17:30 - 18:00 - Mingling, Pizza and Beer
18:00 - 18:25 - OWASP Top Ten 2017 - Michael Furman
18:30 - 18:55 - Hacker vs Company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari
19:00 - 19:25 - How I won $9k exploiting Google and Facebook using side-channel attacks - Ron Masas
19:30 - 20:00 - Intelligent systems, but are they secure? Guy Barnhart-Magen
OWASP Top Ten 2017 Overview
You will understand what is OWASP Top Ten project and what was changed from 2013 to 2017.
Michael Furman, Tufin
Lead Security Architect
I have over 10 years of experience with application security. I have been the Lead Security Architect at Tufin for over 4 years. I am responsible for the security of all Tufin software products, including Tufin Orchestration Suite as well as our new products that integrate security directly in the DevOps pipeline. Tufin software is used in over 2,000 enterprises, including 40 Fortune 100 companies.
Hacker vs Company, Cloud Cyber Security Automated with Kubernetes
We'll share how to build an infrastructure for security researchers that will allow them to concentrate on business logic and writing hacker “tasks”. Using Docker and Kubernetes on Google Cloud, these tasks can then be performed in parallel and without a lot of DevOps hassle. Our technique removes two common barriers: first, long and risky deployment processes and second, low transparency within the production system.
Lessons learned promised and a glimpse of the Hackers view, because it's always interesting to see how you look from the outside.
Demi Ben-Ari, Co-Founder & VP R&D @ Panorays, Google Developers Expert.
Software engineer, Entrepreneur and an International Tech Speaker.
Demi has over 12 years of experience in building various systems both from the field of near real time applications and Big Data distributed systems.
Co-Founder of the “Big Things” Big Data community and Google Developer Group Cloud.
Big Data Expert, but interested in all kinds of technologies, from front-end to backend, whatever moves data around.
How I won $9k exploiting Google and Facebook using side-channel attacks
After years of working as a software engineer with a passion for finding security vulnerabilities, I’m in a unique position of having an overall in-depth knowledge and view of secure software design.
Cross-site frame sniffing (XSFS) is a side-channel attack I developed that allows the extraction of sensitive information from web-services.
The attack exploits the cross-origin properties of iframe elements to determine the state of a vulnerable application.
I will briefly explain how to perform an XSFS attack and share details about the attacks I made against Google and Facebook.
Ron Masas - Security Researcher at Imperva
Intelligent systems, but are they secure?
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
Guy Barnhart-Magen, Security Research Manager, Intel
Guy is a member of the BSidesTLV organizing team and recipient of the Cisco “black belt” security ninja honor – the highest cyber security advocate rank.
With over 15 years of experience in the cyber-security industry, he held various positions in both corporates and start-ups.
He is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.