This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Israel June 2016"
Avi Douglen (talk | contribs) (Created page with "Our next meeting for the Israel chapter of OWASP will take place on June 14, at 17:00, in the Amdocs Auditorium. The address is Hapnina 8, Ra'anana. As always, attendance i...") |
Avi Douglen (talk | contribs) (Added agenda) |
||
| Line 5: | Line 5: | ||
Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/229662688/ | Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/229662688/ | ||
| − | |||
| − | + | == Agenda: == | |
| + | |||
| − | + | ''' 17:00 <br/> ''' | |
| + | '''Gathering, food, and drinks (KOSHER)''' | ||
| − | |||
| − | + | ''' 17:30 <br/> ''' | |
| + | ''' Introductions and Opening Notes ''' | ||
| − | We | + | |
| + | ''' 17:45 – Insiders – The Threat is Already Within ''' <br/> | ||
| + | ''' Sagie Dulce, Shiri Margel, Imperva ''' <br/> | ||
| + | |||
| + | In recent years, we have witnessed a growing number of enterprises and government agencies suffer data breaches. While organizations are buffing up their security layers—which is important—most of the focus is on preventing direct threats that come from outside, while detecting threats from within is neglected. | ||
| + | |||
| + | In this talk we will present our research data. Our data shows that insider threats, whether attributed to malicious, negligent or compromised insider, go unnoticed by common security tools. In order to detect insider attacks we suggest a mixture of Behavior Analytics and Deception technology. These technologies were deployed in several production environments. We then collected data from these environments and discovered different forms of insider threats in each and every deployment. Our data suggests that organizations are already experiencing some form of insider attack which current security technology does not address. | ||
| + | |||
| + | |||
| + | ''' 18:30 – 1Password protects you, but who protects 1Password ? ''' <br/> | ||
| + | ''' Adi Ludmer, Perimiterx ''' <br/> | ||
| + | |||
| + | 1Password is one of the most popular Password managers in the world. | ||
| + | |||
| + | The most important quality for tools in this category is the level of trust that they provide us when we let them guard our most sensitive data. | ||
| + | |||
| + | In this talk we will explain (and demonstrate) several flaws in the design of 1Password’s architecture, that could potentially be exploited and put our sensitive data which is stored there at risk. | ||
| + | |||
| + | We will also explain several flaws which have already been disclosed, and give some recommendations for how to use Password managers in a safer way. | ||
| + | |||
| + | |||
| + | ''' 19:15 – Coffee break ''' <br/> | ||
| + | |||
| + | |||
| + | ''' 19:30 – Proxy based assertion ''' <br/> | ||
| + | ''' Erez Kalman, Amdocs ''' <br/> | ||
| + | |||
| + | Secure method of using a single proxy entry point to pass assertion data for user authentication and authorization using the headers to other systems. | ||
Revision as of 12:53, 9 June 2016
Our next meeting for the Israel chapter of OWASP will take place on June 14, at 17:00, in the Amdocs Auditorium. The address is Hapnina 8, Ra'anana.
As always, attendance is free but registration is required Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/229662688/
Agenda:
17:00
Gathering, food, and drinks (KOSHER)
17:30
Introductions and Opening Notes
17:45 – Insiders – The Threat is Already Within
Sagie Dulce, Shiri Margel, Imperva
In recent years, we have witnessed a growing number of enterprises and government agencies suffer data breaches. While organizations are buffing up their security layers—which is important—most of the focus is on preventing direct threats that come from outside, while detecting threats from within is neglected.
In this talk we will present our research data. Our data shows that insider threats, whether attributed to malicious, negligent or compromised insider, go unnoticed by common security tools. In order to detect insider attacks we suggest a mixture of Behavior Analytics and Deception technology. These technologies were deployed in several production environments. We then collected data from these environments and discovered different forms of insider threats in each and every deployment. Our data suggests that organizations are already experiencing some form of insider attack which current security technology does not address.
18:30 – 1Password protects you, but who protects 1Password ?
Adi Ludmer, Perimiterx
1Password is one of the most popular Password managers in the world.
The most important quality for tools in this category is the level of trust that they provide us when we let them guard our most sensitive data.
In this talk we will explain (and demonstrate) several flaws in the design of 1Password’s architecture, that could potentially be exploited and put our sensitive data which is stored there at risk.
We will also explain several flaws which have already been disclosed, and give some recommendations for how to use Password managers in a safer way.
19:15 – Coffee break
19:30 – Proxy based assertion
Erez Kalman, Amdocs
Secure method of using a single proxy entry point to pass assertion data for user authentication and authorization using the headers to other systems.
