Loading…
AppSec Israel 2016 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Monday, September 19
 

08:30

09:30

Opening Words
Speakers
avatar for Avi Douglen

Avi Douglen

Conference Chair, Bounce Security
AviD is a high-end, independent security architect and developer, and has been designing, developing and testing secure applications, and leading development teams in building secure products, for around 20 years. My research interests include efficient security engineering, usable... Read More →
PA

Professor Asher Tischler

President of The College of Management Academic Studies


Monday September 19, 2016 09:30 - 10:00
Main Auditorium

10:05

Activity: Capture the Flag: Introduction
Moderators
avatar for Yossi Shenhav

Yossi Shenhav

CEO, Komodo Consulting

Monday September 19, 2016 10:05 - 10:20
Room 37 - CS and Communications Building CS and Communications Building

10:05

The Unwanted Sons - Formalizing and Demonstrating WAF Bypass Methods for the REST of the Top 10
The once uncommon application-level protection mechanisms are EVERYWHERE these days, and sooner or later, you'll have to face them.
Web Application Firewalls (WAF) and Intrusion Detection Systems (IDS), Filters and RASP Modules, all common and widespread countermeasures you have to face on a regular basis, with the power to turn a typical assessment into a nightmare, and make automated tools practically useless.
While the attack vectors are well covered in CWE, CAPEC, TECAPI RvR, WASC, OWASP Top 10 and Testing Guide, all you have to cover evasion techniques is a couple of cheat sheets focused on a limited set of attacks.
Sure, there are numerous XSS and SQL Injection evasion cheat sheets, but what about Path Traversal, Remote File Inclusion, OS Command Injection? What about Forced Browsing? What about other attacks?
Formalizing evasion techniques and methods for the REST of the common attack vectors makes a LOT of sense, for manual pen-testing and automated tools - and THIS is phase one, aimed to cover the rest of the unattended top 10.

Speakers
avatar for Shay Chen

Shay Chen

CEO, Effective Security
Shay Chen is the CEO of Effective Security, an information-security boutique company specializing in information security assessments and in automating security processes of vulnerability management and SDLC. He has over twelve years in information technology and security, a strong... Read More →


Monday September 19, 2016 10:05 - 10:50
Main Auditorium
  • Audience Breakers
  • Language Hebrew
  • Technical Level Intermediate / Advanced

10:05

The Threat of Advanced Cross-Site Search Attacks
Cross-site search (XS-search) is a practical timing side-channel attack that allows the extraction of sensitive information from web-services. The attack exploits inflation techniques to efficiently distinguish between search requests that yield results and requests that do not. This work focuses on the response inflation technique that increases the size of the response; as the difference in the sizes of the responses increases, it becomes easier to distinguish between them. We begin with browser-based XS-search attack and demonstrate its use in extracting users' private data from Gmail and Facebook. The browser-based XS-search attack exploits the differences in the sizes of HTTP responses, and works even when significant inflation of the response is impossible. This part also involves algorithmic improvements compared to previous work. When there is no leakage of information via the timing side channel it is possible to use second-order (SO) XS-search, a novel type of attack that allows the attacker to significantly increase the difference in the sizes of the responses by planting maliciously crafted record into the storage. SO XS-search attacks can be used to extract sensitive information such as email content of Gmail and Yahoo! users, and search history of Bing users.

Speakers
NG

Nethanel Gelernter

Cyberpion & College of Management Academic Studies
Nethanel Gelernter received a PhD in Computer Science from Bar-Ilan University (Israel). His research mainly focuses on web application security, and in particular in exploring new attack vectors and threats in the web. Currently, he is leading the cyber security research and studies... Read More →


Monday September 19, 2016 10:05 - 10:50
Room 10 - CS and Communications Building

10:20

Activity: Capture the Flag
This CTF competition aims to encourage and promote interest in web application security, as well as for just having some fun.

We do not see it as a competition really, though there are winners and they are going to win some cool prizes...

There are a lot of interesting talks at OWASP this year that you wouldn't want to miss.. So, it is perfectly ok if you don't end up collecting all flags.. We know, you have been busy.. 

 

Here are some FAQ I frequently hear (I never heard them actually, but what the hack?)

Is there any registration needed?

Registration is available here (just add yourself to my sched) or on site, at Komodo booth.

 

What prizes do the winners get?

There are going to be 4 prizes. 3 top scores will get a prize while one prize will be won by a lottery between all who scores a minimum of 10 points.

If there are 2 attendees who reached the same score, a lottery   between the two will be taken.

Oh.. and the prizes.. We'll decide soon enough and let you know.

 

What is the CTF structure?

We have built a PHP based web application that holds 6 challenges. Each challenge require a knowledge of a different attack or a different attack vector. Once you find the flag, you should use our 'proof of hack' PHP page to get the scores.

We might add a 'buy a hint' functionality, but even if we won't there are going to be plenty of people around who could steer you to the right direction.

 

What time do the CTF take place?

The CTF will be open all day long, starting at the first talk and till the end of last one.

 

What should I bring?

Bring your kali linux. Well, there is no need for that really, just kidding.

What you might need is:


  1. Laptop, any OS will do.

  2. Internet connection.

  3. Python installed (2.x I believe)

  4. HTTP Proxy (burp, fiddler, whatever…)

  5. Wireshark, tcpdump or something like that

  6. Internet facing server (but we can provide you with that if needed)


 

Of course, you might get all flags without needing any of the above. That would be super cool, we would love to see your take on our challenges.

 

How long should it take?

The CTF is open for the entire day. We estimate each challenge to take approximately 30 minutes, so it is 3 hours altogether.

All challenges are solvable in a matter of few minutes, once you know how. The difficulty level vary from entry level to advance.

There is one which may take quite a while and will require determination and persistency to solve.

Moderators
avatar for Yossi Shenhav

Yossi Shenhav

CEO, Komodo Consulting

Monday September 19, 2016 10:20 - 17:15
Room 37 - CS and Communications Building CS and Communications Building

10:55

Don't Feed the Hippos!
The security community is trying to solve insecurity caused by bugs and flaws in software for many years now, but with what success? 
We almost never look in successes and failures experiences in other areas, but we could really learn from. This talk is inspired by Ernesto Sirolli’s TED talk “Want to help someone? Shut up and listen!” about failures in the aid program’s around the world. Listening to Ernesto Sirolli, you cannot miss the similarity with the security community trying to tell developers how to write secure code.  This talk points out common failures of the security community when communicating with developers, trying to solve their problems without understanding what their problems really are. 
Using the hippo-analogy for security failures, during the talks those ‘(in-)secure hippos’ are identified, advice on how to avoid them are provided, by anecdotes and best practices from the experience of the past 10 years in the security field as a consultant.

Speakers
avatar for Martin  Knobloch

Martin Knobloch

Chairmain of the Board, OWASP Foundation
 


Monday September 19, 2016 10:55 - 11:25
Main Auditorium

10:55

The Dark Side of Search Engines Optimizations
Search engines optimization (SEO) is a technique being used by web sites owners in order to improve visibility and traffic to their web site. Legitimate SEO activity will use optimization techniques such as: changing structure and textual usage of the web site pages, publication in social media and web forums that will referrer relevant users.
The ultimate goal of SEO campaign is to promote web site ranking in the leading search engines, having the promoted web site returned in the primary result page once searching for relevant terms and keywords. 

In the presentation I’m going to present what happens when threat actors get into the world of SEO campaigns abuse SEO optimization techniques and moreover, use all kind of attack techniques such as SQL injection and open redirects in order to manipulate search engines ranking.
I will also evaluate some of the SEO attacks and the manipulating techniques, try to determine who are the victims in this story, check if these attacks achieved their goal and supply more interesting insights on the world of “Blackhat SEO”.

Speakers
avatar for Or Katz

Or Katz

Principal Lead, Security Researcher, Akamai
Security research veteran, serves as principal lead security researcher for Akamai's Enterprise Security BU . Always excited to speak in security conferences, to share my research and thoughts. High school teacher one day a week.


Monday September 19, 2016 10:55 - 11:25
Room 10 - CS and Communications Building

11:25

Coffee Break
Monday September 19, 2016 11:25 - 11:45
CS Building and Garden

11:45

Hacking The IoT (Internet of Things) - PenTesting RF Operated Devices
We often encounter IoT (Internet of Things) systems during our work as penetration testers and security consultants. We know how to assess the security of the server side API, the associated mobile apps, the web apps and so on - but what about the device itself (the "thing")? Moreover, what happens if the device is not using traditional HTTP/S request, or does not even "speak" plain old tcp/ip?

During this talk, we'll go over the obstacles we have to face when analyzing unknown, custom RF based communication that drives the target IoT system we're pentesting. We'll talk about and see in action tools that will allow us to capture RF traffic, analyze it, brute force it, replay it, and of course forge it. It's like plain old appsec hacking tricks, but at the RF level. So let's hack some things belonging to the real world!

Speakers
avatar for Erez Metula

Erez Metula

Application Security Expert, Founder, AppSec Labs
Erez Metula is the founder and Chairman of AppSec Labs, a leading company in the field of application security.He is the author of the book "Managed Code Rootkits", and is a world renowned application security expert.Erez has extensive hands-on experience performing security assessments... Read More →


Monday September 19, 2016 11:45 - 12:30
Main Auditorium

11:45

Could a few lines of code it all up!
March 2016. An anonymous open source developer decides to remove his code (left-pad) from a public repository.
Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.
Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.
Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

Join us for an insightful session that will reveal our research on this topic where you will learn:
• Which common open source packages might not be there tomorrow and how this can affect you?
• How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
• How intertwined and complex dependencies have become
 

Speakers
avatar for Amit Ashbel

Amit Ashbel

Cyber Security Evangelist
Amit has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and... Read More →
avatar for Erez Yalon

Erez Yalon

AppSec Research Group Manager, Checkmarx


Monday September 19, 2016 11:45 - 12:30
Room 10 - CS and Communications Building

12:35

Hacking HTTP/2 - New attacks on the Internet’s Next Generation Foundation
HTTP/2 is the emerging network protocol for the Internet, facilitating leaner and faster web browsing by introducing several new mechanisms which can be seen as a single transition layer for web traffic. The adoption of HTTP/2 is lightning fast, and even though only a year has passed since its publication, HTTP/2 is already supported by all significant players in the field including browsers, web servers and Content Delivery Networks.
In the presentation we will overview the HTTP/2 attack surface - stream multiplexing, flow control, HPACK compression and server push, with a focus on how the way HTTP/2 servers implement these mechanisms can make or break your security posture. We will continue with presenting new classes of vulnerabilities that have been introduced by the mechanisms used with HTTP/2, and explaining how these vulnerabilities can be used for mounting effective attacks against web servers like Apache, IIS, Ngnix, Jetty and nghttp. We will explain in details several serious zero-day vulnerabilities, such as CVE-2016-1546, CVE-2016-0150 and CVE-2016-1544, and end with discussing several approaches for mitigating attacks of these types.
Those attending this session will understand that:
1. As an emerging technology that introduces novel and flexible mechanisms, HTTP/2 also induces new risks.
2. HTTP/2 implementations are still not “security mature.” Therefore it is almost certain that scrutiny of HTTP/2 implementations will increase in coming years, resulting in the discovery of new vulnerabilities, exploits and security patches. With HTTP/2 gaining more popularity, this trend will intensify.
3. An effective security strategy for newly adopted technologies must rely on supplemental solutions rather than patching

Speakers
NA

Nadav Avital

Application Security Research Team Leader, Imperva
Nadav Avital is an expert in Web Application Security. He leads an Imperva team who captures and analyzes hacking activities and then create mitigation strategies. These efforts result in research for new technologies and protocols. Nadav has more than 10 years’ industry experience... Read More →
NM

Noam Mazor

Imperva
Noam Mazor worked in Imperva as security research engineer in the Web Application Security team. Noam has experience in analyzing hacking activities, creating mitigation and researching vulnerabilities. He holds BSc in Computer Science and is currently a MSc student in Tel Aviv U... Read More →


Monday September 19, 2016 12:35 - 13:20
Main Auditorium

12:35

Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing
Testing java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to you benefit?

Fortunately, Java is still java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.

The lecture aims to enrich the pentester's toolbox as well as mind, when facing java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.

In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

Speakers
avatar for Tal Melamed

Tal Melamed

Head of Security Research, Protego Labs
In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability... Read More →



Monday September 19, 2016 12:35 - 13:20
Room 10 - CS and Communications Building
  • Audience Breakers
  • Language Hebrew
  • Technical Level Intermediate / Advanced

13:20

Lunch
Monday September 19, 2016 13:20 - 14:15
CS Building and Garden

14:15

NodeJS Security Done Right​ - The tips and tricks they won’t teach you in school​
NodeJS, and JavaScript at large are quickly taking over software whether it is GitHub’s statistics for projects growth, the IoT industry, ChatOps projects written in JavaScript and Enterprises adoption is growing as well.
With this trend, it is imperative to review OWASP security practices and learn how to harden NodeJS Web Applications.​

We will begin with a quick NodeJS intro and a few fail stories of how things can go wrong. ​
We will quickly dive into hands-on practical implementation of security measures to adopt in your current or future NodeJS project. Next I will show how to leverage widely adopted security tools for integration in the build and CI/CD process to audit and test for security vulnerabilities, as well as leveraging successful enterprise-level open source npm libraries to enhance your web application’s security.​

In summary: in this session I will demonstrate:​
* Securing ExpressJS by adopting mature and commonly used npm libraries​
* Secure code guidelines for JavaScript software developers​
* Integrating NodeJS security measures as part of your build CI/CD DevOps process​

Speakers
avatar for Liran Tal

Liran Tal

Developer Advocate, Snyk
Liran has been advocating for Node.js and JavaScript, through core lead for the MEAN.js framework, docker container tool Dockly, and author of several npm packages.He’s a member of the Node.js Security WG, the author of Essential Node.js Security, and a core contributor on the OWASP... Read More →


Monday September 19, 2016 14:15 - 15:00
Main Auditorium

14:15

The Ways Hackers Are Taking To Win The Mobile Malware Battle
In the proverbial game of cat-and-mouse between endpoint security vendors and malware writers, malware attacks have recently grown more sophisticated. More enterprises are losing ground to hackers, who are able to outmaneuver static and runtime solutions by constantly changing their attack strategies. The team that uncovered iOS malicious profiles, WiFiGate, HTTP Request Hijacking, No iOS Zone and Invisible Profiles are taking it upon themselves to coach developers and organizations on how to regain control, and turn the tables on the hackers behind next-generation mobile malware.

In his presentation, Yair will discuss cutting-edge techniques used by malware writers to circumvent mobile security paradigms such as app-sandboxing and containers. Mr. Amit will then break down the current set of techniques (signatures, static analysis & dynamic analysis) used to identify malware on mobile devices, and identify the pros and cons of these approaches. He will also explain why attackers constantly succeed in fooling these technologies, and explore the problem of false positive/false negative tradeoffs in such solutions.

During a live, interactive demo, Yair will create a mobile malware on stage, meant to be undetected by static and runtime analysis technologies.

Speakers
avatar for Yair Amit

Yair Amit

CTO & Founder, Skycure
Yair Amit is co-founder and CTO at Skycure, leading the company’s research and vision and overseeing its R&D center. Yair has been active in the security industry for more than a decade with his research regularly covered by media outlets and presented in security conferences around... Read More →


Monday September 19, 2016 14:15 - 15:00
Room 10 - CS and Communications Building
  • Audience Breakers
  • Language Hebrew
  • Technical Level Intermediate / Advanced

15:05

Putting the 'I' in Code Review - Turning Code Review Interactive
Everybody knows that manual code review can be a tedious and lengthy effort, with complexity growing exponentially with the size of the code. However, understanding code flow and focusing on relevant parts can become much easier when employing interactive debugging techniques. This allows combining the best of penetration testing and code review benefits to achieve maximum results in the most efficient manner. In this talk we will explain and demonstrate this eye-opening technique for effectively performing a manual code review on a live system using a debugger and provide a quick starter kit for implementing this technique.

Speakers

. .

Seeker R&D Manager, Synopsys
Tamir Shavro has been involved both in complex R&D endeavors and in the security field in the past 18 years. As the Chief Architect & VP RnD of Seeker (acquired by Synopsys in 2015), Tamir has been the driving force behind the development of the Seeker technology. | | Prior to Seeker... Read More →


Monday September 19, 2016 15:05 - 15:50
Main Auditorium

15:05

Bot Extension - Abusing Google Chrome Extensions for Bot Attacks
Chrome extensions have opened a variety of opportunities for either users and developers, expanding the limits of what we've known as browsing experience. Attacker have also spotted the widely usage of such extensions, and abuse people's trust in Chrome Web Store to distribute malicious extensions. This allows them to run web-based bot attacks straight from victims' browsers, shending cross-site Ajax requests, resulting in impersonation of users in third-party websites.
Furthermore, the detection of such bot attack by the attacked server is more complex than in regular distributed attacks, since real humans actually use the Chrome tab abused to attack the victim.
The lecture will include an overview on Chrome Extension abilities followed by techniques to abuse them in order to run bot attacks, as well as distribute a malicious extensions to big crowds of victims.

Speakers
avatar for Tomer Cohen

Tomer Cohen

R&D Security Team Leader, Wix.com
Experienced security researcher & pentester, one of the founders of Magshimim Cyber Training Program.


Monday September 19, 2016 15:05 - 15:50
Room 10 - CS and Communications Building
  • Audience Defenders
  • Language Hebrew
  • Technical Level Intermediate / Advanced

15:50

Coffee Break
Monday September 19, 2016 15:50 - 16:05
CS Building and Garden

16:05

Crippling HTTPS with unholy PAC
You're in a potentially malicious network (free WiFi, guest network, or maybe your own corporate LAN). You're a security conscious netizen so you restrict yourself to HTTPS (browsing to HSTS sites and/or using a "Force TLS/SSL" browser extension). All your traffic is protected from the first byte. Or is it?

We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs. We will explain how this affects the privacy of the user and how credentials/sessions can be stolen. We will present the concept of "PAC Malware" (a malware which is implemented only as Javascript logic in a PAC resource) that features: a 2-way communication channel between the PAC malware and an external server, contextual phishing via messages, denial-of-service options, and sensitive data extraction from URI's. We present a comprehensive browser PAC feature matrix and elaborate more about this cross-platform (Linux, Windows, Mac) and cross-browser (IE, Chrome, Safari) threat.

Speakers
avatar for Amit Klein

Amit Klein

VP Security Research, Safebreach
Amit Klein is a world renowned information security expert, with 25 years in information security and over 30 published technical papers on this topic. Amit is VP Security Research at SafeBreach, responsible for researching various infiltration, exfiltration and lateral movement attacks... Read More →


Monday September 19, 2016 16:05 - 16:50
Main Auditorium

16:05

Law and the Israeli Cybersecurity Industry
From an international perspective, Israel provides a unique laboratory for studying the effect of law and regulation on cybersecurity research and development. This presentation will provide an introduction to specific laws and regulations concerning cybersecurity research and ask whether these laws have in actual practice influenced the growth of the cybersecurity ecosystem in Israel. More specifically, how have industry players, including startups, multinationals and the military, reacted to the unique legal framework that Israel provides for cybersecurity activities?

Speakers
EG

Eli Greenbaum

Partner, Yigal Arnon & Co.
Eli Greenbaum is partner in the law firm of Yigal Arnon & Co., specializing in technology, intellectual property and cybersecurity. He received his masters degree in Applied Physics from Columbia University and his law degree from Yale Law School. Eli has published widely in the intersection... Read More →


Monday September 19, 2016 16:05 - 16:50
Room 10 - CS and Communications Building

16:55

Integrating Security in Agile Projects
There are many different security development lifecycles (SDLC) frameworks in the modern world. However, a fully implemented SDLC program is often represented as heavy, time-consuming and not suitable to Agile development methodology. We’d like to break the myth and show how a very comprehensive security program, managed by a dedicated security office, can be successfully integrated in agile development project on a real case example.

We’ll shortly describe the main challenges, and the techniques and procedures helping to overcome the challenges. We’ll present the Security Lifecycle Management (SLM) Framework developed and used in HPE SW in the last three years, and describe how it integrated into development of new SaaS based fully agile developed product, with emphasis on main activities and roles. As a part of the presentation we would like to highlight the importance of the proper program management and role of the PMO and how it became a key success factor in the effective security program implementation.

Speakers
avatar for Elena Kravchenko

Elena Kravchenko

ADM BU Security Lead, Micro Focus (former HPE Software)
Elena represents the Security side of the project and brings vast experience in both development and security areas. | | She is responsible for a department developing 12 products ( ~400 developers) | | HPE Software Security Lead for HPE's Application Delivery Management (ADM... Read More →
avatar for Efrat Wasserman

Efrat Wasserman

Product manager, Intel
Efrat is a Product Manager at Intel. | Efrat brings deep knowledge and experience in both software development and project/product management areas. | Efrat's former position was a Senior Program Manager at HPE SW, | Efrat holds a BSc in Computer Science and Mathematics and... Read More →


Monday September 19, 2016 16:55 - 17:25
Main Auditorium

16:55

Signoff or Sign-Out
Software Signoff is an inevitable step in maturing our software development processes in order to deliver better and safer software. Like with other engineering disciplines before, the growing concerns for safety, security and standards is driving the industry to do better. In this talk we will explain what Software Signoff means and why organizations must adopt it before it is too late.

Speakers
avatar for Ofer Maor

Ofer Maor

Director of Security Strategy, Synopsys
Ofer Maor is a security expert and entrepreneur with over 20 years of experience in information and application security. Ofer has been involved in application security from its early days, through research, penetration testing, consulting, and product development | | As the founder... Read More →


Monday September 19, 2016 16:55 - 17:25
Room 10 - CS and Communications Building

17:30

Panel: Our Appsec Careers

While breaking and protecting is what we do, making sure we become and stay experts, work with the right people and generally have fun during our work day is just as important, if not more. Therefore we decided to hold a panel as part of AppSec IL on a topic we usually invest too little in: our appsec careers!

How do you find the right job, or the right people for the job? What is a dream appsec job and what is a real appsec job? Are they the same and if not, how do we bridge the gap. Is hammering apps a job for a life? If not, how can one create diversity and a growth path? All those are just a few of the many topics we can discuss.


Moderators
Speakers
avatar for Avi Douglen

Avi Douglen

Conference Chair, Bounce Security
AviD is a high-end, independent security architect and developer, and has been designing, developing and testing secure applications, and leading development teams in building secure products, for around 20 years. My research interests include efficient security engineering, usable... Read More →

Panelists
avatar for Helen Bravo

Helen Bravo

Product Management Director, Checkmarx
Helen Bravo is the Product Manager at Checkmarx. Helen has more than fifteen years of experience in software development, IT security and source-code analysis. | Prior to working at Checkmarx, Helen has worked in Comverse one of the biggest Israeli Hi-tech firms as a software engineer... Read More →
avatar for Itsik Mantin

Itsik Mantin

Lead Scientist, Imperva
In the last 20 years I have researched and innovated in various cyber-security domains, including web application security, advanced persistent threats, DRM systems, automotive systems and more. While thinking as an attacker is my second nature, my first nature is problem solving... Read More →
avatar for Ron Peled

Ron Peled

Sr. Security Specialist, LivePerson


Monday September 19, 2016 17:30 - 18:10
Main Auditorium

18:10