OWASP Israel 2010 01

The meeting will be held at 17:00 on Tuesday, Jan 12th, 2010.

Location: Breach Security, 11 Bareket St., Herzliya (Sixth floor).

17:20 - 17:30 : Opening Notes
'''Ofer Maor, Hacktics '''

17:30 - 18:10 : Top 5 Security Trends for 2010
'''Noa Bar-Yosef, Imperva '''

As we approach a new decade, battle lines have been firmly drawn between organizations seeking to protect their most sensitive data and dangerous cyber-criminals intent on attacking that data. Join Noa Bar-Yosef for this informative talk in which she discusses the predictions for the five most important security trends to watch for in 2010.

18:10 - 18:40 : WAFs in the Cloud
Ofer Shezaf, Better Place

Like any other new concept, cloud computing presents challenges in many different areas. Since many cloud based applications are web based, Web Application Firewalls (WAFs) is a technology that we need to adapt to cloud computing. In the presentation we will discuss two aspects of integrating WAFs into cloud computing: on the one hand WAF as a service, and on the other hand how to protect a cloud based web service, with a cloud based WAF or without it. We shall examine the pros and cons of a cloud based WAF and look into existing WAF services such as Akamai and Art of Defense. We shall compare them to regular WAF solutions as well as to alternative methods for protecting cloud based services such as virtual WAF or a host based WAF.

([[Media:OWASP_IL_Ofer_Shezaf_-_WAFs_in_the_Clouds.pptx|Download presentation]])

18:40 - 19:00 : Advanced Heap Spraying Techniques
'''Moshe Ben Abu, Recognize Security '''

Heap Spraying is the de-facto method for executing arbitrary commands on web browsers and components (Java, Flash, etc). The known methods so far for Heap Spraying are using JavaScript, Flash, Java and .NET DLL memory techniques. In this presentation Moshe Ben Abu will present new methods & techniques for Heap Spraying developed by him, such as using bitmap files, Silverlight and more.