=20
Hi Everybody,
=20
Time of the 2nd meeting of OWASP IL! The Open Web Application Security
Project (OWASP) is an all-volunteer group that produces free,
professional-quality, open-source documentation, tools, and standards.
The OWASP community facilitates conferences, local chapters, articles,
papers, and message forums. It is most known for the OWASP guide and the
OWASP top 10, which are among the most important references regarding
applications security.=20
=20
The 2nd meeting of the Israeli OWASP chapter will be held on September
21st, 17:30, at Breach Security <http://www.breach.com/> offices, 11th
Bareket St. Herzliya. Participation is free and open to all, but please
inform us (mail me at ofers@...) that you are coming so that we
will be better prepared.
=20
Feel free to distribute this e-mail to others in your organization or
outside that you think may be interested in the meeting. You can also
register to the OWASP Israel mailing list at
http://lists.sourceforge.net/lists/listinfo/owasp-israel in order to
receive updates regarding chapter's meetings. For further details please
contact me.
=20
The meeting agenda will be:=20
17:30
Gathering, Socializing and Pizzas
17:50
Scripting with the Phishes - advanced Cross site scripting and phishing
attacks.
Ofer Maor, CTO hacktics <http://www.hacktics.com/> =20
=20
Cross site scripting (XSS) attacks are usually undervalued since the do
not affect the organization but rather its users. They are also
disregarded since many associate them with blogs, webmail services and
other socially oriented web applications and not with serious web sites.
New XSS attack techniques enable much deeper exploitation of XSS. One
such example is employing XSS to generate highly effective phishing
attacks.=20
Ofer will discuss those new XSS techniques, demonstrate them and discuss
ways to protect from them.
18:35
HTTP Request Smuggling
Amit Klein, Officer, Web Application Security Consortium
=20
Amit has published a research article regarding a new class of
application security vulnerabilities in HTTP called HTTP request
smuggling and would present the new technique in his lecture.
HTTP Request Smuggling works by taking advantage of the discrepancies in
parsing between devices which the HTTP request passes such as cache
servers, proxy servers, web application firewall and others. HTTP
Request Smuggling enables attacks such web cache poisoning, session
hijacking, cross-site scripting and most importantly and the ability to
bypass web application firewall protection.
19:15
Your feedback and Questions
=20
See you all!
~ Ofer
Ofer Shezaf
OWASP Israel Chair
http://www.owasp.org/local/israel.html
=20
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers@...
http://www.breach.com <http://www.breach.com/>=20
=20
|