Difference between revisions of "8th OWASP IL chapter meeting"

From OWASP
Jump to: navigation, search
(At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00)
(At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00)
Line 14: Line 14:
 
Jonathan Afek, Senior Security Researcher, Watchfire
 
Jonathan Afek, Senior Security Researcher, Watchfire
  
This is the presentation material as I presented it in BlackHat. Some changes will be applied according to the time frame we can get for the presentation and it will be less technical.
+
Jonthan will bring to us his acclaimed BlackHat presentation. Danglig pointers are a common programming error, but even OWASP assumes that this can lead only to crashes and therefore only to denaial of service attacks (see [[http://www.owasp.org/index.php/Using_freed_memory OWASP vulnerability guide]]. The research team at Watchfire proved that danging pointers can be exploited to take control of the vulnerable system, elivating the severity of dangling pointers.
This subject is a general security problem for applications that are developed with native-code (non managed) object oriented languages like C++ and applies to web applications that are developed with these languages too. The specific demonstrated issue was found within the IIS 5.1 web server.
+
 
 +
The presentation will explain the vulnerabity and demonstrate a real exploit of the vulnerability using vulnerability in IIS as an example.
  
  

Revision as of 02:15, 20 August 2007

At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00

OWASP IL Sponsor Watchfire.jpg
The next meeting of OWASP IL, The Israeli Chapter of OWASP, would be held at Watchfire offices in Herzelia on Wed, September 5th at 17:00. Watchfire will also sponsore the meeting.

The meeting is part of OWASP Day, a Worldwide OWASP 1 day conferences on Privacy in the 21st Century which is in turn OWASP contribution to the [Global Security Week].

The agenda of the meeting is:

17:00 – 17:15 Gathering and refreshments


15:10 – 15:40 Straight from Blackhat: Dangling Poniters

Jonathan Afek, Senior Security Researcher, Watchfire

Jonthan will bring to us his acclaimed BlackHat presentation. Danglig pointers are a common programming error, but even OWASP assumes that this can lead only to crashes and therefore only to denaial of service attacks (see [OWASP vulnerability guide]. The research team at Watchfire proved that danging pointers can be exploited to take control of the vulnerable system, elivating the severity of dangling pointers.

The presentation will explain the vulnerabity and demonstrate a real exploit of the vulnerability using vulnerability in IIS as an example.


15:10 – 15:40 Evasive Crimeware attacks, Business Risk, and Proposed Defense

Iftach Amit, Director Security Research, Finjan

The presentation will explore the “other side” of web security: the client side. As traditional web application security is starting to pay more attention to the client side, which became a major part of the web application security market (can you spell XSS without a client involved…), more and more attack vectors are re-targeting the browser as a way to get into the organization.

In the presentation we will understand the business risks that are imposed by browsing, explore some recent examples of these attacks with an eye-opening review of the attacker “community” and how it operates (technically and economically). To conclude, the technical aspects of these attacks will be examined in light of the security mechanisms currently available to counteract the attacks, and a short discussion on how to handle the more sophisticated attacks will conclude the presentation.