1 / 8

Ofer Shezaf, CTO, Breach Security ofers@breach

The Interdisciplinary Center Herzliya , Dec 3rd 2007. Ofer Shezaf, CTO, Breach Security ofers@breach.com. Thanks!. To our Sponsors: To the Speakers And to these wonderful people: Dr. Anat Bremler-Bar, Our host today. Shay Shuker and Avi Aminov who helped organize things.

clodia
Download Presentation

Ofer Shezaf, CTO, Breach Security ofers@breach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Interdisciplinary Center Herzliya, Dec 3rd 2007 Ofer Shezaf, CTO, Breach Security ofers@breach.com

  2. Thanks! • To our Sponsors: • To the Speakers • And to these wonderful people: • Dr. Anat Bremler-Bar, Our host today. • Shay Shuker and Avi Aminov who helped organize things. • Bat-Sheva Shezaf who volunteered to be the photographer.

  3. What is OWASP? The Open Web Application Security Project • Non-profit, volunteer driven organization. • Activities: • Projects (~40 of them): • Publications: OWASP TOP 10, OWASP Guide, OWASP Testing Guide, CLASP • Testing and Training Software: WebGoat, WebScarab • Chapters (more that a 100 up from 80 six months ago) • Conferences (9, including this one!) • Membership: Not mandatory. A contribution. • But it helps to pay the bills.

  4. OWASP IL • One of the most successful chapters. • This is the 3 conference, with participation of hundreds. • Normal meetings get 50 to 60 people. • Next year we plan: • A full day two tracks annual conference in the fall. • Something different for spring (ideas?). • Quarterly meetings. • What else? • It depends very much on you, I will try to start…

  5. Announcing: OWASP IL Scholarships Program • Application security got a lot of attention from the industry and much less from the Academic world. We would like to push for more Academic research in this field. • The program calls for companies to provide grants for academic projects related to application security. • Program Guidance: • Dr. Anat Bremler-Bar will be the academic director of the program. • A steering committee would include representatives from other universities and the industry. • Program details: • Research projects submitted must be active projects, proposed by either the Academia or the industry. • The steering committee will review the proposals and select the appropriate ones. • Each project will submit a paper for following OWASP conference. • Each grant will be 5000 shekels, for any use, half at start and half on paper submission. • A more detailed program plan would be distributed shortly. • We are looking for universities and companies who would like to participate or sponsor the scholarship.

  6. Announcing: Computer for Every Student • Nothing to do with application security: • But takes advantage of the relationship between industry and Academia that we create. • And doing something for the community (and the environment) is always good. • We encourage companies to contribute computers phased out to students who need them: • Must be working computers. • Can be old. Just need to be able to run Office and be able to connect to the Internet. • Software and support will be handled by the University (which is the reason we focus on this segment). • We already started: • Breach Security is contributing computers to Tel-Hai Academic College.

  7. Cross Site Request Forgery, Ofer Shezaf, OWASP IL chapter leader, Breach Security • Defeating Web 2.0 Attacks without Recoding Applications, Amichai Shulman, CTO, Imperva • This talk was presented in OWASP 2007 in San Jose. • Hunting Down XSS Vulnerabilities, Erez Metula, Application Security Department Manager, 2Bsecure • 10 minutes about the National Information Security Forum, Avi Weissman, CEO, See-Security • How Dangerous Is It Out There? Dror Paz, Director of Professional Services, Breach Security • SOA security, Iris Levari, Amdocs • The PKI Lie - Attacking Certificate-Based Authentication, Ofer Maor, CTO, Hacktics • This talk was presented in OWASP 2007 in San Jose. • Harvesting Skype Super-Nodes, Omer Dekel, IDC • This talk is based on a research project done with Dr. Anat Bremler-Barr (IDC) & Prof. Hanoch Levy (ETH) • Smuggling SQL injection attacks, Avi Douglen, ComSec • This is a new research work presented for the first time in OWASP Israel 2007. The Program

More Related