OWASP IL Meetup - June 2024

🐝✡ OWASP IL ✡🐝 is thrilled to announce our next Meetup event! 🚀

Get ready for a vibrant gathering of the AppSec community, featuring delicious food, refreshing drinks, networking opportunities, and insightful security discussions.

This special occasion will be graciously hosted by Axonius!

====================================================================
Agenda:
➡️ 18:00 - 18:30 - gathering and food - We will gather at Axonius's office for drinks, great treats and mingling.
➡️ 18:30 - 18:35 - Meetup kickoff + Microphone tuning
➡️ 18:35 to 19:20 - From Challenge to Triumph: Transforming AppSec with AI and Automated Code Reviews - A Journey of Lessons Learned
Michael Goberman - Director of Product Security and Aviad Feig - Product Security Architect @ Axonius
Maintaining a robust application security program with a lean team of experts is challenging. We’re eager to share with the community a practical and innovative approach that worked for us: How we were able to move away from manually reviewing every feature developed while increasing the thoroughness of our security oversight. We’ll explain how we succeeded at integrating generative AI tools using GitHub actions to automate the code review process and broaden security oversight in a highly efficient way. Attendees will learn from our journey and discover how they, too, can automate routine security checks, engaging human experts only when their expertise is truly needed.
➡️ 19:20 to 19:30 - Beer Break
➡️ 19:30 to 20:15 - Pains and advantages of application anomaly detection in containerized applications
Ben Hirschberg - CTO @ ARMO
In this talk an open-source based application anomaly detection system to detect malicious activity. The solution focuses on applications running in Kubernetes orchestration system.
In the talk I will cover these points:
* Main attack vectors to these kinds of applications: exploit remote vulnerabilities, supply-chain attacks
* Anomaly detection dimensions: process, file, network and system-call activity
* What detection dimension is working (or not working) with what kind of applications
* What anomalies are bound to what kind of attacks
* Live demo with the Kubescape project to show results

➡️ 20:15 to 21:00 - The Dark Side of AI: The Hidden Risks in Open-Source AI Models
Jossef Harush Kadouri - Security Researcher @ Checkmarx
This talk is for anyone who is using open source in their daily routine. The purpose is to bring awareness to the risks of software supply chain attackers lurking in some of our open-source code and to show how ridiculously easy it is for them to launch attacks.
Join me as we unravel the construction of AI models, focusing on their weak spots. Through multiple demos, witness how AI models can be manipulated to become malicious.

====================================================================
This event is hosted by Axonius in collaboration with OWASP Israel.

Join us at the event physically as we will not include Zoom or remote participation this time.