OWASP Israel Q1 2016 Chapter Meeting

Agenda:

17:00 – Gathering, Food & drinks

17:30 – Opening Note

17:45 – PyMultitor – Bypass restrictions based on IP counters like a Boss

Tomer Zait, F5

PyMultitor enables to perform multiple web requests from multiple IP addresses by using TOR network. Adding an ability of this sort to some of the most common attacks often makes them leathal and unstoppable.

Why? Is this limited to TOR? How can we stay safe?

Tomer will present several examples and discuss the resons and correct precautions recommended.

18:30 – International Trade in Cybersecurity Products

Eli Greenbaum, Yigal Arnon & Co.

Recent changes to international arrangements have the potential to significantly impact collaboration in security communities.

“Dual-use” refers to technology that can be used for both civilian military goals. In order to limit the export of such “dual-use” technologies for military purposes, forty-one countries have joined together in the “Wassenaar Arrangement” – an international regime that guides member countries in imposing export restrictions on such technologies. Israel is not formally a member of the Wassenaar Arrangement, but Israel’s internal export control laws are regularly synchronized with the Wassenaar Arrangement.

The Wassenaar Arrangement mostly affects international trade in physical weapons, but recent changes also aim to control the export of technology connection to “intrusion software” and “surveillance systems.” Unfortunately, the broad language used to implement these changes could adversely affect the sharing of legitimate security information and products across international borders. This talk will discuss the recent changes to the Wassenaar Arrangement and how the changes have been implemented in various countries, highlighting the problems for legitimate security research and cooperation and presenting strategies for managing the legal risk presented by this regime.

19:15 – Coffee break

19:30 – Data flow analysis

Dani Liezrowice, ESL

Data flow analysis is used to collect run-time (dynamic) information about data in software while it is in a static state (Wögerer, 2005). Dani will show how to find real life examples of vulnerabilities this technique.