OWASP IL Meetup - May 2024

🐝✡ OWASP IL ✡🐝 is excited to welcome you to our latest Meetup event! 🚀
Prepare to dive into the world of AppSec with an evening filled with engaging security topics, networking, and of course, plenty of food and drinks.

This time, we're delighted to have Playtika host our gathering!

====================================================================

Agenda:
➡️ 18:00 - 18:30 - gathering and food - We will gather at Playtika's Cafe for drinks, great treats, and mingling.

➡️ 18:30 - 18:45 - Keynote + Microphone tuning

➡️ 18:45 to 19:30 - Surviving The Jungle of SCA
Raz Rosh - Product Security Engineer and DevSecOps Expert @ Playtika
This presentation is tailored for developers, security professionals, and anyone interested in advancing the security and efficiency of integrating open-source and third-party components into software projects. It will delve into the vital practices of identifying, analyzing, and managing third-party dependencies to mitigate risks and ensure compliance. Attendees will discover how to integrate Software Composition Analysis (SCA) tools into the CI/CD pipeline, address common challenges such as false positives and performance overhead, and deploy strategies to minimize alert noise and prioritize vulnerabilities efficiently. The aim is to streamline the SCA process, making it a seamless component of the development lifecycle and empowering participants to significantly bolster their software security posture. Join us to transform SCA from a daunting task into a manageable and integral part of your DevSecOps practices.

➡️ 19:30 to 20:15 - Malvertising | tactics, techniques, and procedures (TTP) implemented in auto redirect attack
Liran Lavi - Security Research Team Leader @ GeoEdge
Malvertising, a fresh cyberattack tactic, entails embedding malicious code into digital advertisements. This insidious technique poses challenges for both internet users and publishers, as the infected ads are often spread through reputable advertising networks. Given that ads are visible to all website visitors and often contain many security misconfigurations, virtually every page viewer faces the threat of infection.

➡️ 20:15 - 20:45 - Understanding Prompt Injection Attacks in Generative AI
Aviv Avraham Levy - Senior Security Researcher @ F5 Networks
This presentation provides an in-depth look at Generative AI and Large Language Models (LLMs), focusing on the mechanics of prompt injection attacks. It highlights various types of prompt injections and showcases real-world scenarios to illustrate how these vulnerabilities can be exploited. The session includes demonstrations of prompt injection attacks in action and concludes with an overview of potential mitigation strategies.

=====================================================================

This event is hosted by Playtika in collaboration with OWASP Israel.

Join us at the event physically as we will not include Zoom or remote participation this time.