Difference between revisions of "OWASP Israel 2013 02"

From OWASP
Jump to: navigation, search
Line 38: Line 38:
 
'''19:30 – 20:15 WAFEC 2.0 panel - Moderator: Ofer Shezaf, Confirmed participants: Ido Breger, Amichai Shulman. '''
 
'''19:30 – 20:15 WAFEC 2.0 panel - Moderator: Ofer Shezaf, Confirmed participants: Ido Breger, Amichai Shulman. '''
 
You are welcomed to suggest yourself for the panel
 
You are welcomed to suggest yourself for the panel
 +
 +
'''the Panel would be broadcasted, if you want to join and cannot attend physically, register [https://www3.gotomeeting.com/register/785518182 here]'''
  
 
The WASC/OWASP WAFEC Project, first released in 2006, is the de-facto standard for learning about and evaluating web application firewalls and is commonly used in WAF RFPs. The project team, which includes every WAF expert in the world (and if we missed you, you are welcomed to join), is working hard to complete version 2. As part the OWASP IL mini conference we will bring together some of the active participants in writing the upcoming version, all world experts on WAFs, to discuss the state of WAF technology, WAF industry and the challenges in creating an evaluation guide for WAFs. This will be and interactive session and will be driven by questions from me and from the audience. Feel free to pre-submit questions!
 
The WASC/OWASP WAFEC Project, first released in 2006, is the de-facto standard for learning about and evaluating web application firewalls and is commonly used in WAF RFPs. The project team, which includes every WAF expert in the world (and if we missed you, you are welcomed to join), is working hard to complete version 2. As part the OWASP IL mini conference we will bring together some of the active participants in writing the upcoming version, all world experts on WAFs, to discuss the state of WAF technology, WAF industry and the challenges in creating an evaluation guide for WAFs. This will be and interactive session and will be driven by questions from me and from the audience. Feel free to pre-submit questions!

Revision as of 12:32, 31 January 2013

After a short break, OWASP Israel meeting will be held on the 12/2/2013 Tuesday at the EY training center located in Meitav 6 st. Tel Aviv (see map below).

If you plan to come, please rsvp by sending an e-mail to rsvp@owasp.org.il. Additionally, the Panel would be broadcasted, if you want to join and cannot attend physically, register here

The meeting’s agenda will be:

17:00 – 17:30 Gathering, Pizza & soft drinks.

17:30 – 17:45 Opening note.

17:45 – 18:30 An introduction to pythonect for security professionals - Itzik Kotler

Abstract: Pythonect is a new, free and open source dataflow programming language. It is an attempt to fuse the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python. Pythonect is perfect for rapidly prototyping and testing everything from reverse engineering tools to fuzzers and penetration testing scripts. This talk will introduce Pythonect, the automation gap it fills, and its features. Example scripts are included to showcase concepts and ideas

18:30 – 19:15 Web crime DOES pay - unless you get caught!! - Renana Friedlich

Abstract: But let us say you DID get caught!! - What if the crime was committed in Country A, the proxy is in Country B, and the target is in Country C?

  • Where is the jurisdiction authority?
  • What are the indictment procedures?
  • By which laws should you be judged?

Can SQL injection put you in jail? Can XSS? And CSRF? What actually constitutes a computer crime?

And let's not forget computer crime cooperation between countries:

  • What exists and what doesn't
  • What are your chances to be extradited?

Let's say you were indicted...

  • Did you know you can get up to life sentence for computer crime?
  • On the other hand... is it really so hard to get away clean?

This lecture will answer all these questions and will fill the gap between web oriented attacks to computer crimes .


19:15 – 19:30 coffee break.

19:30 – 20:15 WAFEC 2.0 panel - Moderator: Ofer Shezaf, Confirmed participants: Ido Breger, Amichai Shulman. You are welcomed to suggest yourself for the panel

the Panel would be broadcasted, if you want to join and cannot attend physically, register here

The WASC/OWASP WAFEC Project, first released in 2006, is the de-facto standard for learning about and evaluating web application firewalls and is commonly used in WAF RFPs. The project team, which includes every WAF expert in the world (and if we missed you, you are welcomed to join), is working hard to complete version 2. As part the OWASP IL mini conference we will bring together some of the active participants in writing the upcoming version, all world experts on WAFs, to discuss the state of WAF technology, WAF industry and the challenges in creating an evaluation guide for WAFs. This will be and interactive session and will be driven by questions from me and from the audience. Feel free to pre-submit questions!

The WAFEC panel will include:

  • Amichai Shulman, CTO, Imperva
  • David Maman, CTO, GreenSQL
  • Ido Breger, Product Manager, Web Application Firewalls, F5
  • Nimrod Luria, CTO, Foresight
  • Ory Segal, Principal Product Architect, Cloud Security, Akamai
  • Shlomo Narkolayev, Information Security Consultant

map