OWASP Israel February 2016

Our first meeting in 2016 for the Israel chapter of OWASP was on February 2, at 17:00, at F5 Networks' office in Tel Aviv (Kiryat Atidim, Building #8, 30th floor - parking in Building #6).

As always, attendance was free but required registration in advance. This time, we will be using Meetup for meeting registration. Please join (free) and RSVP here: http://www.meetup.com/OWASP-Israel/events/228211681/

Pictures from the event: https://www.facebook.com/groups/owasp.il/permalink/534495143394535/

Agenda:
 17:00 – 17:30    Gathering, food, and drinks (KOSHER)

 17:30 – 17:45     Introductions and Opening Notes 

 17:45 – 18:30      PyMultitor – Bypass restrictions based on IP counters like a Boss    Tomer Zait, F5  (watch video)‎

PyMultitor enables to perform multiple web requests from multiple IP addresses by using TOR network. Adding an ability of this sort to some of the most common attacks often makes them lethal and unstoppable.

Why? Is this limited to TOR? How can we stay safe?

Tomer will present several examples and discuss the reasons and correct precautions recommended.

 18:30 – 19:15      International Trade in Cybersecurity Products 

 Eli Greenbaum, Yigal Arnon & Co.  ([[Media:OWASPIL-2016-02-02_International-Trade-in-Cybersecurity-Products_EliGreenbaum.pptx|download presentation]] | watch video)‎

Recent changes to international arrangements have the potential to significantly impact collaboration in security communities. “Dual-use” refers to technology that can be used for both civilian military goals. In order to limit the export of such “dual-use” technologies for military purposes, forty-one countries have joined together in the “Wassenaar Arrangement” – an international regime that guides member countries in imposing export restrictions on such technologies. Israel is not formally a member of the Wassenaar Arrangement, but Israel’s internal export control laws are regularly synchronized with the Wassenaar Arrangement. The Wassenaar Arrangement mostly affects international trade in physical weapons, but recent changes also aim to control the export of technology connection to “intrusion software” and “surveillance systems.” Unfortunately, the broad language used to implement these changes could adversely affect the sharing of legitimate security information and products across international borders. This talk will discuss the recent changes to the Wassenaar Arrangement and how the changes have been implemented in various countries, highlighting the problems for legitimate security research and cooperation and presenting strategies for managing the legal risk presented by this regime.

 19:15 – 19:30      Coffee break 

 19:30 – 20:15    Data flow analysis 

 Dani Liezrowice, ESL   ([[Media:OWASPIL-2016-02-02_Data-flow-analysis_DaniLiezrowice.pptx|download presentation]] | watch video)‎

Data flow analysis is used to collect run-time (dynamic) information about data in software while it is in a static state (Wögerer, 2005). Dani will show how to find real life examples of vulnerabilities this technique.