Difference between revisions of "OWASP Israel 2008 Conference at the Interdisciplinary Center Herzliya (IDC)"

From OWASP
Jump to: navigation, search
(Agenda)
(Moved videos from Google Video to YouTube due to GV shutdown...)
 
(45 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
[[Category:Israel]]
 
{{Template:OWASP_IL_2008_Sponsors}}
 
{{Template:OWASP_IL_2008_Sponsors}}
  
== Time and Location ==
+
The OWASP Israel 2008 conference was held on September 14th at the Interdisciplinary Center Herzliya with 250 attendees. The agenda of the full day two track event can be found below.
 
+
The OWASP Israel 2008 conference will be held on September 14th at the Interdisciplinary Center Herzliya from 8:30 to 17:00. This time we are raising the bar and will be holding a full day '''two tracks''' event. The tracks would be split according by level: a beginners track and an experts track.
+
 
+
You can find the IDC on
+
[http://local.google.com/maps?f=q&hl=en&q=%D7%94%D7%9E%D7%A8%D7%9B%D7%96+%D7%94%D7%91%D7%99%D7%9F+%D7%AA%D7%97%D7%95%D7%9E%D7%99+%D7%94%D7%A8%D7%A6%D7%9C%D7%99%D7%94,+%D7%94%D7%A8%D7%A6%D7%9C%D7%99%D7%94,+Israel&sll=32.166567,34.812605&sspn=0.007974,0.019312&ie=UTF8&cd=1&geocode=FbD26gEdeo0TAg&ll=32.177047,34.835844&spn=0.007973,0.019312&z=16&iwloc=addr  Google map] or use the [http://portal.idc.ac.il/he/Main/about_idc/campus_tour/Pages/MapsDirections.aspx instructions] on the IDC web site. Signs at the Campus will lead you the conference halls.
+
 
+
== Registration ==
+
 
+
The conference is '''free and open to all''', but please register by sending an e-mail to me at ofer@shezaf.com. We need to know how many people will arrive in order to be prepared.
+
  
 
== Agenda ==
 
== Agenda ==
Line 17: Line 9:
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" width="68" height="15" align="right" valign="top" | 8:30-9:00
 
|style="color:#1F497D" width="68" height="15" align="right" valign="top" | 8:30-9:00
| width="291"  valign="top" | Gatheting and Socializing
+
| width="291"  valign="top" | Gathering and Socializing
 
| width="296"  valign="top" |  
 
| width="296"  valign="top" |  
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="15" align="right" valign="top" | 9:00-9:15
 
|style="color:#1F497D" height="15" align="right" valign="top" | 9:00-9:15
|  valign="top" | Openning wordS by Ofer Shezaf, OWASP Israel founder
+
|  valign="top" | Opening words by Ofer Shezaf, OWASP Israel founder ([ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Opening%20Words_chunk_1.wmv download video])
 
|  valign="top" |  
 
|  valign="top" |  
  
Line 38: Line 30:
 
|style="color:#1F497D" height="15" align="right" valign="top" |  
 
|style="color:#1F497D" height="15" align="right" valign="top" |  
 
|  valign="top" | Management Track
 
|  valign="top" | Management Track
|  valign="top" | Beginners Track
+
|  valign="top" | Fundamentals Track
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="45" align="right" valign="top" | 9:15-10:00
 
|style="color:#1F497D" height="45" align="right" valign="top" | 9:15-10:00
|  valign="top" | [[OWASP_Israel_2008_Conference_Amichai_Shulman|Web Application Security and Search Engines – Beyond Google Hacking]]<BR>Amichai Shulman, Imperva
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Amichai_Shulman|Web Application Security and Search Engines – Beyond Google Hacking]] ([[Media:OWASP_IL_2008_Amichai_Shulman_BeyondGoogleHackingn.ppt|ppt]], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Amichai%20Sholman_chunk_1.wmv video part 1], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Amichai%20Sholman_chunk_2.wmv video part 2])<BR>Amichai Shulman, Imperva
|  valign="top" | [[OWASP_Israel_2008_Conference_Maty_Siman|Application Security - The code analysis way<BR>MatY Siman, Checkmark]]
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Maty_Siman|Application Security - The code analysis way]] ([[Media:OWASP_IL_2008_Maty_Siman_Security_Code_Analysis.ppt‎|download ppt]])<BR>Maty Siman, Checkmark
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="45" align="right" valign="top" | 10:00-10:45
 
|style="color:#1F497D" height="45" align="right" valign="top" | 10:00-10:45
|  valign="top" | [[OWASP_Israel_2008_Conference_Ivan_Ristic|No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler Using Traffic Profiling]] <BR>Ivan Ristic, Breach Security
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Ivan_Ristic|No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler Using Traffic Profiling]] ([http://www.youtube.com/watch?v=TAAGN7Ac8Wk watch video], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Ivan%20Ristic_chunk_1.wmv download video])<BR>Ivan Ristic, Breach Security
|  valign="top" | [[OWASP_Israel_2008_Conference_Adi_Sharabani|Black Box vs. White Box - pros and cons]]<BR>Adi Sharabani & Yinnon Haviv, IBM
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Adi_Sharabani|Black Box vs. White Box - pros and cons]] ([[Media:OWASP_IL_2008_Sharabani_BlackBox_Vs_WhiteBox.ppt‎|download ppt]])<BR>Adi Sharabani & Yinnon Haviv, IBM
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="15" align="right" valign="top" | 10:45-11:00
 
|style="color:#1F497D" height="15" align="right" valign="top" | 10:45-11:00
|  valign="top" | Break
+
|  valign="top" colspan="2"| Break
|  valign="top" | &nbsp;
+
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="30" align="right" valign="top" | 11:00-11:45
 
|style="color:#1F497D" height="30" align="right" valign="top" | 11:00-11:45
|  valign="top" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008|Trends in Web Hacking: What's hot in 2008]] <BR>Ofer Shezaf, Breach Security
+
|  valign="top" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008|Trends in Web Hacking: What's hot in 2008]] ([[Media:AppSecEU2008-WHID.ppt|ppt]], [http://www.youtube.com/watch?v=Hl-JIxq0IrI watch video], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Ofer%20Shezaf%20Trends%202008_chunk_1.wmv download video]) <BR>Ofer Shezaf, Breach Security
|  valign="top" | [[OWASP_Israel_2008_Conference_Shai_Chen|Achilles’ heel – Hacking Through Java Protocols]]<BR>Shai Chen, Hacktics
+
|  valign="top" | [[OWASP_Israel_2008_Conference_David_Movshovitz|AJAX - new technologies new threats]] ([[Media:OWASP IL 2008 David Movshovitz AJAX.ppt|download ppt]])<BR>Dr. David Movshovitz, IDC
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="30" align="right" valign="top" | 11:45-12:30
 
|style="color:#1F497D" height="30" align="right" valign="top" | 11:45-12:30
|  valign="top" | [[OWASP_Israel_2008_Conference_Ofer_Maor|Testing the Tester – Measuring Quality of Security Testing]]<BR>Ofer Maor, Hacktics
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Ofer_Maor|Testin g the Tester – Measuring Quality of Security Testing]] ([[Media:OWASP_IL_2008_Ofer_Maor_Testing_The_Tester.ppt‎|ppt]], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Ofer%20Maor%20Testing%20The%20Tester_chunk_1.wmv download video])<BR>Ofer Maor, Hacktics
|  valign="top" | [[OWASP_Israel_2008_Conference_Yuli_Stremovsky|GreenSQL - an open source database security gateway]]<BR>Yuli Stremovsky  
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Yuli_Stremovsky|GreenSQL - an open source database security gateway]] ([[Media:OWASP_IL_2008_Yuli_Stremovsky.GreenSQL_Database_Firewall.ppt‎|download ppt]])<BR>Yuli Stremovsky  
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="15" align="right" valign="top" | 12:30-13:15
 
|style="color:#1F497D" height="15" align="right" valign="top" | 12:30-13:15
|  valign="top" | Lunch
+
|  valign="top" colspan="2"| Lunch
|  valign="top" | &nbsp;
+
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
Line 77: Line 67:
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="15" align="right" valign="top" | &nbsp;
 
|style="color:#1F497D" height="15" align="right" valign="top" | &nbsp;
|style="font-weight:bold"  valign="top" | Technology Track
+
|style="font-weight:bold"  valign="top" | Advanced Technology Track
|  valign="top" | &nbsp;
+
|style="font-weight:bold" valign="top" | Practical Technology Track
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="45" align="right" valign="top" | 13:15-14:00
 
|style="color:#1F497D" height="45" align="right" valign="top" | 13:15-14:00
|  valign="top" | Cryptographic elections - how to<BR>simultaneously achieve verifiability and privacy<BR>Dr. Alon Rosner, IDC
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Shai_Chen|Achilles’ heel – Hacking Through Java Protocols]] ([[Media:OWASP IL 2008 Shai Chen PT to Java Client Server Apps.ppt|ppt]], [http://www.youtube.com/watch?v=O2uOOiy8yxw watch video], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Shai%20Chen_chunk_1.wmv download video])<BR>Shai Chen, Hacktics
|  valign="top" | AJAX - new technologies new threats<BR>Dr. David Movshovitz, IDC
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Amir_Herzberg|Defending against Phishing without Client-side Code]] ([[Media:OWASP_IL_2008_Amir_Herzberg_Defending_against_Phishing_without_Client-side_Code.ppt|ppt]], [http://www.youtube.com/watch?v=vmzhWA6_Li4 watch video], [ftp://ftp.idc.ac.il/csvideos/OWASP%2008/Amir%20Herzberg.wmv download video]) <BR>Prof. Amir Herzberg, Bar-Ilan University
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="30" align="right" valign="top" | 14:00-14:45
 
|style="color:#1F497D" height="30" align="right" valign="top" | 14:00-14:45
|  valign="top" | [[OWASP_Israel_2008_Conference_Amir_Herzberg|Defending against Phishing without Client-side Code]]<BR>Prof. Amir Herzberg, Bar-Ilan University
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Alon_Rosen|Cryptographic elections - how to simultaneously achieve verifiability and privacy]] ([[Media:OWASP_IL_2008_Alon_Resen_eVoting.pdf‎|download pdf]])<BR>Dr. Alon Rosen, IDC
|  valign="top" | [[OWASP_Israel_2008_Conference_Erez_Metula|.NET Framework rootkits - backdoors inside your Framework <BR>Erez Metula, 2Bsecure]]
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Erez_Metula|.NET Framework rootkits - backdoors inside your Framework]] ([[Media:OWASP IL 2008 Erez Metula .NET Rootkits.ppt|download ppt]])<BR>Erez Metula, 2Bsecure  
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="15" align="right" valign="top" | 14:45-15:00
 
|style="color:#1F497D" height="15" align="right" valign="top" | 14:45-15:00
|  valign="top" | Breach
+
|  valign="top" colspan="2"| Break
|  valign="top" | &nbsp;
+
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="45" align="right" valign="top" | 15:00-15:45
 
|style="color:#1F497D" height="45" align="right" valign="top" | 15:00-15:45
|  valign="top" | [[OWASP_Israel_2008_Conference_Ronen_Bachar|Automated Crawling & Security Analysis of Flash/Flex based Web Applications]]<BR>Ronen Bachar, IBM
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Ronen_Bachar|Automated Crawling & Security Analysis of Flash/Flex based Web Applications]] ([[Media:OWASP_IL_2008_Ronen_Bachar_RIA.ppt‎|download ppt]])<BR>Ronen Bachar, IBM
|  valign="top" | Rump Session
+
|  valign="top" | [[OWASP_Israel_2008_Conference_Ohad_Ben_Cohen|Korset: Code-based Intrusion Detection System for Linux]] ([[Media:OWASP_IL_2008_Ohad_Ben_Cohen_Korset.pdf|download pdf]])<BR>Ohad Ben-Cohen
  
 
|- style="font-size:11pt"
 
|- style="font-size:11pt"
 
|style="color:#1F497D" height="30" align="right" valign="top" | 15:45-16:30
 
|style="color:#1F497D" height="30" align="right" valign="top" | 15:45-16:30
|  valign="top" | Korset: Code-based Intrusion Detection System for Linux<BR>Ohad Ben-Cohen
+
|  valign="top" colspan="2" | Turbo talks (Rump Session), Currently scheduled presentations:  
| valign="top" | To be announced
+
* Yossi Oren, Automatic Patch-Based Exploit Generation (APEG) ([[Media:OWASP_IL_2008_Yossi_Oren_APEG.ppt|download ppt]])
 +
* Avi Weissman, Introduction to the Israeli Forum for Information Security (ISIF)
 +
* Robert Moskovitch, Detection of Unknown Malicious Code via Machine Learning ([[Media:UnknownMalcodeDetection_OWASP-IL-08.pdf|download pdf]])
 +
* Yaniv Miron, Comsec, UTF7 XSS ([[Media:OWASP_IL_2008_Yaniv_Miron_UTF7_XSS.ppt|download ppt]])
 +
* Shay Zalalichin & Avi Douglen, Comsec, Breaking CAPTCHA Myths ([[Media:2008-09-14_OWASP_Israel_2008.ppt‎|download ppt]])
  
 +
'''Closing Words, Ofer Shezaf'''
 
|}
 
|}
 
== Call for participation ==
 
 
Being a community event, we are staring a call for involvement, which means it is the time to speak up if you want to:
 
 
* [[OWASP_Israel_2008_Conference_Turbo_Talks|Turbo Talk (Rump) Session]] - a new feature in this conference, consisting of a series of 5-minute talks.
 
: The deadline for submissions for the rump session is '''Monday, September 8, 2008'''.
 
* [[OWASP IL Sponsorship|Call for sponsors]]
 
* Help in organizing
 
* Otherwise participate (plenty of time for that, but if you know you will come, speak up)
 
 
'''This is also a good time to raise other ideas you have regarding the conference'''. Many of you have been to previous conferences and have great ideas, so don't be shy and speak up.
 
 
== Agenda ==
 
 
The [[OWASP_IL_CFP|CFP]] is underway and the program would be published by mid August.
 
  
 
== The people behind the conference ==
 
== The people behind the conference ==
Line 146: Line 124:
  
 
* Dr. Anat Bremler-Barr (Interdisciplinary Center Herzliya)
 
* Dr. Anat Bremler-Barr (Interdisciplinary Center Herzliya)
* Daniel Kallner
+
* Neer Roggel, the technion
* Ofer Shezaf (Breach Security)
+
 
* Shay Shuker
 
* Shay Shuker
 +
* Ofer Shezaf (Breach Security)
  
  

Latest revision as of 08:22, 4 May 2011

Organizers:     OWASP_IL_Sponsors_IDC_New.JPG     OWASP_IL_Breach_Labs_Logo.jpg
Sponsors:     OWASP_IL_Sponsor_Checkpoint.gif     OWASP_IL_Sponsor_Comsec.gif     OWASP_IL_Sponsors_Imperva.png     OWASP_IL_Sponsor_GamaSec_Logo.jpg
    OWASP_IL_Sponsor_Logo_Checkmarx.jpg     OWASP_IL_Sponsor_Hacktics.jpg     OWASP_IL_Sponsors_Avent.jpg     OWASP_IL_Sponsors_IBM.jpg
Partners:     OWASP_IL_IDC_Logo.gif     OWASP_IL_LOGO_NISF.jpg     OWASP_IL_ISSA_Logo.gif

The OWASP Israel 2008 conference was held on September 14th at the Interdisciplinary Center Herzliya with 250 attendees. The agenda of the full day two track event can be found below.

Contents

Agenda

8:30-9:00 Gathering and Socializing  
9:00-9:15 Opening words by Ofer Shezaf, OWASP Israel founder (download video)  
     
  Room #1 Room #2
  Management Track Fundamentals Track
9:15-10:00 Web Application Security and Search Engines – Beyond Google Hacking (ppt, video part 1, video part 2)
Amichai Shulman, Imperva
Application Security - The code analysis way (download ppt)
Maty Siman, Checkmark
10:00-10:45 No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler Using Traffic Profiling (watch video, download video)
Ivan Ristic, Breach Security
Black Box vs. White Box - pros and cons (download ppt)
Adi Sharabani & Yinnon Haviv, IBM
10:45-11:00 Break
11:00-11:45 Trends in Web Hacking: What's hot in 2008 (ppt, watch video, download video)
Ofer Shezaf, Breach Security
AJAX - new technologies new threats (download ppt)
Dr. David Movshovitz, IDC
11:45-12:30 Testin g the Tester – Measuring Quality of Security Testing (ppt, download video)
Ofer Maor, Hacktics
GreenSQL - an open source database security gateway (download ppt)
Yuli Stremovsky
12:30-13:15 Lunch
     
  Advanced Technology Track Practical Technology Track
13:15-14:00 Achilles’ heel – Hacking Through Java Protocols (ppt, watch video, download video)
Shai Chen, Hacktics
Defending against Phishing without Client-side Code (ppt, watch video, download video)
Prof. Amir Herzberg, Bar-Ilan University
14:00-14:45 Cryptographic elections - how to simultaneously achieve verifiability and privacy (download pdf)
Dr. Alon Rosen, IDC
.NET Framework rootkits - backdoors inside your Framework (download ppt)
Erez Metula, 2Bsecure
14:45-15:00 Break
15:00-15:45 Automated Crawling & Security Analysis of Flash/Flex based Web Applications (download ppt)
Ronen Bachar, IBM
Korset: Code-based Intrusion Detection System for Linux (download pdf)
Ohad Ben-Cohen
15:45-16:30 Turbo talks (Rump Session), Currently scheduled presentations:
  • Yossi Oren, Automatic Patch-Based Exploit Generation (APEG) (download ppt)
  • Avi Weissman, Introduction to the Israeli Forum for Information Security (ISIF)
  • Robert Moskovitch, Detection of Unknown Malicious Code via Machine Learning (download pdf)
  • Yaniv Miron, Comsec, UTF7 XSS (download ppt)
  • Shay Zalalichin & Avi Douglen, Comsec, Breaking CAPTCHA Myths (download ppt)

Closing Words, Ofer Shezaf

The people behind the conference

OWASP Israel is made by the people who contribute their time and brain to its success. The following people are working to ensure that OWASP Israel 2008 is a success.

If you feel that you also can contribute or have interesting ideas regarding the conference, don't hesitate to contact me.

Steering Committee

The steering committee includes prominent individuals in the field of information security and help set the program for the conference:

  • Adi Sharabani (IBM)
  • Dr. David Movshovitz (Interdisciplinary Center Herzliya)
  • Ofer Maor (Hacktics)
  • Ofer Shezaf (Breach Security)
  • Ory Segal (IBM)
  • Shay Zalalichin (ComSec)
  • Yossi Oren (Proxy Software Systems)

Organization Committee

The organization committee is in charge of making this all happen:

  • Dr. Anat Bremler-Barr (Interdisciplinary Center Herzliya)
  • Neer Roggel, the technion
  • Shay Shuker
  • Ofer Shezaf (Breach Security)


~ Ofer Shezaf,Conference Chair
ofer@shezaf.com