8th OWASP IL chapter meeting
At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00Global Security Week].
The agenda of the meeting is:
17:00 – 17:15 Gathering and refreshments
15:10 – 15:40 Straight from Blackhat: Dangling Poniters
Jonthan will bring to us his acclaimed BlackHat presentation. Danglig pointers are a common programming error, but even OWASP assumes that this can lead only to crashes and therefore only to denaial of service attacks (see [OWASP vulnerability guide]. The research team at Watchfire proved that danging pointers can be exploited to take control of the vulnerable system, elivating the severity of dangling pointers.
The presentation will explain the vulnerabity and demonstrate a real exploit of the vulnerability using vulnerability in IIS as an example.
15:10 – 15:40 Evasive Crimeware attacks, Business drivers, and Proposed Defense
Iftach Amit, Director Security Research, Finjan
Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly succesful client based web attack vectors and the community that creates tham. In the presentation Iftach will explore advanced browser based attack vectors beyond your day to day XSS.
The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.