Loading…
The date for the release of slides and videos has not been determined.  
Please, visit the event site for further information.
Thanks
Simple
Expanded
Grid
By Venue
Track 6 - Innovation [clear filter]
Wednesday, May 29
 

10:45am IDT

Uninvited Guests: Understanding Malicious Web Bots with OWASP Handbook
REGISTER
Scalping, Scraping, Skewing, Sniping … oh my! What are they? How do you wrap your mind around malicious bots and unwanted automation? Presented by a co-leader of the OWASP project on automated threats, this talk will help you navigate the swampland of malicious web automation using the OWASP Automated Threat Handbook as a guide, along with examples from the real world.
Speakers
avatar for Tin Zaw

Tin Zaw

Director, Security Solutions, Verizon
The author resides in sunny southern California, where he seeks a Zen state of mind amid the chaotic mix of technology, society and cyber threats. Wanting to make the world safer online, he gave up his beloved programming job to focus on cyber security. He is a former president of... Read More →

Wednesday May 29, 2019 10:45am - 11:15am IDT
Hall C
  Track 6 - Innovation, addnew

2:05pm IDT

Webhooks Hookups: Abusing API Developers
REGISTER
The concept of a Webhook is quite simple: an HTTP callback that occurs when something happens. However, Webhook's powerful nature of open ended integration with arbitrary web services, makes it very easy for API developers to pipe data in and out of its CISO defined boundaries,  and might even end up in a network compromise.  
We will share our research on the tool-chains used by API developers to develop and test Webhooks and show why those could be disastrous. We will provide examples of real life exposed applications and present our war stories on the vulnerabilities we have discovered and responsibly disclosed. We will talk how Webhooks tools are already being abused in the wild. Attendees will walk away with a better sense of understanding Webhook development threats and the feasible preventive controls. Finally we will be releasing a toolkit to assist in auditing the exposure of organizations using Webhooks.
Speakers
avatar for Tomer Zait

Tomer Zait

Principal Security Researcher, F5
Tomer Zait (Principal Security Researcher at F5Networks) worked in a range of professions in the security industry (Web Application Firewall Integrator, Penetration Tester, Application Security Engineer, Security Researcher, Etc.). During this time, he developed open-source projects... Read More →
avatar for Maxim Zavodchik

Maxim Zavodchik

Security Research Manager, F5 Networks
The speaker has more than 10 years of offensive security and web vulnerabilities research experience. In his current role as Head of Security Research, Maxim is building and growing the threat research at F5 Networks.

Wednesday May 29, 2019 2:05pm - 2:35pm IDT
Hall C
  Track 6 - Innovation, addnew
 
Filter sessions
Apply filters to sessions.
Sunday, May 26
Monday, May 27
Tuesday, May 28
Wednesday, May 29
Thursday, May 30
Friday, May 31
Saturday, June 1
Sunday, June 2
11th Floor Room 1122
11th Floor Room 1124
11th Floor Room 1126
11th Floor Room 1128
Coffee served inside the training room.
Foyer
Gallery (lobby level)
Hall A
Hall B
Hall C
Hall D & E
Hall G
Hall J (conference floor level)
Hall l (conference floor level)
Halls A & B
Halls D & E (conference floor level)
Jaffa Deck (outside)
Library (lobby level)
Main Restaurant
Meeting Room 5
Nomi Restaurant
Peres Center for Peace and Innovation
Room 1125
  • 2 day Training
  • 3 day Training
  • Capture the Flag
  • Innovation Fair
  • Keynote Speaker
  • Optional Weekend Tour
  • Other
  • Project Review
  • Project Show Case
  • Sponsor Exhibit Area
  • Track 1 - Breaker
  • Track 2 - Builder
  • Track 3 - DevOps
  • Track 4 - Layer 8
  • Track 5 - Risk Management
  • Track 6 - Innovation
  • WIA