OWASP Israel June 2016 Chapter Meeting

Hi everyone!

Next OWASP Israel meeting will take place on Tuesday, June 14th , 2016 at 17:00 – that’s in just 2 weeks!

The meeting will take place at Amdocs Auditorium.

Amdocs' offices are located in Raanana, 8 Hapnina St.

Agenda is below.

As always, attendance is free but we do need you to register in advance. Stay tuned at our meetup page: https://www.meetup.com/OWASP-Israel/events/229662688/

Agenda:

17:00 – Gathering, Food & drinks

17:30 – Opening Note

17:45 – Insiders – The Threat is Already Within

Sagie Dulce, Shiri Margel, Imperva

In recent years, we have witnessed a growing number of enterprises and government agencies suffer data breaches. While organizations are buffing up their security layers—which is important—most of the focus is on preventing direct threats that come from outside, while detecting threats from within is neglected.

In this talk we will present our research data. Our data shows that insider threats, whether attributed to malicious, negligent or compromised insider, go unnoticed by common security tools. In order to detect insider attacks we suggest a mixture of Behavior Analytics and Deception technology. These technologies were deployed in several production environments. We then collected data from these environments and discovered different forms of insider threats in each and every deployment. Our data suggests that organizations are already experiencing some form of insider attack which current security technology does not address.

18:30 – 1Password protects you, but who protects 1Password ?

Adi Ludmer, Perimiterx

1Password is one of the most popular Password managers in the world.

The most important quality for tools in this category is the level of trust that they provide us when we let them guard our most sensitive data.

In this talk we will explain (and demonstrate) several flaws in the design of 1Password’s architecture, that could potentially be exploited and put our sensitive data which is stored there at risk.

We will also explain several flaws which have already been disclosed, and give some recommendations for how to use Password managers in a safer way.

19:15 – Coffee break

19:30 – Proxy based assertion

Erez Kalman, Amdocs

Secure method of using a single proxy entry point to pass assertion data for user authentication and authorization using the headers to other systems.