The next OWASP meet-up will be hosted on Soluto offices Rothschild Blvd 39, Tel Aviv-Yafo on May 8th 18:00.
As always, attendance is free but we do need you to register in advance in the meet-up page -
The DevSecCon conference will be held in Tel-Aviv on the meet-up week and we will host international guests therefore the presentation will be in English.
Agenda for the meet-up:
Title: Pushing Left Like a Boss
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red team exercises, developer education programs and bug bounties, this talk will show you how to ‘push left', like a boss.
Tanya Janca - Bio:
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application security; evangelizing software security and advocating for developers through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, software developer, effective altruist and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Title: Crypto-mining: The New Force Behind Remote Code Execution Attacks
Remote Code Execution (RCE) attacks involving crypto-mining are gaining momentum. They've become attackers' new favorite way to exploit vulnerabilities in web application source code and are prevalent in over 88% of all RCE attacks. In this talk we will investigate the methods attackers are using to infect with crypto-mining malwares, specifically how they exploit RCE and insecure deserialization vulnerabilities in order to launch their attacks. We will analyze malicious crypto-mining scripts and see how the attackers make money by tracing their actual crypto wallets and mining pools. We will also explain why although there is a surge in crypto mining attacks, we have not seen any Bitcoin mining, only mining of other crypto currencies.
Gilad Yehudai - Bio:
Gilad Yehudai is an algorithm developer and security researcher within Imperva’s research group. Gilad develops algorithms and solutions using machine learning algorithms, and also researches new security threats and vulnerabilities. Gilad holds both a bachelor’s degree and a master’s degree in mathematics from Tel Aviv University.
Natan Elul - Bio:
Natan Elul is a security researcher within Imperva’s research group. Natan researches new security threats and vulnerabilities and develops research infrastructures for vulnerability assessment and malware analysis. Natan holds both a bachelor’s degree and a master’s degree in Computer Science from Ben Gurion University.