OWASP IL Meetup - February 2023

🐝✡ OWASP IL ✡🐝 happy to invite you to our upcoming Meetup!🚀
Join us for another AppSec community event and enjoy food, drinks, mingling, and great talks about security.

The event will be hosted by Bright Security!

=====================================================================
Agenda:
➡️ 18:00 - 18:30 - gathering and food - We will gather at Bright Security Offices for drinks, great treats, mingling. Safe room free zone!
➡️ 18:30 - 18:45 - Keynote + Microphone tuning

➡️ 18:45 to 19:15 - Exploring the Risks of ChatGPT and Other Generative AI Applications

Bar Hofesh - Co-Founder & CTO @ Bright Security

The presentation emphasizes the critical need for security in the realm of AI-generated code, spotlighting common vulnerabilities. It presents the three main avenues of attack against Large Language Models (LLMs): direct attacks on the LLMs themselves, compromises in the infrastructure and integrations, and weaknesses in applications. The presentation offers in-depth examples, particularly focusing on "social engineering" methods, to illustrate the techniques and consequences of these security breaches.

➡️ 19:15 to 19:45 - Top 5 Open Source Tools All Developers Should Know About!

Raz Probstein - Solution Engineer @ Jit

The Minimum Viable Security (MVS) approach simplifies the integration of security measures into config files, apps, and CI/CD processes using open source tools. This talk focuses on incorporating five key security controls into the CI/CD pipeline, utilizing tools like Bandit, Gitleaks, OSV-Scanner, KICS, and OWASP’s ZAP. These controls, along with custom measures for enforcing Multi-Factor Authentication via Github Security, establish a foundational security framework from the initial code, allowing continuous improvement as applications evolve over time. Code examples and demos will be presented in the session.

➡️ 19:45 - 20:15 - Recent Supply Chain Code Attacks

Yoad Fekete - Co-Founder & CEO @ Myrror Security

Join us for a deep-dive into the world of recent software supply chain attacks and how to defend against them.
In this lecture, we will discuss the difference between a supply chain attack and a vulnerability, and explore why there has been a significant increase in these types of attacks in the past couple of years.
We will showcase various vectors for these attacks with recent attacks examples.
The highlight? A technical demo of an attack, similar to the UA-Parser/Ledger Connect kit malicious package attacks.

=====================================================================

This event is sponsored by Bright Security in collaboration with OWASP Israel.

Join us at the event physically as we will not include Zoom or remote participation this time.