OWASP Meetup November 2018

This is a past event

109 people went

Location image of event venue

Details

Save the date! we will have our quarterly OWASP Israel meetup in Synopsys office in Herzliya.
Agenda:
17:30 - 18:00: Gathering and Networking

18:00 - 18:45: “Scratching the Surface of your CD?” Ofer Maor, Director, Solutions Management, Synopsys
Continuous Delivery (CD) introduces a new set of challenges for application security testing, even compared with already fast Continuous Integration (CI) and DevOps methodologies. CD development organization can produce hundreds or even thousands of software updates per day, some of them taking no longer than a few hours from beginning to end.
True continuous testing calls for true, inline, continuous security testing, which does not rely on any dedicated testing slots. In this talk we will talk about some of these concepts - how to streamline security testing in the background, how to fit it into modern A/B testing cycles, and how to build an approval process that fits a modern CD workflow, rather than an old security go/no-go approach.

18:45 - 19:30: "Client JavaScript Security - an Oxymoron?" Hadar Blutrich, Source Defense co-founder
Your firewall, WAF, source code review, and many other security solutions are focused on your internal servers and their communication with your customer 's browser. 3rd party scripts are hosted on remote servers which are completely outside of your security system's reach and executed on the customer 's browser over which you have no control. Thus, after every layer of your corporate security program has already done its job, the user 's browser is communicating with these remote servers. This means that you have no visibility, management, or control over the behaviors and actions of each 3rd party. Source Defense will discuss preventing JavaScript from accessing data that the JavaScript was not intended to access.

19:30 - 19:45 coffee break

19:45 - 20:30: "Fighting Fraud in the Trenches" Amir Shaked VP R&D PeremiterX
Let’s break a native mobile app, bypass the certificate pinning, skip the token validation and build an automated attack to breach accounts, the first step in today’s retail fraud.

We'll demo all the attack steps, suggesting mitigation factors, so that you can both take the offense on your apps, and find them before the attackers do.