This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Israel March 2015"

From OWASP
Jump to: navigation, search
(Created page with "Our first meeting in 2015 for the Israel chapter of OWASP will take place on March 30, at 17:00. Attendance is free, but registration is required: https://owasp-israel-march...")
 
Line 1: Line 1:
Our first meeting in 2015 for the Israel chapter of OWASP will take place on March 30, at 17:00.  
+
Our first meeting in 2015 for the Israel chapter of OWASP took place on March 30, at 17:00, at NCR's office, in Raanana, 9 Dafna St.  
  
 
Attendance is free, but registration is required: https://owasp-israel-march-2015.eventbrite.com .
 
Attendance is free, but registration is required: https://owasp-israel-march-2015.eventbrite.com .
 
So far over 200 people have registered!   
 
So far over 200 people have registered!   
 
The meeting will be held at NCR's office, in Raanana, 9 Dafna St. 
 
  
  

Revision as of 09:44, 2 April 2015

Our first meeting in 2015 for the Israel chapter of OWASP took place on March 30, at 17:00, at NCR's office, in Raanana, 9 Dafna St.

Attendance is free, but registration is required: https://owasp-israel-march-2015.eventbrite.com . So far over 200 people have registered!


Agenda:

17:00 – 17:30
Gathering, food, and drinks (KOSHER)


17:30 – 17:40
Opening note


17:40 – 18:20
Collateral DDoS
Ido Leibovich, Imperva

Application Layer DDoS attacks are well known and well-studied for many years, with numerous attack vectors varying in their origin and in their methods, but sharing the basic objective to deprave the ability of the target application to serve its clients. In this session we will present a very unique DDoS attack that we stumbled upon when monitoring web traffic, whose targets are innocent applications, which seem to be chosen at random. We will show how DNS corruption operations allegedly made as part of the so-called “Great Firewall of China”, the well-known censorship system of Chinese authorities, with the peer-to-peer unmanaged nature of the BitTorrent ecosystem, result in massive and synchronized HTTP traffic targeted to arbitrary victim applications, and in highly effective DDoS attack on these applications. We will show how this attack looks like from the victim side, including the timeline and the volume of the attack traffic. We will also isolate the parts of the BitTorrent protocol that make it prone to become the ground for such attacks.


18:20 – 19:10
Transcending From Digital to Physical
Yaniv Simsolo, Palantir Security

The next generation of attacks aimed at the physical realm, can be attained using the digital realm. The origins of hacking were aimed at the physical, long since have been replaced with money gaining hacks, are back with us. Since the Moore’s Law is becoming invalid, hackers possess greater abilities than ever. Re-aiming the guns towards the physical realm is highly lucrative. We will discuss and demonstrate attack vectors on the digital realm aimed at the physical realm.


19:10 – 19:30
Coffee break


19:30 – 20:15
Shell over what ?! Naughty CDN manipulations
Roee Cnaan, Cipher Security

In this talk, Roee will introduce the unique concept of carrying malicious traffic over Content Distribution Networks and de-facto whitening and hiding it by using CDN native features.