This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Israel June 2016

From OWASP
Revision as of 12:53, 9 June 2016 by Avi Douglen (talk | contribs) (Added agenda)

Jump to: navigation, search

Our next meeting for the Israel chapter of OWASP will take place on June 14, at 17:00, in the Amdocs Auditorium. The address is Hapnina 8, Ra'anana.

As always, attendance is free but registration is required Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/229662688/


Agenda:

17:00
Gathering, food, and drinks (KOSHER)


17:30
Introductions and Opening Notes


17:45 – Insiders – The Threat is Already Within
Sagie Dulce, Shiri Margel, Imperva

In recent years, we have witnessed a growing number of enterprises and government agencies suffer data breaches. While organizations are buffing up their security layers—which is important—most of the focus is on preventing direct threats that come from outside, while detecting threats from within is neglected.

In this talk we will present our research data. Our data shows that insider threats, whether attributed to malicious, negligent or compromised insider, go unnoticed by common security tools. In order to detect insider attacks we suggest a mixture of Behavior Analytics and Deception technology. These technologies were deployed in several production environments. We then collected data from these environments and discovered different forms of insider threats in each and every deployment. Our data suggests that organizations are already experiencing some form of insider attack which current security technology does not address.


18:30 – 1Password protects you, but who protects 1Password ?
Adi Ludmer, Perimiterx

1Password is one of the most popular Password managers in the world.

The most important quality for tools in this category is the level of trust that they provide us when we let them guard our most sensitive data.

In this talk we will explain (and demonstrate) several flaws in the design of 1Password’s architecture, that could potentially be exploited and put our sensitive data which is stored there at risk.

We will also explain several flaws which have already been disclosed, and give some recommendations for how to use Password managers in a safer way.


19:15 – Coffee break


19:30 – Proxy based assertion
Erez Kalman, Amdocs

Secure method of using a single proxy entry point to pass assertion data for user authentication and authorization using the headers to other systems.

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Israel_June_2016&oldid=217824"