8th OWASP IL chapter meeting

Revision as of 08:26, 20 August 2007 by Oshezaf (talk | contribs) (At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00)

Jump to: navigation, search

At Watchfire, Herzliya, Wednesday, September 5th 2007, 17:00

OWASP IL global security week logo.jpg
The next meeting of OWASP IL, The Israeli Chapter of OWASP, would be held at Watchfire offices in Herzliya on Wed, September 5th at 17:00. Watchfire will also sponsor the meeting. The meeting is part of OWASP Day, a Worldwide OWASP 1 day conferences on Privacy in the 21st Century which is in turn OWASP contribution to the [Global Security Week].

The agenda of the meeting is:

17:00 – 17:15 Gathering and refreshments

15:10 – 15:40 Straight from Blackhat: Dangling Pointers

Ofer Shezaf, OWASP IL leader; CTO, Breach Security

15:10 – 15:40 Straight from Blackhat: Dangling Pointers

OWASP IL Sponsor Watchfire.jpg
Jonathan Afek, Senior Security Researcher, Watchfire

Jonthan will bring to us his acclaimed Blackhat presentation. Dangling pointers are a common programming error, but even OWASP assumes that this can lead only to crashes and therefore only to denial of service attacks (see [OWASP vulnerability guide]. The research team at Watchfire proved that dangling pointers can be exploited to take control of the vulnerable system, elevating the severity of dangling pointers.

The presentation will explain the vulnerability and demonstrate a real exploit of the vulnerability using vulnerability in IIS as an example.

15:10 – 15:40 Evasive Crimeware attacks, Business drivers, and Proposed Defense

Iftach Amit, Director Security Research, Finjan

Any web based attack requires a business model in order to spread. As the director of research for Finjan, Iftach monitors the highly successful web attacks focusing on client abuse and malware installation and the community that creates them. In the presentation Iftach will share with us his research findings.

The presentation will cover the business drivers of client side attack vectors, explore recent examples of such attacks with an eye-opening review of the attacker community and its operation methods, and conclude with a technical discussion of the cat and mouse game between cutting edge solutions and ever advancing attack vectors.

15:10 – 15:40 Code Injection as a solution for client side browser vulnerabilities

Ofer Shezaf, OWASP IL Leader; CTO, Breach Security, Breach Security