OWASP Israel 2013 05

From OWASP
Jump to: navigation, search

The next meeting for the Israel chapter of OWASP will take place on May 28th, starting from 17:00.

The meeting will be held at the EMC Center of Excellence - ‎7 Hamada St., Herzliya. If you are planning on attending, please confirm your participation to rsvp@owasp.org.il even if it is not definite.

The meeting’s agenda will be:

17:00 – 17:30 Gathering, pizza, and drinks

17:30 – 17:45 Opening note

17:45 – 18:30 DoS Made Easy – Yaniv Simsolo (download presentation)‎

Modern systems rely on multiple layers and distributed architecture. Availability and redundancy considerations implemented in systems' architecture ought to prevent successful DOS attacks. However, common modern system' architecture incorporate several security key holes in many modern and cutting edge systems, enabling effortless and effective DOS attacks. The presentation will review some of this security key holes, and the DOS factors thereof.

18:30 – 19:15 Publishing Enterprise Web Applications on BYOD using a Granular Trust Model – Shachaf Levi, Intel (download presentation)

  • A web application gateway for mobile devices based on their trust level in a dynamic matter (and the web applications' requirement of being designed for mobile friendly UI)
  • A software-based one-time password (OTP) solution that requires no additional hardware and is customized two-factor authentication – creating a seamless authentication experience.
  • A single sign-on process that uses Kerberos protocol transition.
  • A new approach to information security dynamic and granular security controls based on trust calculation and web content that is exposed based on it.
  • A client that collects data, sends it to a broker that calculate the trust level of the device and location, and based on that, exposes specific web sites

19:15 – 19:30 Coffee break

19:30 – 20:15 Lessons and Impressions cyber attacks on Israel – Nimrod Luria

In the presentation I will review the existing issues in deploying and protecting web sites and why this cannot ensure availability and survivability. The presentation will include live demos of methods of securing web sites against today threats.