Category:Israel

For information in Hebrew refer to the OWASP Israel Hebrew page.

Israel

OWASP top 10 in Hebrew initiated
1st chapter, XSS is available for review. The information is available off site due to Hebrew support issues.

Upcoming meetings

 * May 2009 at IBM (Petach-Tikva), details below and in Hebrew at http://www.xiom.com/owasp-meeting-7-5-2009.
 * September 2009, OWASP Israel 2009, At the Interdisciplinary Center Herzliya.

Thursday, May 7th, 16:00-19:00 at IBM (Park Azorim, Em-Hamoshavot, 95 Em-Hamoshavot St. Petach-Tikva)
(Hebrew Version)

Web-Based Man-in-the-Middle Attack Adi Sharabani, IBM

We've all known for a long time that using a public wireless network is risky. We all think twice before logging into our bank account or accessing any kind of sensitive information. But what about simply reading the news on our favorite news site? In this presentation, we will show how using a public network can expose you to practically any web-related client-side security issue on any domain, no matter how careful you think you're being. These issues range from XSS on any domain, through CSRF, to leaking of browser data and more.

We will show how the currently known best practices, which are supposed to keep you from harm when reading a blog in the neighborhood coffee shop, may be overcome. We'll demonstrate how such best practices, like those listed in http://www.microsoft.com/protect/yourself/mobile/publicwireless.mspx, are only useful against what we call "passive" attacks, which are passively gathering data from the network. We will introduce a new type of attack coined "Active attacks", and see how they easily work around a careful user's attempt to browse responsibly in a public network. We will demonstrate how these attacks can steal information from past browsing activities. and how they can monitor your future browsing, inside the safety of your home and your organization's networks.

Automation Attacks and Counter Measures Ofer Shezaf, Xiom

Abuse of web applications using automated program is becoming a major threat to web sites. Some attacks such as brute force and denial of service are clearly illegal, while others fall in the grey area of the law but harm the business of the web site owner. Example of grey area automation attacks are robots that play online gambling or automatic participation in online tenders.

The presentation will show several interesting automation incident and discuss the cat and mouse game between attackers and site owners in which the later are creating new defenses while the former are making the attacks more sophisticated. Lastly we will present novel ideas as to how to make sites mitigate automation attacks better.

Surprise, Maybe An Israeli researcher is researching a vulnerability in a leading Web 2.0 site. If his research results would be positive and interesting, he will show them at the meeting.

All monthly meetings are between 4pm and 7pm. Program and detailed arrival instructions for each meeting would be published and sent to the list when ready. If you plan to come, please send an e-mail to ofer@shezaf.com.

If you would like to speak in OWASP Israel monthly meeting, let us know at ofer@shezaf.com

OWASP Israel 2009 Road map
As the economic atmosphere becomes unstable, the hacking economics flourish, which makes open source initiatives such as OWASP virtually the only option we have to try to win this battle. OWASP Israel goals for 2009 are:


 * A monthly meeting! We are looking for sponsors to host this meetings and presenters to speak in them.
 * Translating the OWASP top 10 to Hebrew.
 * Getting more Israelis to be involved in international OWASP projects.
 * The OWASP Israel conference 2009 around September.

If you have anything else on your mind, please speak up!

Previous OWASP Israel Conferences and Meetings

 * OWASP Israel March 2009 meeting was held at the Tel-Aviv University on March 26th, with approximately 60 attendees. The presentations were:
 * Securing cellular web applications, Mikko Saario, Founder, OWASP Finland, Security Architect, Large Telecom Solution Provider ([[Media:OWASP_Israel_-_March_2009_-_Mikko_Saario_-_Web_Application_Security_in_the_Mobile_World.pdf‎|download]])
 * Real world implementation of a PCI DSS compliance key management, Yaron Hakon, 2bsecure ([[Media:OWASP_Israel_-_March_2009_-_Yaron_Hakon_-_PCI_key_managment.pdf‎|download]])
 * Detecting RFI attacks, Or Katz, Breach Security ([[Media:OWASP_Israel_-_March_2009_-_Or_Katz_-_RFI_detection.pdf‎|download]])
 * WAFEC 2.0 - Do WAFs deliver?, Ofer Shezaf, Xiom ([[Media:OWASP_Israel_-_March_2009_-_Ofer_Shezaf_-_Why_WAFs_fail.pdf‎|download]])
 * Full details in Hebrew


 * OWASP Israel January 2009 meeting was held at Checkpoint on January 28th, with over a 100 people attending. The presentations were:
 * Improving Web Application Firewall testing for better deployment in production network, Gregory Fresnais from BreakingPoint, visiting us from France ([[Media:OWASP_Israel_2009_01_Gregory_Fresnais_Measuring_WAF_Performance.pdf‎|download]])
 * Web 2.0 Hacking, Nimrod Luria, Qrity ([[Media:OWASP_Israel_2009_01_Nimrod_Luria_Web_2.0_Security.pdf‎|download]])
 * Wiki Security, Ofer Shezaf, Xiom (download)
 * Full details in Hebrew


 * The OWASP Israel 2008 conference at the Interdisciplinary Center Herzliya (IDC) was held on September 14th with 250 attendees.


 * OWASP Israel at the IDC Security Road Show
 * OWASP sponsored the IDC Security Road Show event in Israel on June 3rd 2008. Thanks for Iris Lev-Ari and Tomer Teller for the help in the OWASP booth.


 * OWASP Israel 2007 conference at the Interdisciplinary Center Herzliya (IDC)
 * the 1st official OWASP conference in Israel, was held on Dec 3rd 2007 at the Interdisciplinary Center (IDC) Herzliya. The conference really set itself as an event you must come to if you have anything to do with application security. [ pictures from the conference


 * 8th OWASP IL chapter meeting
 * The meeting was held at Watchfire on Septemner 5th 2007. Watchfire also sponsored the meeting. The meeting was part of OWASP week, a Worldwide OWASP one week of conferences on privacy in the 21st Century which is in turn OWASP contribution to the Global Security Week.


 * 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya, May 21th 2007
 * [[Image:OWASP_IL_IDC.jpg|right]]The event was a huge success with nearly 200 people attending and 8 companies and organizations sponsoring the event (Breach Security, Checkpoint, Hacktics, Microsoft, Zend, 2Bsecure, F5 Networks and the Efi Arazi school of Computer Science at the IDC). [ pictures from the conference ]


 * 6th OWASP IL chapter meeting
 * The meeting was held at Breach Security on January 24th 2007 and was sponsored by Breach Security. Nearly 50 people attended the meeting.


 * OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya, November 13th 2006
 * OWASP IL and the Interdisciplinary Center Herzliya (IDC) held a half day conference on application security on Nov 13th 2006. The event marked the establishment of a new academic program on information security in the net era at IDC's Efi Arazi School of Computer Science. More than 90! people attended the conference, enjoyed professional catering and heard no less than 7 presentations. The meeting was sponsored by Breach Security and Applicure.

The meeting was help at Breach Security on July 26th 2005 and was sponsored by Breach Security.
 * 4th OWASP IL chapter meeting