This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Israel February 2016"
Avi Douglen (talk | contribs) (Created page with "Our first meeting in 2016 for the Israel chapter of OWASP is on February 2, at 17:00, at F5 Networks' office in Tel Aviv (Kiryat Atidim, Building #8, 30th floor - parking in B...") |
Avi Douglen (talk | contribs) (Added presentations and videos) |
||
| Line 1: | Line 1: | ||
| − | Our first meeting in 2016 for the Israel chapter of OWASP | + | Our first meeting in 2016 for the Israel chapter of OWASP was on February 2, at 17:00, at F5 Networks' office in Tel Aviv (Kiryat Atidim, Building #8, 30th floor - parking in Building #6). |
| − | As always, attendance | + | As always, attendance was free but required registration in advance. This time, we will be using Meetup for meeting registration. |
Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/228211681/ | Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/228211681/ | ||
| + | |||
| + | Pictures from the event: https://www.facebook.com/groups/owasp.il/permalink/534495143394535/ | ||
| Line 18: | Line 20: | ||
''' 17:45 – 18:30 <br/> ''' | ''' 17:45 – 18:30 <br/> ''' | ||
''' PyMultitor – Bypass restrictions based on IP counters like a Boss ''' <br/> | ''' PyMultitor – Bypass restrictions based on IP counters like a Boss ''' <br/> | ||
| − | ''' Tomer Zait, F5 ''' | + | ''' Tomer Zait, F5 ''' <br/> |
| + | ([https://www.youtube.com/watch?v=6xmrUktG-C8 watch video]) | ||
PyMultitor enables to perform multiple web requests from multiple IP addresses by using TOR network. Adding an ability of this sort to some of the most common attacks often makes them lethal and unstoppable. | PyMultitor enables to perform multiple web requests from multiple IP addresses by using TOR network. Adding an ability of this sort to some of the most common attacks often makes them lethal and unstoppable. | ||
| Line 29: | Line 32: | ||
''' 18:30 – 19:15 <br/> ''' | ''' 18:30 – 19:15 <br/> ''' | ||
''' International Trade in Cybersecurity Products ''' <br /> | ''' International Trade in Cybersecurity Products ''' <br /> | ||
| − | ''' Eli Greenbaum, Yigal Arnon & Co. ''' | + | ''' Eli Greenbaum, Yigal Arnon & Co. ''' <br/> |
| + | ([[Media:OWASPIL-2016-02-02_International-Trade-in-Cybersecurity-Products_EliGreenbaum.pptx|download presentation]] | [https://www.youtube.com/watch?v=RwMyFcxrdg8 watch video]) | ||
Recent changes to international arrangements have the potential to significantly impact collaboration in security communities. | Recent changes to international arrangements have the potential to significantly impact collaboration in security communities. | ||
| Line 44: | Line 48: | ||
''' 19:30 – 20:15 <br/> ''' | ''' 19:30 – 20:15 <br/> ''' | ||
''' Data flow analysis ''' <br /> | ''' Data flow analysis ''' <br /> | ||
| − | ''' Dani Liezrowice, ESL ''' | + | ''' Dani Liezrowice, ESL ''' <br/> |
| + | ([[Media:OWASPIL-2016-02-02_Data-flow-analysis_DaniLiezrowice.pptx|download presentation]] | [https://www.youtube.com/watch?v=_19jJ4JWtYU watch video]) | ||
Data flow analysis is used to collect run-time (dynamic) information about data in software while it is in a static state (Wögerer, 2005). Dani will show how to find real life examples of vulnerabilities this technique. | Data flow analysis is used to collect run-time (dynamic) information about data in software while it is in a static state (Wögerer, 2005). Dani will show how to find real life examples of vulnerabilities this technique. | ||
Revision as of 08:49, 9 February 2016
Our first meeting in 2016 for the Israel chapter of OWASP was on February 2, at 17:00, at F5 Networks' office in Tel Aviv (Kiryat Atidim, Building #8, 30th floor - parking in Building #6).
As always, attendance was free but required registration in advance. This time, we will be using Meetup for meeting registration. Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/228211681/
Pictures from the event: https://www.facebook.com/groups/owasp.il/permalink/534495143394535/
Agenda:
17:00 – 17:30
Gathering, food, and drinks (KOSHER)
17:30 – 17:45
Introductions and Opening Notes
17:45 – 18:30
PyMultitor – Bypass restrictions based on IP counters like a Boss
Tomer Zait, F5
(watch video)
PyMultitor enables to perform multiple web requests from multiple IP addresses by using TOR network. Adding an ability of this sort to some of the most common attacks often makes them lethal and unstoppable.
Why? Is this limited to TOR? How can we stay safe?
Tomer will present several examples and discuss the reasons and correct precautions recommended.
18:30 – 19:15
International Trade in Cybersecurity Products
Eli Greenbaum, Yigal Arnon & Co.
(download presentation | watch video)
Recent changes to international arrangements have the potential to significantly impact collaboration in security communities.
“Dual-use” refers to technology that can be used for both civilian military goals. In order to limit the export of such “dual-use” technologies for military purposes, forty-one countries have joined together in the “Wassenaar Arrangement” – an international regime that guides member countries in imposing export restrictions on such technologies. Israel is not formally a member of the Wassenaar Arrangement, but Israel’s internal export control laws are regularly synchronized with the Wassenaar Arrangement.
The Wassenaar Arrangement mostly affects international trade in physical weapons, but recent changes also aim to control the export of technology connection to “intrusion software” and “surveillance systems.” Unfortunately, the broad language used to implement these changes could adversely affect the sharing of legitimate security information and products across international borders. This talk will discuss the recent changes to the Wassenaar Arrangement and how the changes have been implemented in various countries, highlighting the problems for legitimate security research and cooperation and presenting strategies for managing the legal risk presented by this regime.
19:15 – 19:30
Coffee break
19:30 – 20:15
Data flow analysis
Dani Liezrowice, ESL
(download presentation | watch video)
Data flow analysis is used to collect run-time (dynamic) information about data in software while it is in a static state (Wögerer, 2005). Dani will show how to find real life examples of vulnerabilities this technique.
