OWASP Israel 2013 02

Jump to: navigation, search

OWASP Israel Feb 2013 meeting was held on the 12/2/2013 Tuesday at the E&Y training center located in Meitav 6 st. Tel Aviv (see map below).

The meeting’s agenda was:

17:00 – 17:30 Gathering, Pizza & soft drinks.

17:30 – 17:45 Opening note.

17:45 – 18:30 An introduction to pythonect for security professionals - Itzik Kotler (download presentation)

Abstract: Pythonect is a new, free and open source dataflow programming language. It is an attempt to fuse the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python. Pythonect is perfect for rapidly prototyping and testing everything from reverse engineering tools to fuzzers and penetration testing scripts. This talk will introduce Pythonect, the automation gap it fills, and its features. Example scripts are included to showcase concepts and ideas

18:30 – 19:15 Web crime DOES pay - unless you get caught!! - Renana Friedlich (download presentation)

Abstract: But let us say you DID get caught!! - What if the crime was committed in Country A, the proxy is in Country B, and the target is in Country C?

  • Where is the jurisdiction authority?
  • What are the indictment procedures?
  • By which laws should you be judged?

Can SQL injection put you in jail? Can XSS? And CSRF? What actually constitutes a computer crime?

And let's not forget computer crime cooperation between countries:

  • What exists and what doesn't
  • What are your chances to be extradited?

Let's say you were indicted...

  • Did you know you can get up to life sentence for computer crime?
  • On the other hand... is it really so hard to get away clean?

This lecture will answer all these questions and will fill the gap between web oriented attacks to computer crimes .

19:15 – 19:30 coffee break.

19:30 – 20:15 WAFEC 2.0 panel - Moderator: Ofer Shezaf

(The panel did not have a presentation, you can learn more about WAFEC at the WAFEC web site])

The WASC/OWASP WAFEC Project, first released in 2006, is the de-facto standard for learning about and evaluating web application firewalls and is commonly used in WAF RFPs. The project team, which includes every WAF expert in the world (and if we missed you, you are welcomed to join), is working hard to complete version 2. As part the OWASP IL mini conference we will bring together some of the active participants in writing the upcoming version, all world experts on WAFs, to discuss the state of WAF technology, WAF industry and the challenges in creating an evaluation guide for WAFs. This will be and interactive session and will be driven by questions from me and from the audience. Feel free to pre-submit questions!

The WAFEC panel will include:

  • Amichai Shulman, CTO, Imperva
  • David Maman, CTO, GreenSQL
  • Ido Breger, Product Manager, Web Application Firewalls, F5
  • Nimrod Luria, CTO, Foresight
  • Ory Segal, Principal Product Architect, Cloud Security, Akamai
  • Shlomo Narkolayev, General Manager, Cyberdin