OWASP Israel June 2017
The 3rd meeting of the Israeli chapter of OWASP in 2017 was held on Tuesday, June 20th, at 17:00.
The meeting was hosted by Intuit Israel, HaHarash St. 4, Hod Hasharon, Israel.
Attendance was free as always, here is the link to the Meetup event: https://www.meetup.com/OWASP-Israel/events/240224137/
Gathering, food, and drinks (KOSHER)
Introductions and Opening Notes
17:45 – Encrypting Data at Scale
Gleb Keselman, Intuit Data Protection Services
Intuit's internal key management service served, just over a month ago, to encrypt the tax and financial history of more than 30 million American citizens. Overall, this required 2 billion cryptographic operations to encrypt and decrypt application data.
Scaling a key management service requires a combination of system-level best practices along with novel cryptographic solutions. We will discuss how we are able to achieve a high level of security, combined with ease of use for developers and great performance.
18:30 – "... well then, we have an OWASP Top 10 opportunity"
Josh Grossman, Comsec Group
A couple of months ago the draft 2017 version of the OWASP Top 10 list was released and with it came some surprises and some controversy.
Whilst the Top 10 is very widely used, many people do not realise how it is actually produced and what it is based on. When I dug into the process behind it, the picture became even more concerning.
In this session, I will explain the basis of the latest Top 10 list, summarise the reaction to the recent release and give my take on what I think should be done next. I will also suggest how we can use the Top 10 list and other OWASP projects to give better application security advice and also how we can contribute back.
19:15 - Coffee Break
19:30 – Cloud Security for Startups - From A to E(xit)
Shahar Maor, Outbrain
Eitan Satmary, Wix
Founding a startup is a hard work. The daily roller coaster can exhaust you fast. And on top of that, you need to cope with information security challenges, compliance and tough questions from customers.
The Israeli chapter of the Cloud Security Alliance is helping the local startup community cope with those challenges. Over the last couple of years we have identified a gap in the InfoSec knowledge and produced a Best Practices manual, designed for startups that rely on Cloud infrastructure. This talk is a digest of a paper created by the Israeli Chapter of the CSA to help Software-as-a-Service startups (SaaS-SUs) gain and maintain client trust, by building solid security foundations.
Link to the paper: https://chapters.cloudsecurityalliance.org/israel/papers/