Save the date! we will have our quarterly OWASP Israel meetup in Imperva office in Tel Aviv.
17:30 - 18:00: Gathering and Networking
18:00 - 18:45: Troy Hunt - 'Rise of the Breaches'
Data breaches are the new normal. We’ve created ecosystems with so many moving parts and so many complex units, it’s little wonder that we so frequently see them go wrong. A combination of more systems, more people, more devices and more ways than ever of producing and publishing data stack the odds in favour of attackers breaching more systems than ever.
In this talk we’ll get a look inside the world of data breaches based on his experiences dealing with billions of breached records. We’ll see what’s motivating hackers, how they’re gaining access to data and how organisations are dealing with the aftermath of attacks. Most importantly, it will help you contextualise these incidents and understand both what these attacks actually look like and how to defend against them in your organisation.
18:45 - 19:00: Coffee Break
19:00 - 19:30: Lior Mazor - SDLC in Agile and DevOps development - Case Study.
- Waterfall VS Agile and DevOps development
- Secure Software Development Life Cycle (S-SDLC)
- S-SDLC journey – Case Study
19:30 - 20:00: Yury Geiler - How account takeover botnets outsmart traditional security controls.
Account Takeover (ATO) describes a scenario in which an account is accessed by someone other than its legitimate owner, usually for malicious purposes. Although the risk is not new, it is still considered one of the top risks to cause financial loss for corporates and individuals alike today. One of the reasons for this grim reality is that businesses rely on outdated detection methods like static security rules, rate limit and bot protection. While these methods work well on technical attacks like SQL injection or cross site scripting, they are less effective against business logic attacks such as ATO. These methods can be easily bypassed as today’s ATO attackers use advanced tools and botnets that allows them to operate at a slow steady rate, impersonate legitimate clients and to morph the attack when needed.
In this meetup I'll present real life botnets that we've exposed and the methods that we used to do that.
The event will be in English