Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation Ofer Shezaf, CTO, Breach Security The Interdisciplinary Center Herzliya, Dec 3rd 2007

OWASP 2 Thanks!  To our Sponsors:  To the Speakers  And to these wonderful people:  Dr. Anat Bremler-Bar, Our host today.  Shay Shuker and Avi Aminov who helped organize things.  Bat-Sheva Shezaf who volunteered to be the photographer.

OWASP 3 What is OWASP? The Open Web Application Security Project  Non-profit, volunteer driven organization.  Activities:  Projects (~40 of them):  Publications: OWASP TOP 10, OWASP Guide, OWASP Testing Guide, CLASP  Testing and Training Software: WebGoat, WebScarab  Chapters (more that a 100 up from 80 six months ago)  Conferences (9, including this one!)  Membership: Not mandatory. A contribution.  But it helps to pay the bills.

OWASP 4

OWASP IL  One of the most successful chapters.  This is the 3 conference, with participation of hundreds.  Normal meetings get 50 to 60 people.  Next year we plan:  A full day two tracks annual conference in the fall.  Something different for spring (ideas?).  Quarterly meetings.  What else?  It depends very much on you, I will try to start… 5

OWASP Announcing: OWASP IL Scholarships Program  Application security got a lot of attention from the industry and much less from the Academic world. We would like to push for more Academic research in this field.  The program calls for companies to provide grants for academic projects related to application security.  Program Guidance:  Dr. Anat Bremler-Bar will be the academic director of the program.  A steering committee would include representatives from other universities and the industry.  Program details:  Research projects submitted must be active projects, proposed by either the Academia or the industry.  The steering committee will review the proposals and select the appropriate ones.  Each project will submit a paper for following OWASP conference.  Each grant will be 5000 shekels, for any use, half at start and half on paper submission.  A more detailed program plan would be distributed shortly.  We are looking for universities and companies who would like to participate or sponsor the scholarship. 6

OWASP Announcing: Computer for Every Student  Nothing to do with application security:  But takes advantage of the relationship between industry and Academia that we create.  And doing something for the community (and the environment) is always good.  We encourage companies to contribute computers phased out to students who need them:  Must be working computers.  Can be old. Just need to be able to run Office and be able to connect to the Internet.  Software and support will be handled by the University (which is the reason we focus on this segment).  We already started:  Breach Security is contributing computers to Tel-Hai Academic College. 7

OWASP  Cross Site Request Forgery, Ofer Shezaf, OWASP IL chapter leader, Breach Security  Defeating Web 2.0 Attacks without Recoding Applications, Amichai Shulman, CTO, Imperva  This talk was presented in OWASP 2007 in San Jose.  Hunting Down XSS Vulnerabilities, Erez Metula, Application Security Department Manager, 2Bsecure  10 minutes about the National Information Security Forum, Avi Weissman, CEO, See-Security  How Dangerous Is It Out There? Dror Paz, Director of Professional Services, Breach Security  SOA security, Iris Levari, Amdocs  The PKI Lie - Attacking Certificate-Based Authentication, Ofer Maor, CTO, Hacktics  This talk was presented in OWASP 2007 in San Jose.  Harvesting Skype Super-Nodes, Omer Dekel, IDC  This talk is based on a research project done with Dr. Anat Bremler-Barr (IDC) & Prof. Hanoch Levy (ETH)  Smuggling SQL injection attacks, Avi Douglen, ComSec  This is a new research work presented for the first time in OWASP Israel