OWASP Meetup February 2019

Save the date! we will have our quarterly OWASP Israel meetup in PerimeterX office in Tel Aviv.
Agenda:
17:00 - 17:30: Gathering and Networking

17:30 - 18:15: "When Applications & Infrastructure Converge - A Perspective on Istio, the Service Mesh Platform", Gadi Naor, Alcide CTO
In this session we will dive into Istio - the leading service mesh platform - the security machinery it offers, and the role it plays in application security, throughout the application delivery lifecycle.
We will also peek into how serverless and Istio co-exist.

18:15 - 19:00: "OWASP Serverless Top 10", Hillel Solow
CTO and Co-founder, Protego Labs
In moving to serverless, we shift some security responsibilities to the infrastructure provider by eliminating the need to manage servers. Unfortunately, that doesn’t mean we’re entirely absolved of all security duties. Serverless functions still execute code and can still be vulnerable to traditional application-level attacks. As a new type of architecture, serverless presents new security challenges. Some are equal to traditional application development, but some take a new form.

In this talk, I will examine how the original Top 10 stack up for serverless apps based on the OWASP Serverless Top 10 project and why they are different from traditional attacks in attack vectors and defense techniques. I will also introduce the Damn Vulnerable Serverless Application (DVSA), a deliberately vulnerable, open-source tool, aiming to be an aid for both security professionals and developers to better understand the implications and processes of serverless security.

19:00 - 19:15: Coffee Break

19:15 - 20:00: "Identity Resolution in Cyber Security", Shlomo Yona, Founder and Chief Scientist @Mathematic.ai
Resolving actor's identity is imperative in many online systems. Misunderstanding of your actors' identity means that you may be confusing bots with people, mistakenly resolving an individual actor as several different other actors, mislead by multiple identities which are actually the same actor and many more. These misunderstandings may well be wreaking havoc in your analytics be it by wrong visualization or by introducing noise to your statistical models. We will learn a strategy to try and mitigate this problem and how this strategy fits into a broader security system.