Difference between revisions of "8th OWASP IL chapter meeting"

From OWASP
Jump to: navigation, search
(At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00)
 
(15 intermediate revisions by one user not shown)
Line 1: Line 1:
== At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00 ==
+
[[Category:Israel]]
 +
== At Watchfire, Herzliya, Wednesday, September 5th 2007, 16:45 ==
  
[[Image:OWASP_IL_global_security_week_logo.jpg|left|200px]]The next meeting of OWASP IL, The Israeli Chapter of OWASP, would be held at Watchfire offices in Herzelia on Wed, September 5th at 17:00. Watchfire will also sponsore the meeting. The meeting is part of OWASP Day, a Worldwide OWASP 1 day conferences on Privacy in the 21st Century which is in turn OWASP contribution to the [[http://www.globalsecurityweek.com/ Global Security Week]].
+
[[Image:OWASP_IL_global_security_week_logo.jpg|left|200px]][[Image:OWASP_IL_Sponsor_Watchfire.jpg‎|right]]
 +
The 8th meeting of OWASP IL, The Israeli Chapter of OWASP, was held at Watchfire offices in Herzliya on Wednesday, September 5th at 17:00. Watchfire also sponsored the event. The meeting was part of [http://www.owasp.org/index.php/OWASP_Week_September_2007 OWASP week], a worldwide OWASP week of conferences on Privacy in the 21st Century which is in turn OWASP contribution to the [http://www.globalsecurityweek.com/ Global Security Week].
  
The agenda of the meeting is:
 
  
 +
The agenda of the meeting was:
  
<big>'''17:00 – 17:15 Gathering and refreshments'''</big>  
+
<big>'''[[media:OWASP_IL_8_OWASP_Introduction.pdf|OWASP Updates]]'''</big>
  
  
<big>'''15:10 – 15:40 Straight from Blackhat: Dangling Poniters'''</big>
+
<big>'''[[media:OWASP_IL_8_Dangling_Pointer.pdf‎|Straight from Blackhat: Dangling Pointers]]'''</big>
  
[[Image:OWASP_IL_Sponsor_Watchfire.jpg‎|right]]Jonathan Afek, Senior Security Researcher, Watchfire
+
Jonathan Afek, Senior Security Researcher, [http://www.watchfire.com Watchfire]
  
Jonthan will bring to us his acclaimed BlackHat presentation. Danglig pointers are a common programming error, but even OWASP assumes that this can lead only to crashes and therefore only to denaial of service attacks (see [[http://www.owasp.org/index.php/Using_freed_memory OWASP vulnerability guide]]. The research team at Watchfire proved that danging pointers can be exploited to take control of the vulnerable system, elivating the severity of dangling pointers.
+
Jonthan will bring to us his acclaimed Blackhat presentation. Dangling pointers are a common programming error, but even OWASP experts assumed, until now, that exploiting this vulnerability can lead only to crashes and therefore only to denial of service attacks (see [http://www.owasp.org/index.php/Using_freed_memory OWASP vulnerability guide]). The research team at Watchfire proved that dangling pointers can be exploited to take control of a vulnerable system, elevating the severity of dangling pointers.
  
The presentation will explain the vulnerabity and demonstrate a real exploit of the vulnerability using vulnerability in IIS as an example.
+
The presentation will explain the vulnerability and demonstrate a real exploit of the vulnerability using IIS as an example.
  
  
<big>'''15:10 – 15:40 Evasive Crimeware attacks, Business drivers, and Proposed Defense'''</big>
 
  
Iftach Amit, Director Security Research, Finjan
+
<big>'''[[media:OWASP_IL_8_Evasive_Crimeware_attacks_Business_drivers_and_Proposed.pdf‎|Evasive Crimeware attacks, Business drivers, and Proposed Defense]]'''</big>
  
Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly succesful client based web attack vectors and the community that creates tham. In the presentation Iftach will explore advanced browser based attack vectors beyond your day to day XSS.
+
Iftach Amit, Director Security Research, [http://www.finjan.com Finjan]
 +
 
 +
Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly successful web attacks focusing on client abuse and malware installation and the community that creates them. In the presentation Iftach will share with us his research findings.
  
 
The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.
 
The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.
 +
 +
 +
<big>'''[[media:OWASP_IL_8_JavaScript_Agent_Injection.pdf‎|JavaScript Agent Injection as a solution for client side browser vulnerabilities]]'''</big>
 +
 +
Ofer Shezaf, OWASP IL Leader; CTO, Breach Security, [http://www.breach.com Breach Security]
 +
 +
As we have seen in Iftach's presentation, clients are not very secure. While we, as web site owners, may not be directly responsible, this situation is just as much a problem for us: law might hold us responsible and the conquered and potentially trusted client may pose a risk to our web site. Good examples of problems which blurs the lines between client and server are the [http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/ Universal PDF XSS] and [http://en.wikipedia.org/wiki/Cross-site_request_forgery Cross Site Request Forgery].
 +
 +
Content Injection is a method proposed by Ivan Ristic, the creator of [http://www.modsecurity.org ModSecurity] to enable a Web Application Firewall to protect against this family of problems. The presentation will explain this novel method and build on it to offer some practical recipes for protection against client side problems.

Latest revision as of 10:19, 15 December 2008

At Watchfire, Herzliya, Wednesday, September 5th 2007, 16:45

OWASP IL global security week logo.jpg
OWASP IL Sponsor Watchfire.jpg

The 8th meeting of OWASP IL, The Israeli Chapter of OWASP, was held at Watchfire offices in Herzliya on Wednesday, September 5th at 17:00. Watchfire also sponsored the event. The meeting was part of OWASP week, a worldwide OWASP week of conferences on Privacy in the 21st Century which is in turn OWASP contribution to the Global Security Week.


The agenda of the meeting was:

OWASP Updates


Straight from Blackhat: Dangling Pointers

Jonathan Afek, Senior Security Researcher, Watchfire

Jonthan will bring to us his acclaimed Blackhat presentation. Dangling pointers are a common programming error, but even OWASP experts assumed, until now, that exploiting this vulnerability can lead only to crashes and therefore only to denial of service attacks (see OWASP vulnerability guide). The research team at Watchfire proved that dangling pointers can be exploited to take control of a vulnerable system, elevating the severity of dangling pointers.

The presentation will explain the vulnerability and demonstrate a real exploit of the vulnerability using IIS as an example.


Evasive Crimeware attacks, Business drivers, and Proposed Defense

Iftach Amit, Director Security Research, Finjan

Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly successful web attacks focusing on client abuse and malware installation and the community that creates them. In the presentation Iftach will share with us his research findings.

The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.


JavaScript Agent Injection as a solution for client side browser vulnerabilities

Ofer Shezaf, OWASP IL Leader; CTO, Breach Security, Breach Security

As we have seen in Iftach's presentation, clients are not very secure. While we, as web site owners, may not be directly responsible, this situation is just as much a problem for us: law might hold us responsible and the conquered and potentially trusted client may pose a risk to our web site. Good examples of problems which blurs the lines between client and server are the Universal PDF XSS and Cross Site Request Forgery.

Content Injection is a method proposed by Ivan Ristic, the creator of ModSecurity to enable a Web Application Firewall to protect against this family of problems. The presentation will explain this novel method and build on it to offer some practical recipes for protection against client side problems.