarx's offices, in the Amot Atrium Tower, 2 Jabotinsky St., Ramat Gan
 +
| 75 people
 +
|- align="center"
 +
| [[OWASP_Israel_January_2017|OWASP Israel January 2017]]
 +
| January 18th, 2017
 +
| Radware’s Tel Aviv offices, at Raul Wallenberg 22, Ramat HaChayal
 +
| 120 people
 +
|- align="center"
 +
| [[OWASP_Israel_June_2016|OWASP Israel June 2016]]
 +
| June 14, 2016
 +
| Amdocs Auditorium in Raanana
 +
|
 +
|- align="center"
 +
| [[OWASP_Israel_April_2016|OWASP Israel April 2016]]
 +
| April 12, 2016
 +
| HP Enterprise in Yehud
 +
| 150 participants
 +
|- align="center"
 +
| [[OWASP_Israel_February_2016|OWASP Israel February 2016]]
 +
| February 2, 2016
 +
| F5 Networks in Tel Aviv
 +
|
 +
|- align="center"
 +
| [[OWASP_Israel_June_2015|OWASP Israel June 2015]]
 +
| June 16, 2015
 +
| Microsoft in Herzeliya
 +
| 120 participants
 +
|- align="center"
 +
| [[OWASP_Israel_March_2015|OWASP Israel March 2015]]
 +
| March 30, 2015
 +
| NCR in Raanana
 +
| 120 participants
 +
|- align="center"
 +
| [[OWASP_Israel_June_2014|OWASP Israel June 2014]]
 +
| June 16, 2014
 +
| F5 Networks in Tel Aviv
 +
| 110 participants
 +
|- align="center"
 +
| [[OWASP_Israel_April_2014|OWASP Israel April 2014]]
 +
| April 23, 2014
 +
| Akamai in Herzliya Pituach
 +
| 100 participants
 +
|- align="center"
 +
| [[OWASP_Israel_January_2014|OWASP Israel January 2014]]
 +
| January 14th, 2014
 +
| Amdocs in Ra'anana
 +
| 120 participants
 +
|- align="center"
 +
| [[OWASP_Israel_2013_05|OWASP Israel May 2013]]
 +
| May 28th, 2013
 +
| RSA
 +
| 80 participants
 +
|- align="center"
 +
| [[OWASP_Israel_2013_02|OWASP Israel February 2013]]
 +
| February 12th, 2013
 +
| E&Y
 +
|
 +
|- align="left"
 +
| colspan="4" |[[OWASP_ISRAEL_2013_02_Hebrew|Hebrew version]]
 +
|- align="center"
 +
| [[OWASP_Israel_2010_06|OWASP Israel Jun-2010]]
 +
| Jun 22nd, 2010
 +
| IBM/Watchfire in Herzliya
 +
|
 +
|- align="center"
 +
| [[OWASP_Israel_2010_02|OWASP Israel Feb-2010]]
 +
| Feb 9th, 2010
 +
| Amdocs in Ra'anana
 +
| 70 attendees
 +
|- align="center"
 +
| [[OWASP_Israel_2010_01|OWASP Israel Jan-2010]]
 +
| Jan 12th, 2010
 +
| Breach Security in Herzliya
 +
| 60 attendees
 +
|- align="center"
 +
| [[OWASP_Israel_2009_12|OWASP Israel Dec-2009]]
 +
| Dec 2009
 +
| IBM/Watchfire in Herzliya
 +
|
 +
|- align="center"
 +
| [[OWASP_Israel_2009_05|OWASP Israel May 2009 meeting]]
 +
| May 7th, 2009
 +
| IBM in Park Azorim in Petach-Tikva
 +
|
 +
|- align="left"
 +
| colspan="4" |The presentations were:
 +
* Web-Based Man-in-the-Middle Attack, Adi Sharabani, IBM ([http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html more info])
 +
* Automation Attacks and Counter Measures, Ofer Shezaf, Xiom ([http://www.owasp.org/images/5/58/OWASP_Israel_-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.pdf presentation])
 +
: [[OWASP_ISRAEL_2009_05_Hebrew|Full details in Hebrew]]
 +
|- align="center"
 +
| [[OWASP_Israel_2009_03|OWASP Israel March 2009 meeting]]
 +
| March 26th, 2009
 +
| Tel-Aviv University
 +
| 60 attendees
 +
|- align="left"
 +
| colspan="4" |The presentations were:
 +
* Securing cellular web applications, Mikko Saario, Founder, OWASP Finland, Security Architect, Large Telecom Solution Provider ([[Media:OWASP_Israel_-_March_2009_-_Mikko_Saario_-_Web_Application_Security_in_the_Mobile_World.pdf‎|download]])
 +
* Real world implementation of a PCI DSS compliance key management, Yaron Hakon, 2bsecure ([[Media:OWASP_Israel_-_March_2009_-_Yaron_Hakon_-_PCI_key_managment.pdf‎|download]])
 +
* Detecting RFI attacks, Or Katz, Breach Security ([[Media:OWASP_Israel_-_March_2009_-_Or_Katz_-_RFI_detection.pdf‎|download]])
 +
* WAFEC 2.0 - Do WAFs deliver?, Ofer Shezaf, Xiom ([[Media:OWASP_Israel_-_March_2009_-_Ofer_Shezaf_-_Why_WAFs_fail.pdf‎|download]])
 +
: [[OWASP_ISRAEL_2009_03_Hebrew|Full details in Hebrew]]
 +
|- align="center"
 +
| [[OWASP_Israel_2009_01|OWASP Israel January 2009 meeting]]
 +
| January 28th, 2009
 +
| Checkpoint
 +
| 100 people
 +
|- align="left"
 +
| colspan="4" |The presentations were:
 +
* Improving Web Application Firewall testing for better deployment in production network, Gregory Fresnais from BreakingPoint, visiting us from France ([[Media:OWASP_Israel_2009_01_Gregory_Fresnais_Measuring_WAF_Performance.pdf‎|download]])
 +
* Web 2.0 Hacking, Nimrod Luria, Qrity ([[Media:OWASP_Israel_2009_01_Nimrod_Luria_Web_2.0_Security.pdf‎|download]])
 +
* Wiki Security, Ofer Shezaf, Xiom ([http://www.xiom.com/research/wiki_security download])
 +
|}
 +
<!-- 5th Tab end -->
  
 +
<!-- Above the following line = Heading 1 = will create a new tab -->
 +
<headertabs></headertabs>
 +
<!-- Below this line = Heading 1 = will not create tabs anymore -->
  
<big>'''[[media:OWASP_IL_Source_Code_Analysis_and_Application_Security.pdf|Source Code Analysis and Application Security - Cheating the Maze]]'''</big>
+
= Chapter Sponsors =
  
'''Maty Siman, Founder & CTO, [http://www.checkmarx.com/ Checkmarx]'''
+
The OWASP Israel chapter's yearly activity is being supported by the generous sponsorship of the following companies:  
  
During the last few years automatically analyzing source code in order to find security vulnerabilities became a popular method in the field of Application Security. The presentation will discuss the theory and research of static code analysis, the application of static code analysis for security, comparing this method to other application security defense technologies and will demonstrate the use of static code analysis for application security.
+
[[image:OWASPIL_Sponsors_2018.png|center]]
  
 
+
[[Category:Middle East]]  
<big>'''[[media:OWASP_IL_WCF_Security.pdf|Security Implications of .Net 3.0 and the Windows Communication Foundation (WCF)]]'''</big>
+
[[Category:Europe]]
 
 
'''Emmanuel Cohen-Yashar (Manu), Senior .NET technology consultant, [http://www.sela.co.il Sela Group]''' 
 
 
 
Windows Communication Foundation (WCF) is the new Microsoft communication framework bundled as part of of .NET Framework 3.0, the new .NET Windows API succeeding Win32 with the release of Windows Vista. WCF programming model unifies Web Services, .NET Remoting, Distributed Transactions, and Message Queues into a single Service-oriented programming model for distributed computing. The presentation will describe the tenets of SOA – Service Oriented Architecture, introduce WCF and discuss the security implications of this broad new communication paradigm.
 
 
 
 
 
<big>'''[[media:OWASP_IL_The_Universal_XSS_PDF_Vulnerability.pdf|Analysis of the Universal XSS PDF vulnerability - Cause, Solutions and Fun Stuff]]'''</big>
 
 
 
'''Ofer Shezaf, CTO, [http://www.breach.com Breach Security], Leader of [http://www.modsecurity.org/projects/rules/index.html ModSecurity Core Rule Set] open source project '''
 
 
 
Recently a new vulnerability was discovered in commonly used versions of Adobe Acrobat software. Unlike common XSS attacks that require a specific vulnerability in the attacked web site, in this case the vulnerability in Acrobat is sufficient and no fault is required in the attacked web site, and any site that serves PDF files is vulnerable. Therefore it is called "universal XSS" vulnerability.
 
 
 
The presentation will describe the vulnerability, the theoretical and practical solutions for the vulnerability as well as some very funny stories about the dynamics of such a high profile vulnerability, or in other words, what happens when you try to get a car mechanic to fix an application security vulnerability.
 
 
 
== OWASP IL mini conference at IDC, November 13th 2006 ==
 
 
 
OWASP IL and the Interdisciplinary Center Herzliya (IDC) held a half day conference on application security on Nov 13th 2006. The event marked the establishment of a new academic program on information security in the net era at IDC's Efi Arazi School of Computer Science. More than 90! people attended the conference, enjoyed professional catering and heard no less than 7 presentations.
 
 
 
The meeting was sponsored by [[www.breach.com|Breach Security]] and [[www.applicure.com|Applicure Technologies]].
 
 
 
[[Image:Breach_logo.gif]]&nbsp;&nbsp;&nbsp;[[Image:Applicure_logo.JPG|180px]]
 
 
 
Use the links in the event program to access the presentations themselves:
 
 
 
'''14:30 – 15:00 Gathering and refreshments (hopefully more elaborate than Pizza this time!)''' [[Image:OWASP_IL_IDC.jpg|right]]
 
 
'''15:00 – 15:10 Introducing the new information security program at the net era at the Efi Arazi School of Computer Science, IDC Herzliya'''
 
 
 
Dr. Anat Bremler-Barr, Program Academic Director.
 
 
 
 
<big>'''15:10 – 15:40 Sophisticated Denial of Service attacks'''</big>
 
 
 
Dr. Anat Bremler-Barr,  Efi Arazi School of Computer Science, IDC Herzliya
 
 
 
In Denial of Service attack, the attackers consume the resources of the victim, a server or a network, causing degradation in performance or even total failure of the victim. The basic DDoS attack is a simple brute force flooding, where the attacker sends as much traffic as he can to consume the network resources. In contrast, the sophisticated DDoS attack aims to hurt the weakest point in the victim's applications by sending specific traffic type that burdens the application the most. In this talk we will cover recent works that show that several common mechanisms are vulnerable to sophisticated DDoS attacks. For example, Crosby and Wallach showed that using bandwidth of less than a typical dialup modem can bring a dedicated Bro server to its knees. We will discuss some basic guidelines of how to design applications to be resilient to sophisticated attacks.
 
 
 
 
<big>'''15:40 – 16:00 [[Media:Enterprise_portals_security.pdf|Malicious content in enterprise portals]]'''</big>
 
 
 
Shalom Carmel, A security icon, the world's authority on hacking AS/400 and a BlackHat 2006 speaker
 
 
 
In 2005, enterprise portals rank in the top 10 of CIO technology focus areas in many surveys. The main drivers of the portal business growth are the horizontal portal suites, which provide content management capabilities, application integration tools, and specific solutions for collaboration and knowledge management. This lecture will address the security problems an enterprise may have due to the various content management abilities in a typical Portal implementation, and will focus on cross site scripting attacks.
 
 
 
 
 
<big>'''16:00 – 16:30 Information Warfare against commercial companies – lessons from dealing with hostile internet entities'''</big>
 
 
 
Ariel Pisetsky, CISO and Infrastructure Manager, NetVision
 
 
 
During the recent war in the north, many information security events where detected in private and government organization. These events, usually no more than web site defacement, provide an opportunity to examine a large scale hostile activity against web sites affiliated with Israel. Commercial companies with no direct relation to the war found themselves under a direct attack or indirectly affected due to attacks on ISPs and the Internet Infrastructure in Israel.
 
 
 
In the presentation we will discuss what happened during this summer of war, whether it can be classified as information warfare and what are the lessons that can be learnt going forward
 
 
 
 
'''16:30 – 16:45 Break, coffee, tea & fruits'''
 
 
 
 
<big>'''16:45 – 17:15 [[Media:Secure_coding.pdf|Real vs. Virtual Patching]]'''</big>
 
 
 
Ravid Lazinski, Technical Manager, Applicure Technologies
 
 
 
The penetration team has found a bug. What's next? In order to prevent exploitation, the application has to be patched.
 
 
 
The presentation will discuss the advantage and disadvantages of the two available solutions: patching the application or using an external patching solution in a process called "virtual patching".
 
 
 
 
<big>'''17:15 – 17:45 [[Media:The_Core_Rule_Set.pdf|"The Core Rule Set": Generic detection of application layer attacks]]'''</big>
 
 
 
Ofer Shezaf, CTO, Breach Security, OWASP IL chapter Leader, Director, the Web Application Security Consortium
 
 
 
Web Applications are unique, each one having its own vulnerabilities and therefore a positive security model is usually considered the optimal way to protect them. The [http://www.modsecurity.org ModSecurity] open source project has recently released a "core rule set", essentially a set of super signatures that try to provide significant security to custom application without the effort of defining a positive security model.
 
 
 
The lecture will discuss generic application security signatures and rules, how they differ from network centric signatures and their strengths and limitations when dealing with the OWASP top 10 attacks.
 
 
 
 
'''17:50 – 18:00 Break'''
 
 
 
 
 
<big>'''18:00 – 18:30 [[Media:OWASP_10_Most_Common_Backdoors.pdf|The OWASP Top Ten Backdoors]]'''</big>
 
 
 
Yaniv Simsolo, Application Security Consultant, Comsec Consulting
 
 
 
Just as the OWASP Top Ten outlines the top ten mistakes that developers make in applications, the top ten backdoors discuss the features developed on purpose, that do just the same: leave the application vulnerable. Backdoors are more common than developers and system professionals think. Hackers and malicious users can exploit backdoors easily, without leaving any special traces in the system. An SQL interface to an application, providing a lot of flexibility but little security is a good example of such a backdoor.
 
 
 
The presentation will discuss common backdoors found in web applications and how they relate to the OWASP top 10.
 
 
 
 
 
<big>'''18:30 – 19:15 [[Media:Hacking_The_FrameWork.ppt|Hacking The Framework]]'''</big>
 
 
 
Nimrod Luria, Head Of Consulting Services, 2Bsecure
 
 
 
Modern development environment such as .Net and J2EE promise enhanced security by relying on the framework services rather than good coding. The presentation will demonstrate using real hacking demos the weak points in such frameworks using .Net as an example.
 
 
 
== 4th OWASP IL meeting, July 26th 2006 ==
 
 
 
The 4th OWASP IL meeting was held on July 26th 2006 at [http://www.breach.com Breach Security] offices with the following presentations:
 
 
<big>'''[[Media:OWASP_IL_0706_Comsec_ShayZ_Crypto_1_0_2.pdf|Exposing cryptography for software developers]]'''</big>
 
 
 
'''Shai Zalalichin, Head of AppSec group, [http://www.comsec.co.il Comsec]'''
 
 
 
Encryption is a very important tool in the application security tool chest, but is also a very complex technology. The presentation will explore common pitfalls & countermeasures that every developer should follow when writing crypto-aware applications.
 
 
 
The presentation was originally given at OWASP Europe conference in May.
 
 
 
<big>'''[[Media:OWASP_IL_Preventing_spoofing_phishing_and_spam.pdf|Preventing Spoofing, Phishing and Spamming by Secure Usability and Cryptography]]'''</big>
 
 
 
'''[http://www.cs.biu.ac.il/~herzbea/ Prof. Amir Herzberg], dept. of computer science, Bar-Ilan University, Israel''' 
 
 
 
Spoofing, Phishing and spamming are of the worst security problems in the Internet. Amir will present vulnerabilities in the current email and web systems, causing the proliferation of such attacks.  Amir will then discuss some recent proposals made by him as well as others to improve security against these threats. Some solutions involve secure usability,
 
some use (simple) cryptographic protocols, while others involve both areas.
 

Latest revision as of 10:22, 5 September 2019

Owasp Israel logo.png

OWASP Israel

Welcome to the Israel chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


The Team

General Activity

  • An annual conference, usually in September or October.
  • Periodic meetings. If you would like to host a meeting or speak in one contact Avi Douglen or Or Katz.
  • Translation of OWASP resources to Hebrew
  • Spreading the Word - Reaching out for more people, especially outside of the AppSec community.

Meetings

Get ready for OWASP AppSec Israel 2018, to be held on 5-6 September, 2018!

  • Chapter Meetings

    Visit our group on meetup.com

    Upcoming events

    No events are scheduled at the moment.

    Past events

    • Feb 6, 2024 (18:00): OWASP IL Meetup - February 2023Yigal Alon St 94, building 1, Yigal Alon St 94, building 1 · Tel Aviv-Yafo, 🐝✡ OWASP IL ✡🐝 happy to invite you to our upcoming Meetup!🚀Join us for another AppSec community event and enjoy food, drinks, mingling, and great talks about security. The event will be hosted by Bright Security! =====================================================================Agenda:➡️ 18:00 - 18:30 - gathering and food - We will gather at Bright Security Offices for drinks, (read more)
    • Sep 5, 2023 (18:00): OWASP IL Meetup August 2023 - CTF!Cato Networks, Derech Menachem Begin 121 · Tel Aviv-Jaffa, 🐝✡ OWASP IL ✡🐝 are excited to invite you to our upcoming CTF event! Welcoming you to join the local community to meet with like-minded people from different corners of the AppSec domain. The event will be hosted by Cato Networks in collaboration with Secure Code Warrior. With the great assistance of the former, this event will include beverages, food treats, free LinkedIn Professional ph (read more)
    • May 16, 2023 (08:30): AppSec IL 2023Expo Tel Aviv, 101 Rokach Boulevard, · Tel Aviv, Dear community use this code for 25% discount **[www.eventbrite.com/e/[masked]/?discount=AppSecIL2023_owaspil_meetup](www.eventbrite.com/e/[masked]/?discount=AppSecIL2023_owaspil_meetup)** Hi all, We are just days away from AppSecIL and you can still sign-up for the free workshops and get a 25% or more discount on the conference day ticket price! On Tuesday we will have 3 tracks of FREE workshops (read more)
    • Jan 10, 2023 (18:00): OWASP IL Meetup January 2023JFrog, Derech Menachem Begin 156 · Tel Aviv-Jaffa, HCxx✡ OWASP IL ✡ is happy to invite you to our new year Meetup!🚀Join us for another AppSec community event and enjoy food, drinks, mingling, and great talks about security. The event will be hosted and sponsored by JFrog🐸!We will also have a raffle for a pair of 2nd Generation Airpods Pro for all of the attendees! ===================================================================== Agen (read more)
    • Nov 14, 2022 (18:00): 2022 OWASP Global AppSec San FranciscoHyatt Regency San Francisco, 5 Embarcadero Ctr · San Francisco, CAGlobal AppSec San Francisco returns November 14-18. Designed for private and public sector infosec professionals, the two-day OWASP conferences equip developers, defenders, and advocates to build a more secure web. We offer educational 1-day, 2-day, and 3-day [training courses](https://sf.globalappsec.org/trainings/) on November 14-16. Join us for leading application security technologies, speaker (read more)
    See all past events on meetup.com

Hebrew Translations

The OWASP Top 10, 2013 version was translated to Hebrew!

It is now available for download.

The OWASP Risk Rating Methodology, part of the OWASP Testing Project, has been translated to Hebrew, and is available for download in PDF format. Much thanks to Tal Argoni from TriadSec.

Additional Resources


If you have anything else on your mind, please speak up! Contact Avi Douglen with any ideas you have.

Name Date Location Attendance
AppSec Israel 2017 October 17-18, 2017 College of Management more than 800 attendees!
Use the AppSec Israel 2017 website to download presentations and videos
AppSec Israel 2016 September 19th 2016 College of Management more than 650 attendees!
Use the presentations info page to download presentations and videos
AppSec Israel 2015 October 13th, 2015 College of Management over 550 participants!
Use the presentations info page to download presentations
AppSec Israel 2014 September 2nd, 2014 IDC over 450 participants!
Use the presentations info page to download presentations
OWASP Israel 2013 October 1st, 2013 480 participants!
Use the presentations info page to download presentations
OWASP Israel 2012 conference Sep 5th, 2012 IDC
OWASP Israel 2011 Conference Sep 15th, 2011 IDC in Herzeliya 350 attendees
OWASP Israel 2010 Conference Sep 6th, 2010 IDC in Herzliya 150 attendees
OWASP Israel 2009 Sunday, September 6th 2009 Interdisciplinary Center Herzliya
You can find the agenda and uploaded presentations here
The OWASP Israel 2008 conference at the Interdisciplinary Center Herzliya (IDC) September 14th, 2008 Interdisciplinary Center Herzliya 250 attendees
OWASP Israel at the IDC Security Road Show June 3rd, 2008
OWASP sponsored the IDC Security Road Show event in Israel. Thanks for Iris Lev-Ari and Tomer Teller for the help in the OWASP booth.
OWASP Israel 2007 conference at the Interdisciplinary Center Herzliya (IDC) Dec 3rd 2007 Interdisciplinary Center (IDC) Herzliya
The 1st official OWASP conference in Israel, was held on Dec 3rd 2007 at the Interdisciplinary Center (IDC) Herzliya.

The conference really set itself as an event you must come to if you have anything to do with application security. pictures from the conference

Name Date Location Attendance
OWASP Israel June 2017 June 20th, 2017 Intuit Israel, HaHarash St. 4, Hod Hasharon
OWASP Israel April 2017 April 3rd, 2017 Checkmarx's offices, in the Amot Atrium Tower, 2 Jabotinsky St., Ramat Gan 75 people
OWASP Israel January 2017 January 18th, 2017 Radware’s Tel Aviv offices, at Raul Wallenberg 22, Ramat HaChayal 120 people
OWASP Israel June 2016 June 14, 2016 Amdocs Auditorium in Raanana
OWASP Israel April 2016 April 12, 2016 HP Enterprise in Yehud 150 participants
OWASP Israel February 2016 February 2, 2016 F5 Networks in Tel Aviv
OWASP Israel June 2015 June 16, 2015 Microsoft in Herzeliya 120 participants
OWASP Israel March 2015 March 30, 2015 NCR in Raanana 120 participants
OWASP Israel June 2014 June 16, 2014 F5 Networks in Tel Aviv 110 participants
OWASP Israel April 2014 April 23, 2014 Akamai in Herzliya Pituach 100 participants
OWASP Israel January 2014 January 14th, 2014 Amdocs in Ra'anana 120 participants
OWASP Israel May 2013 May 28th, 2013 RSA 80 participants
OWASP Israel February 2013 February 12th, 2013 E&Y
Hebrew version
OWASP Israel Jun-2010 Jun 22nd, 2010 IBM/Watchfire in Herzliya
OWASP Israel Feb-2010 Feb 9th, 2010 Amdocs in Ra'anana 70 attendees
OWASP Israel Jan-2010 Jan 12th, 2010 Breach Security in Herzliya 60 attendees
OWASP Israel Dec-2009 Dec 2009 IBM/Watchfire in Herzliya
OWASP Israel May 2009 meeting May 7th, 2009 IBM in Park Azorim in Petach-Tikva
The presentations were:
  • Web-Based Man-in-the-Middle Attack, Adi Sharabani, IBM (more info)
  • Automation Attacks and Counter Measures, Ofer Shezaf, Xiom (presentation)
Full details in Hebrew
OWASP Israel March 2009 meeting March 26th, 2009 Tel-Aviv University 60 attendees
The presentations were:
  • Securing cellular web applications, Mikko Saario, Founder, OWASP Finland, Security Architect, Large Telecom Solution Provider (download)
  • Real world implementation of a PCI DSS compliance key management, Yaron Hakon, 2bsecure (download)
  • Detecting RFI attacks, Or Katz, Breach Security (download)
  • WAFEC 2.0 - Do WAFs deliver?, Ofer Shezaf, Xiom (download)
Full details in Hebrew
OWASP Israel January 2009 meeting January 28th, 2009 Checkpoint 100 people
The presentations were:
  • Improving Web Application Firewall testing for better deployment in production network, Gregory Fresnais from BreakingPoint, visiting us from France (download)
  • Web 2.0 Hacking, Nimrod Luria, Qrity (download)
  • Wiki Security, Ofer Shezaf, Xiom (download)

Chapter Sponsors

The OWASP Israel chapter's yearly activity is being supported by the generous sponsorship of the following companies:

OWASPIL Sponsors 2018.png