OWASP IL Meetup Dec 2021

Agenda:

17:45 - 18:15 - Gathering, Food, Networking, Log4j Warstories & Meme Sharing

18:15 to 18:45 - Session #1 - Kubernetes API Server - What went wrong and how can we still win?

The session will be presented by Moshe Zioni and Liri Sokol. Moshe Zioni is the VP of Security Research at Apiiro, He is listed as 27 influential penetration testers in 2020 by Peerlyst and have been researching cybersecurity for over 20 years in multiple domains and industries. Liri Sokol is the first employee and technical leader at Apiiro, Liri has a strong background in design and implementation of complex systems from backend to frontend.

Kubernetes poses quite a few security challenges, one of the more interesting and central components of it is the API Server. We are going to walk through its past vulnerabilities and security pain points, and finally, how can one remediate those and similar gaps in the future.

18:45 to 19:15 Session #2 - APIs Posture Management and the Extinction of Rogue APIs

Aner Morag, VP of Technology at Noname Security. Leading the Detection, Research and Innovation of the company.

What is a good/secured API? How do you even measure the risks of your APIs when most part of your environment is unknown - even if an API-GW is in place, risks like data exposure and broken authentication mechanism are a common misconfiguration.
Maintaining an up-to-date posture of your APIs is starting with their detection, cloud/infrastructure routing, while also including exposure / usage of sensitive data, IAAA functionality, or public access.

19:15 - 19:30
Break

19:30 to 20:00 - Session #3 - HTTP Smuggling from inception to nowadays

Join Milan Charniak, Red Teamer and Penetration Tester at Cilynx. Milan is an experienced Red Teamer that has experience in the detection / operations domains as well.

The lecture is discussing HTTP Smuggling attacks from inception to this day while sharing some real exploitation successes.
We will cover how HTTP Smuggling attacks are performed, from the classic HTTP Smuggling attack to the more recent HTTP 2.0
Async Smuggling attacks. A variety of examples will be technically described and presented.

This meetup will also be available virtually in Zoom

https://us06web.zoom.us/j/86208181227?pwd=aEc0OUdEN3BnNWQyekIydThzUTRVUT09