Loading…
AppSec Israel 2018 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Plenary [clear filter]
Thursday, September 6
 

09:30

Opening
Or Katz
Ofer Maor

Organizers
avatar for Or Katz

Or Katz

OWASP Israel / Akamai


Thursday September 6, 2018 09:30 - 10:00
Bar-Shira Auditorium

10:00

Opening Keynote - The Last XSS Defense Talk
The Last XSS Defense Talk

Why are we still talking about Cross Site Scripting in 2018? Because it's painfully difficult to defend against XSS even to this day. This talk is a fundamental update to the 2011 AppSec USA talk "The Past Present and Future of XSS Defense". We'll address new defensive strategies such as modern JavaScript framework defense in Angular, React and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently. We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense and how HTTPOnly cookies are largely ineffective. This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications.

Speakers
avatar for Jim Manico

Jim Manico

Trainer, Manicode Security LLC
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, Secure Circle and BitDiscovery. Jim is a frequent speaker on secure software practices... Read More →


Thursday September 6, 2018 10:00 - 10:40
Bar-Shira Auditorium

16:30

Closing Keynote - A breach on your watch, do you really want to be that person?
A breach on your watch, do you really want to be that person?
Do you want to be that developer, that caused that vulnerability that caused that breach? Do you want to be that CIO that needs to explain to his board why it happened  on your watch?
If you don't want to be that person, then you should come and hear how it is actually possible for cybersecurity professionals and developers to partner, even collaborate, to create a secure coding culture. Security and development don't have to be adversarial anymore. Julie Baker will be sharing her lessons learned from years of experience as a security executive in large enterprises, including examples and practical tips, to turn the R&D lifecycle more secure and less of a headache.
The session will include time for Q&A, and an opportunity for you to share your personal "war story" about handling and implementing security (stories with a happy ending are welcome too!)

Speakers
avatar for Julie Baker

Julie Baker

CEO, TD Innovation Center Ltd.
Julie Baker has over 25 years of experience in all aspects of IT and Information Security in financial services as well as in academia.  Currently, Julie is the head of Cyber Innovation for TD Bank and the  CEO of the TD Innovation Center Ltd, located in Tel Aviv, which is a wholly... Read More →



Thursday September 6, 2018 16:30 - 17:15
Bar-Shira Auditorium

17:15

Closing
Organizers
avatar for Or Katz

Or Katz

OWASP Israel / Akamai


Thursday September 6, 2018 17:15 - 17:30
Bar-Shira Auditorium