Time of the 2nd meeting of OWASP IL! The Open Web Application Security
Project (OWASP) is an all-volunteer group that produces free,
professional-quality, open-source documentation, tools, and standards.
The OWASP community facilitates conferences, local chapters, articles,
papers, and message forums. It is most known for the OWASP guide and the
OWASP top 10, which are among the most important references regarding
The 2nd meeting of the Israeli OWASP chapter will be held on September
21st, 17:30, at Breach Security <http://www.breach.com/> offices, 11th
Bareket St. Herzliya. Participation is free and open to all, but please
inform us (mail me at ofers@...) that you are coming so that we
will be better prepared.
Feel free to distribute this e-mail to others in your organization or
outside that you think may be interested in the meeting. You can also
register to the OWASP Israel mailing list at
http://lists.sourceforge.net/lists/listinfo/owasp-israel in order to
receive updates regarding chapter's meetings. For further details please
The meeting agenda will be:=20
Gathering, Socializing and Pizzas
Scripting with the Phishes - advanced Cross site scripting and phishing
Ofer Maor, CTO hacktics <http://www.hacktics.com/> =20
Cross site scripting (XSS) attacks are usually undervalued since the do
not affect the organization but rather its users. They are also
disregarded since many associate them with blogs, webmail services and
other socially oriented web applications and not with serious web sites.
New XSS attack techniques enable much deeper exploitation of XSS. One
such example is employing XSS to generate highly effective phishing
Ofer will discuss those new XSS techniques, demonstrate them and discuss
ways to protect from them.
HTTP Request Smuggling
Amit Klein, Officer, Web Application Security Consortium
Amit has published a research article regarding a new class of
application security vulnerabilities in HTTP called HTTP request
smuggling and would present the new technique in his lecture.
HTTP Request Smuggling works by taking advantage of the discrepancies in
parsing between devices which the HTTP request passes such as cache
servers, proxy servers, web application firewall and others. HTTP
Request Smuggling enables attacks such web cache poisoning, session
hijacking, cross-site scripting and most importantly and the ability to
bypass web application firewall protection.
Your feedback and Questions
See you all!
OWASP Israel Chair
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119