Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP Israel Sep OWASP Israel 2011 Conference Ofer Maor CTO, Seeker Security Chairman, OWASP Israel OWASP Global Membership Committee

OWASP Israel – Sep OWASP Israel 2011 Conference  Why Are We Here?  Words from Dr. Anat Bremler Barr  About OWASP  About OWASP Israel  Agenda, Feedbacks & Membership  And a Small Surprise…

OWASP Israel – Sep Why Are We Here?  FREE FOOD AND DRINKS!  Largest AppSec Event of the Year  Over 470 Registrants  14 Lectures  16 Sponsors (11 with a Booth)  Great Opportunity to Meet Colleagues & Hear About Latest Development in AppSec

OWASP Israel – Sep OWASP Israel 2011 Conference Sponsors GOLD SILVER

OWASP Israel – Sep 2010 OWASP World OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

OWASP Israel – Sep 2010 OWASP World 10 Years Birthday!

OWASP Israel – Sep 2010 OWASP Worldwide Community 7

OWASP Israel – Sep 2010 OWASP Community & Knowledge Base 55 Corporate Members 25 Academic Members 2000 Individual Members Thousands of Articles Hundreds of Presentations Hundreds of Mailing Lists 4 Full Scale Conference Dozens of Regional Events Over 100 Projects!

OWASP Israel – Sep OWASP Top 10 Critical Vulnerabilities

OWASP Israel – Sep 2010 OWASP AppSec Guides  Free and open source  Cheap printed copies  Covers all critical security controls  Hundreds of expert authors  All aspects of application security 10

OWASP Israel – Sep Many Other Projects…  OWASP Top 10  AppSec Guides  Application Security Verification Standard  OWASP Software Assurance Maturity Model  WebGoat  WebScarab  CSRF Tester / CSRF Guard  OWASP Live CD  OWASP Enterprise Security API  More…

OWASP Israel – Sep About OWASP Israel  Local Israeli Chapter  Celebrates 5 Years (2006 Conference had 2 sponsors, 7 lectures, 90 attendees…)  ~700 Registered Users (If you’re not in – now is the time to register)  Activities  Monthly Meetings  Annual Conference  OWASP Top 10 – Hebrew Translation

OWASP Israel – Sep What do we Need?  HELP! (And a lot of it…)  Meetings  Hosting a Meeting ( people) – Location + Food  Speaking in Meetings (We need speakers!)  Translation (Or Katz)  Feedback Forms  Membership  Most Importantly – Promote OWASP!

OWASP Israel – Sep Today’s Agenda 08:30 – 09:00Registration, Gathering & Socializing 09:00 – 09:30 Opening Notes Ofer Maor, Chairman, OWASP Israel; Global Membership Committee, OWASP 09:30 – 10:10 Keynote Composite Applications Over Hybrid Clouds – Enterprise Security Challenges of the IT Supply Chain Dr. Ethan Hadar, Senior Vice President Corporate Technical Strategy, CA Track #1Track #2 10:15 – 11:00 Finding Security in Misery of Others Amichai Shulman, CTO, Imperva Temporal Session Race Conditions Shay Chen, CTO, Hacktics ASC, E&Y 11:00 – 11:15Coffee Break 11:15 – 12:00 Building an Effective SDLC Program Case Study Guy Bejerano, CSO, Liveperson Ofer Maor, CTO, Seeker Security Space-Time Tradeoffs in Software-Based Deep Packet Inspection Yotam Harchol, IDC 12:00 – 12:45 All Your Mobile Applications Are Belong to Us Itzik Kotler, CTO, Security Art Glass Box Testing – Thinking Inside the Box Omri Weisman, Manager, Security Research Group, IBM

OWASP Israel – Sep Today’s Agenda 12:45 – 13:45Lunch Break 13:45 – 14:30 CMS And Other Giants – The Nightmare of AppSec Irene Abezgauz, Product Manager, Seeker Security Agile + SDL – Concepts & Misconceptions Avi Douglen, Independent Security Architect Nir Bregman, Senior Project Manager, HP 14:30 – 15:15 Breaking Cryptography by Going Around It Erez Metula, Founder, AppSec Labs Advanced Techniques & Tools for Testing Binary Protocols Chilik Tamir, Security Architect, AppSec Labs 15:15 – 15:30Coffee Break 15:30 – 16:15 Security Testing of RESTful Services Ofer Shezaf, Head of AppSec Research, HP Eyal Fingold, Senior Security Developer, HP Hey, What’s your App doing on my (Smart)Phone? Shay Zalalyachin, CTO, Comsec Consulting 16:15 – 17:00 The Bank Job II Adi Sharabani, Cross-Rational Security Strategy & Architecture, IBM 17:00 – 17:05 End Notes Ofer Maor, Chairman, OWASP Israel; Global Membership Committee, OWASP

OWASP Israel – Sep Feedback Forms  Please Fill the Feedback Forms.  Really, We Mean It…  Seriously… We Really Really Mean It…  It Really Helps Us (And You….)  Thanks!

OWASP Israel – Sep OWASP Membership  What’s OWASP Membership?  Do I Need to Be a Member?  Why is it Good For OWASP?  Why is it Good For Me?  So How Do I Join? Discount Code: ISRAEL It’s only 35$ / Year… (Less than a coupon you will never use… )

OWASP Israel – Sep Surprise!!!

OWASP Israel – Sep Thank You! Questions?