Скачать презентацию OWASP Israel 2011 Conference Ofer Maor CTO Seeker Скачать презентацию OWASP Israel 2011 Conference Ofer Maor CTO Seeker

be162441b909df6845962ba9bb7af619.ppt

  • Количество слайдов: 19

OWASP Israel 2011 Conference Ofer Maor CTO, Seeker Security OWASP Israel Sep 2011 http: OWASP Israel 2011 Conference Ofer Maor CTO, Seeker Security OWASP Israel Sep 2011 http: //www. webappsec. org/ Chairman, OWASP Israel OWASP Global Membership Committee ofer. maor@owasp. org Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-Share. Alike 2. 5 License. To view this license, visit http: //creativecommons. org/licenses/by-sa/2. 5/ The OWASP Foundation http: //www. owasp. org/

OWASP Israel 2011 Conference <Why Are We Here? <Words from Dr. Anat Bremler Barr OWASP Israel 2011 Conference

Why Are We Here? <FREE FOOD AND DRINKS! <Largest App. Sec Event of the Why Are We Here?

OWASP Israel 2011 Conference Sponsors GOLD SILVER OWASP Israel – Sep 2010 4 OWASP Israel 2011 Conference Sponsors GOLD SILVER OWASP Israel – Sep 2010 4

OWASP World OWASP is a worldwide free and open community focused on improving the OWASP World OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501 c 3 not -for-profit charitable organization that ensures the ongoing availability and support for our work. OWASP Israel – Sep 2010

OWASP World 10 Years Birthday! OWASP Israel – Sep 2010 OWASP World 10 Years Birthday! OWASP Israel – Sep 2010

OWASP Worldwide Community OWASP Israel – Sep 2010 7 OWASP Worldwide Community OWASP Israel – Sep 2010 7

OWASP Community & Knowledge Base • 55 Corporate Members • 25 Academic Members • OWASP Community & Knowledge Base • 55 Corporate Members • 25 Academic Members • 2000 Individual Members • Thousands of Articles • Hundreds of Presentations • Hundreds of Mailing Lists • 4 Full Scale Conference • Dozens of Regional Events • Over 100 Projects! OWASP Israel – Sep 2010

OWASP Top 10 Critical Vulnerabilities - 2010 A 1: Injection A 5: Cross Site OWASP Top 10 Critical Vulnerabilities - 2010 A 1: Injection A 5: Cross Site Request Forgery (CSRF) A 2: Cross Site Scripting (XSS) A 3: Broken Authentication and Session Management A 4: Insecure Direct Object Reference A 6: Security Misconfiguration A 7: Failure to Restrict URL Access A 8: Unvalidated Redirects and Forwards A 9: Insecure Cryptographic Storage A 10: Insufficient Transport Layer Protection www. owasp. org/index. php/Category: OWASP_Top_Ten_Project OWASP Israel – Sep 2010 9

OWASP App. Sec Guides <Free and open source <Cheap printed copies <Covers all critical OWASP App. Sec Guides

Many Other Projects… <OWASP Top 10 <App. Sec Guides <Application Security Verification Standard <OWASP Many Other Projects…

About OWASP Israel <Local Israeli Chapter <Celebrates 5 Years (2006 Conference had 2 sponsors, About OWASP Israel

What do we Need? <HELP! (And a lot of it…) <Meetings 4 Hosting a What do we Need?

Today’s Agenda 08: 30 – 09: 00 – 09: 30 Registration, Gathering & Socializing Today’s Agenda 08: 30 – 09: 00 – 09: 30 Registration, Gathering & Socializing Opening Notes Ofer Maor, Chairman, OWASP Israel; Global Membership Committee, OWASP Keynote 09: 30 – 10: 10 Composite Applications Over Hybrid Clouds – Enterprise Security Challenges of the IT Supply Chain Dr. Ethan Hadar, Senior Vice President Corporate Technical Strategy, CA Track #1 10: 15 – 11: 00 Track #2 Finding Security in Misery of Others Temporal Session Race Conditions Amichai Shulman, CTO, Imperva Shay Chen, CTO, Hacktics ASC, E&Y 11: 00 – 11: 15 Coffee Break Building an Effective SDLC Program Case Study 12: 00 – 12: 45 Guy Bejerano, CSO, Liveperson Ofer Maor, CTO, Seeker Security 11: 15 – 12: 00 Space-Time Tradeoffs in Software-Based Deep Packet Inspection Yotam Harchol, IDC All Your Mobile Applications Are Belong to Us Itzik Kotler, CTO, Security Art Glass Box Testing – Thinking Inside the Box Omri Weisman, Manager, Security Research Group, IBM OWASP Israel – Sep 2010 14

Today’s Agenda 12: 45 – 13: 45 Lunch Break CMS And Other Giants – Today’s Agenda 12: 45 – 13: 45 Lunch Break CMS And Other Giants – 14: 30 – 15: 15 The Nightmare of App. Sec Avi Douglen, Independent Security Architect Irene Abezgauz, Product Manager, Seeker Security 13: 45 – 14: 30 Agile + SDL – Concepts & Misconceptions Nir Bregman, Senior Project Manager, HP Breaking Cryptography by Going Around It Erez Metula, Founder, App. Sec Labs 15: 15 – 15: 30 Advanced Techniques & Tools for Testing Binary Protocols Chilik Tamir, Security Architect, App. Sec Labs Coffee Break Security Testing of RESTful Services 16: 15 – 17: 00 – 17: 05 Ofer Shezaf, Head of App. Sec Research, HP Eyal Fingold, Senior Security Developer, HP 15: 30 – 16: 15 Hey, What’s your App doing on my (Smart)Phone? Shay Zalalyachin, CTO, Comsec Consulting The Bank Job II Adi Sharabani, Cross-Rational Security Strategy & Architecture, IBM End Notes Ofer Maor, Chairman, OWASP Israel; Global Membership Committee, OWASP Israel – Sep 2010 15

Feedback Forms <Please Fill the Feedback Forms. <Really, We Mean It… <Seriously… We Really Feedback Forms

OWASP Membership <What’s OWASP Membership? <Do I Need to Be a Member? <Why is OWASP Membership

Surprise!!! OWASP Israel – Sep 2010 18 Surprise!!! OWASP Israel – Sep 2010 18

Thank You! Questions? OWASP Israel – Sep 2010 19 Thank You! Questions? OWASP Israel – Sep 2010 19