Difference between revisions of "OWASP Israel 2010 01"

From OWASP
Jump to: navigation, search
(Created page with 'The meeting will be held at 17:00 on Tuesday, Jan 12th, 2010. Location: Breach Security, 11 Bareket St., Herzliya (Sixth floor). == '''Agenda''' == == 17:00 - 17:20 : Gatheri…')
 
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Category:Israel]]
 
The meeting will be held at 17:00 on Tuesday, Jan 12th, 2010.
 
The meeting will be held at 17:00 on Tuesday, Jan 12th, 2010.
  
Line 16: Line 17:
  
 
As we approach a new decade, battle lines have been firmly drawn between organizations seeking to protect their most sensitive data and dangerous cyber-criminals intent on attacking that data. Join Noa Bar-Yosef for this informative talk in which she discusses the predictions for the five most important security trends to watch for in 2010.  
 
As we approach a new decade, battle lines have been firmly drawn between organizations seeking to protect their most sensitive data and dangerous cyber-criminals intent on attacking that data. Join Noa Bar-Yosef for this informative talk in which she discusses the predictions for the five most important security trends to watch for in 2010.  
 +
 +
([[Media:OWASP_IL_2010_Jan_-_Noa_Bar_Yosef_-_2010_Trends.pptx|Download presentation]])
 +
  
 
== 18:10 - 18:40 : WAFs in the Cloud ==
 
== 18:10 - 18:40 : WAFs in the Cloud ==
'''Ofer Shezaf, Better Place
+
'''Ofer Shezaf, Better Place'''
'''
+
  
 
Like any other new concept, cloud computing presents challenges in many different areas. Since many cloud based applications are web based, Web Application Firewalls (WAFs) is a technology that we need to adapt to cloud computing. In the presentation we will discuss two aspects of integrating WAFs into cloud computing: on the one hand WAF as a service, and on the other hand how to protect a cloud based web service, with a cloud based WAF or without it. We shall examine the pros and cons of a cloud based WAF and look into existing WAF services such as Akamai and Art of Defense. We shall compare them to regular WAF solutions as well as to alternative methods for protecting cloud based services such as virtual WAF or a host based WAF.
 
Like any other new concept, cloud computing presents challenges in many different areas. Since many cloud based applications are web based, Web Application Firewalls (WAFs) is a technology that we need to adapt to cloud computing. In the presentation we will discuss two aspects of integrating WAFs into cloud computing: on the one hand WAF as a service, and on the other hand how to protect a cloud based web service, with a cloud based WAF or without it. We shall examine the pros and cons of a cloud based WAF and look into existing WAF services such as Akamai and Art of Defense. We shall compare them to regular WAF solutions as well as to alternative methods for protecting cloud based services such as virtual WAF or a host based WAF.
 +
 +
([[Media:OWASP_IL_Ofer_Shezaf_-_WAFs_in_the_Clouds.pptx|Download presentation]])
  
 
== 18:40 - 19:00 : Advanced Heap Spraying Techniques ==
 
== 18:40 - 19:00 : Advanced Heap Spraying Techniques ==
Line 28: Line 33:
  
 
Heap Spraying is the de-facto method for executing arbitrary commands on web browsers and components (Java, Flash, etc). The known methods so far for Heap Spraying are using JavaScript, Flash, Java and .NET DLL memory techniques. In this presentation Moshe Ben Abu  will present new methods & techniques for Heap Spraying developed by him, such as using bitmap files, Silverlight and more.
 
Heap Spraying is the de-facto method for executing arbitrary commands on web browsers and components (Java, Flash, etc). The known methods so far for Heap Spraying are using JavaScript, Flash, Java and .NET DLL memory techniques. In this presentation Moshe Ben Abu  will present new methods & techniques for Heap Spraying developed by him, such as using bitmap files, Silverlight and more.
 +
 +
([[Media:OWASL_IL_2010_Jan_-_Moshe_Ben_Abu_-_Advanced_Heapspray.pdf|Download presentation]])

Latest revision as of 12:03, 3 February 2010

The meeting will be held at 17:00 on Tuesday, Jan 12th, 2010.

Location: Breach Security, 11 Bareket St., Herzliya (Sixth floor).

Contents

Agenda

17:00 - 17:20 : Gathering, Mingling & Food

17:20 - 17:30 : Opening Notes

Ofer Maor, Hacktics

17:30 - 18:10 : Top 5 Security Trends for 2010

Noa Bar-Yosef, Imperva

As we approach a new decade, battle lines have been firmly drawn between organizations seeking to protect their most sensitive data and dangerous cyber-criminals intent on attacking that data. Join Noa Bar-Yosef for this informative talk in which she discusses the predictions for the five most important security trends to watch for in 2010.

(Download presentation)


18:10 - 18:40 : WAFs in the Cloud

Ofer Shezaf, Better Place

Like any other new concept, cloud computing presents challenges in many different areas. Since many cloud based applications are web based, Web Application Firewalls (WAFs) is a technology that we need to adapt to cloud computing. In the presentation we will discuss two aspects of integrating WAFs into cloud computing: on the one hand WAF as a service, and on the other hand how to protect a cloud based web service, with a cloud based WAF or without it. We shall examine the pros and cons of a cloud based WAF and look into existing WAF services such as Akamai and Art of Defense. We shall compare them to regular WAF solutions as well as to alternative methods for protecting cloud based services such as virtual WAF or a host based WAF.

(Download presentation)

18:40 - 19:00 : Advanced Heap Spraying Techniques

Moshe Ben Abu, Recognize Security

Heap Spraying is the de-facto method for executing arbitrary commands on web browsers and components (Java, Flash, etc). The known methods so far for Heap Spraying are using JavaScript, Flash, Java and .NET DLL memory techniques. In this presentation Moshe Ben Abu will present new methods & techniques for Heap Spraying developed by him, such as using bitmap files, Silverlight and more.

(Download presentation)