Difference between revisions of "OWASP Israel 2011 01"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
[[Category:Israel]]
+
The meeting will be held in Tuesday, January 11th, 2011.  
The meeting will be held in Tuesday, January 11th, 2011.
+
  
Location: Imperva, Hayovel Building (Kiryat HaMemshala), 125 Menachem Begin, Tel Aviv - 27th Floor.
+
Location: Imperva, Hayovel Building (Kiryat HaMemshala), 125 Menachem Begin, Tel Aviv - 27th Floor.  
  
Parking can be found in the building itself, in Azrieli center, or in one of the parking lots in Ha'Arbaa St. (cheaper, few minutes walking)
+
Parking can be found in the building itself, in Azrieli center, or in one of the parking lots in Ha'Arbaa St. (cheaper, few minutes walking)  
  
 
Detailed instructions and a map are available at the bottom of the document.  
 
Detailed instructions and a map are available at the bottom of the document.  
Line 12: Line 11:
 
'''PLEASE NOTE: YOU MUST CONFIRM YOUR ARRIVAL IN ADVANCE'''<br>
 
'''PLEASE NOTE: YOU MUST CONFIRM YOUR ARRIVAL IN ADVANCE'''<br>
  
The guard at the entrance will have a list of everybody who confirmed.<BR>
+
The guard at the entrance will have a list of everybody who confirmed.<br>Please confirm your arrival by email to ofer.maor@owasp.org. <br>
Please confirm your arrival by email to ofer.maor@owasp.org. <BR>
+
  
<br>  
+
<br>
  
 
== '''Agenda'''  ==
 
== '''Agenda'''  ==
Line 25: Line 23:
 
'''Ofer Maor, Chairman, OWASP Israel'''  
 
'''Ofer Maor, Chairman, OWASP Israel'''  
  
== 17:40 - 18:00&nbsp;: How Vulnerable Are We? 3 Years Statistics ==
+
== 17:40 - 18:00&nbsp;: How Vulnerable Are We? 3 Years Statistics ==
  
 
'''Ofer Maor, Hacktics'''  
 
'''Ofer Maor, Hacktics'''  
Line 35: Line 33:
 
'''Amichai Shulman, Imperva'''  
 
'''Amichai Shulman, Imperva'''  
  
For the past year, Imperva's ADC has explored the cyber-crime industry utilizing research techniques such as hack-back, forum monitoring, and internet traffic surveillance. Join Amichai as he reveals the ADC's top ten security predictions for 2011. This presentation will also include data security best practices for security teams worldwide.
+
For the past year, Imperva's ADC has explored the cyber-crime industry utilizing research techniques such as hack-back, forum monitoring, and internet traffic surveillance. Join Amichai as he reveals the ADC's top ten security predictions for 2011. This presentation will also include data security best practices for security teams worldwide.  
  
 
== 18:45 - 19:00&nbsp;: Security @ StackExchange.com  ==
 
== 18:45 - 19:00&nbsp;: Security @ StackExchange.com  ==
Line 41: Line 39:
 
'''Avi Douglen'''  
 
'''Avi Douglen'''  
  
Based on the same engine as the very popular StackOverflow.com ... Security.StackExchange.com is a fantastic knowledge resource for all things security, privacy, risk, etc - both technical and not. In this short presentation Avi will present the forum and how it can help us.  
+
Based on the same engine as the very popular StackOverflow.com ... [http://Security.StackExchange.com Security.StackExchange.com] is a fantastic knowledge resource for all things security, privacy, risk, etc - both technical and not. In this short presentation Avi will present the forum and how it can help us.  
  
 
== 19:00 - 19:30&nbsp;: Universal HTTP Denial of Service  ==
 
== 19:00 - 19:30&nbsp;: Universal HTTP Denial of Service  ==
Line 47: Line 45:
 
'''Raviv Raz, Hybrid Security'''  
 
'''Raviv Raz, Hybrid Security'''  
  
Denial of service attacks against web applications have recently caught much of the media attention featuring WikiLeaks, the RIAA, Amazon, PayPal, Bank of America, MasterCard and Visa as high-profile victims. DoS is the means of modern guerrilla warfare waged by political protesters to cyber extortionists. The SlowLoris and R-U-Dead-Yet attack tools have brought firewall-evasive techniques, capable of crashing cross-platform web servers and applications, into the hands of anybody with a broadband Internet connection. As inherent flaws within the HTTP protocol, these attacks cannot be mitigated by traditional IPS/Firewall/WAF/Load Balancer/Reverse Proxy solutions.  
+
Denial of service attacks against web applications have recently caught much of the media attention featuring WikiLeaks, the RIAA, Amazon, PayPal, Bank of America, MasterCard and Visa as high-profile victims. DoS is the means of modern guerrilla warfare waged by political protesters to cyber extortionists. The SlowLoris and R-U-Dead-Yet attack tools have brought firewall-evasive techniques, capable of crashing cross-platform web servers and applications, into the hands of anybody with a broadband Internet connection. As inherent flaws within the HTTP protocol, these attacks cannot be mitigated by traditional IPS/Firewall/WAF/Load Balancer/Reverse Proxy solutions. We will chat about anatomy, exploitability and future research of layer-7 Denial-of-Service attacks.  
We will chat about anatomy, exploitability and future research of layer-7 Denial-of-Service attacks.
+
  
 
<br>
 
<br>
  
== '''Arrival Instructions''' ==
+
== '''Arrival Instructions''' ==
  
Imperva offices are located in Hayovel/Kiryat Hamemshala bldg., 125 Menachem Begin street, 27 floor. The building is right across the street from Azrieli towers, so one option is to park there and cross the street to enter our building.
+
Imperva offices are located in Hayovel/Kiryat Hamemshala bldg., 125 Menachem Begin street, 27 floor. The building is right across the street from Azrieli towers, so one option is to park there and cross the street to enter our building.  
  
Main office phone 03-6840101
+
Main office phone 03-6840101  
  
To reach the parking lot in our building (to be paid by the attendees), drive southward on Mencahem begin street, turn right to Hashmonaim street, take first right to Arenia street, and again first right to Arbaa street. Continue to the end of Arbaa street (street curves toward left) – the road ends with the entrance to our parking lot, with a sign outside saying “kiryat hamemshala”.
+
To reach the parking lot in our building (to be paid by the attendees), drive southward on Mencahem begin street, turn right to Hashmonaim street, take first right to Arenia street, and again first right to Arbaa street. Continue to the end of Arbaa street (street curves toward left) – the road ends with the entrance to our parking lot, with a sign outside saying “kiryat hamemshala”.  
  
Visitors parking at the building will go through security when entering the parking lot. They should take the elevator to E1, change to the elevator going to the 25 floor and change elevators again going to the 27 floor.
+
Visitors parking at the building will go through security when entering the parking lot. They should take the elevator to E1, change to the elevator going to the 25 floor and change elevators again going to the 27 floor.  
  
Visitors who are arriving to the building by foot should go through street level kiryat hamemshala security check and then take the left annex to Hayovel bldg., this is level E1, so they should take the elevator to the 25 floor and change elevators going to the 27 floor.
+
Visitors who are arriving to the building by foot should go through street level kiryat hamemshala security check and then take the left annex to Hayovel bldg., this is level E1, so they should take the elevator to the 25 floor and change elevators going to the 27 floor.  
  
 +
<br>
  
== Map ==
+
== Map ==
  
[[File:ImpervaArrival.png]]
+
[[Image:ImpervaArrival.png]]  
  
<b>
 
  
 
[[Category:Israel]]
 
[[Category:Israel]]

Latest revision as of 21:40, 13 January 2011

The meeting will be held in Tuesday, January 11th, 2011.

Location: Imperva, Hayovel Building (Kiryat HaMemshala), 125 Menachem Begin, Tel Aviv - 27th Floor.

Parking can be found in the building itself, in Azrieli center, or in one of the parking lots in Ha'Arbaa St. (cheaper, few minutes walking)

Detailed instructions and a map are available at the bottom of the document.


PLEASE NOTE: YOU MUST CONFIRM YOUR ARRIVAL IN ADVANCE

The guard at the entrance will have a list of everybody who confirmed.
Please confirm your arrival by email to ofer.maor@owasp.org.


Contents

Agenda

17:00 - 17:30 : Gathering, Mingling & Refreshments

17:30 - 17:40 : OWASP Israel 2011 Opening Notes

Ofer Maor, Chairman, OWASP Israel

17:40 - 18:00 : How Vulnerable Are We? 3 Years Statistics

Ofer Maor, Hacktics

We have finished gathering statistics of hundreds of application security assessments from the last 3 years, and have learned some interesting insights on the spread of various application vulnerabilities. In this talk we will present these statistics, and analyze their meaning and impact.

18:00 - 18:45 : Top 10 Data Security Trends for 2011

Amichai Shulman, Imperva

For the past year, Imperva's ADC has explored the cyber-crime industry utilizing research techniques such as hack-back, forum monitoring, and internet traffic surveillance. Join Amichai as he reveals the ADC's top ten security predictions for 2011. This presentation will also include data security best practices for security teams worldwide.

18:45 - 19:00 : Security @ StackExchange.com

Avi Douglen

Based on the same engine as the very popular StackOverflow.com ... Security.StackExchange.com is a fantastic knowledge resource for all things security, privacy, risk, etc - both technical and not. In this short presentation Avi will present the forum and how it can help us.

19:00 - 19:30 : Universal HTTP Denial of Service

Raviv Raz, Hybrid Security

Denial of service attacks against web applications have recently caught much of the media attention featuring WikiLeaks, the RIAA, Amazon, PayPal, Bank of America, MasterCard and Visa as high-profile victims. DoS is the means of modern guerrilla warfare waged by political protesters to cyber extortionists. The SlowLoris and R-U-Dead-Yet attack tools have brought firewall-evasive techniques, capable of crashing cross-platform web servers and applications, into the hands of anybody with a broadband Internet connection. As inherent flaws within the HTTP protocol, these attacks cannot be mitigated by traditional IPS/Firewall/WAF/Load Balancer/Reverse Proxy solutions. We will chat about anatomy, exploitability and future research of layer-7 Denial-of-Service attacks.


Arrival Instructions

Imperva offices are located in Hayovel/Kiryat Hamemshala bldg., 125 Menachem Begin street, 27 floor. The building is right across the street from Azrieli towers, so one option is to park there and cross the street to enter our building.

Main office phone 03-6840101

To reach the parking lot in our building (to be paid by the attendees), drive southward on Mencahem begin street, turn right to Hashmonaim street, take first right to Arenia street, and again first right to Arbaa street. Continue to the end of Arbaa street (street curves toward left) – the road ends with the entrance to our parking lot, with a sign outside saying “kiryat hamemshala”.

Visitors parking at the building will go through security when entering the parking lot. They should take the elevator to E1, change to the elevator going to the 25 floor and change elevators again going to the 27 floor.

Visitors who are arriving to the building by foot should go through street level kiryat hamemshala security check and then take the left annex to Hayovel bldg., this is level E1, so they should take the elevator to the 25 floor and change elevators going to the 27 floor.


Map

ImpervaArrival.png