OWASP Israel 2013 02

After a short break, OWASP Israel meeting will be held on the 12/2/2013 Tuesday at the EY training center located in Meitav 6 st. Tel Aviv (see map below).

If you plan to come, please rsvp by sending an e-mail to rsvp@owasp.org.il

The meeting’s agenda will be: 17:00 – 17:30 Gathering, Pizza & soft drinks. 17:30 – 17:45 Opening note. 17:45 – 18:30 An introduction to pythonect for security professionals - Itzik Kotler

Abstract: Pythonect is a new, free and open source dataflow programming language. It is an attempt to fuse the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python. Pythonect is perfect for rapidly prototyping and testing everything from reverse engineering tools to fuzzers and penetration testing scripts. This talk will introduce Pythonect, the automation gap it fills, and its features. Example scripts are included to showcase concepts and ideas '''18:30 – 19:15 Web crime DOES pay - unless you get caught!! - Renana Friedlich'''

Abstract: But let us say you DID get caught!! - What if the crime was committed in Country A, the proxy is in Country B, and the target is in Country C? Can SQL injection put you in jail? Can XSS? And CSRF? What actually constitutes a computer crime? And let's not forget computer crime cooperation between countries: Let's say you were indicted... This lecture will answer all these questions and will fill the gap between web oriented attacks to computer crimes. 19:15 – 19:30 coffee break. '''19:30 – 20:15 WAFEC 2.0 panel - Moderator: Ofer Shezaf, Confirmed participants: Ido Breger, Amichai Shulman. ''' You are welcomed to suggest yourself for the panel
 * Where is the jurisdiction authority?
 * What are the indictment procedures?
 * By which laws should you be judged?
 * What exists and what doesn't
 * What are your chances to be extradited?
 * Did you know you can get up to life sentence for computer crime?
 * On the other hand... is it really so hard to get away clean?

The WASC/OWASP WAFEC Project, first released in 2006, is the de-facto standard for learning about and evaluating web application firewalls and is commonly used in WAF RFPs. The project team, which includes every WAF expert in the world (and if we missed you, you are welcomed to join), is working hard to complete version 2. As part the OWASP IL mini conference we will bring together some of the active participants in writing the upcoming version, all world experts on WAFs, to discuss the state of WAF technology, WAF industry and the challenges in creating an evaluation guide for WAFs. This will be and interactive session and will be driven by questions from me and from the audience. Feel free to pre-submit questions!

The WAFEC panel will include:
 * Amichai Shulman, CTO, Imperva
 * David Maman, CTO, GreenSQL
 * Ido Breger, Product Manager, Web Application Firewalls, F5
 * Nimrod Luria, CTO, Foresight
 * Ory Segal, Principal Product Architect, Cloud Security, Akamai
 * Shlomo Narkolayev, Information Security Consultant