Loading…
AppSec Israel 2016 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Builders [clear filter]
Monday, September 19
 

11:45 IDT

Could a few lines of code it all up!
March 2016. An anonymous open source developer decides to remove his code (left-pad) from a public repository.
Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.
Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.
Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

Join us for an insightful session that will reveal our research on this topic where you will learn:
• Which common open source packages might not be there tomorrow and how this can affect you?
• How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
• How intertwined and complex dependencies have become
 

Speakers
avatar for Amit Ashbel

Amit Ashbel

Cyber Security Evangelist
Amit has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and... Read More →
avatar for Erez Yalon

Erez Yalon

Director of Security Research, Checkmarx


Monday September 19, 2016 11:45 - 12:30 IDT
Room 10 - CS and Communications Building
  Track 2

14:15 IDT

NodeJS Security Done Right​ - The tips and tricks they won’t teach you in school​
NodeJS, and JavaScript at large are quickly taking over software whether it is GitHub’s statistics for projects growth, the IoT industry, ChatOps projects written in JavaScript and Enterprises adoption is growing as well.
With this trend, it is imperative to review OWASP security practices and learn how to harden NodeJS Web Applications.​

We will begin with a quick NodeJS intro and a few fail stories of how things can go wrong. ​
We will quickly dive into hands-on practical implementation of security measures to adopt in your current or future NodeJS project. Next I will show how to leverage widely adopted security tools for integration in the build and CI/CD process to audit and test for security vulnerabilities, as well as leveraging successful enterprise-level open source npm libraries to enhance your web application’s security.​

In summary: in this session I will demonstrate:​
* Securing ExpressJS by adopting mature and commonly used npm libraries​
* Secure code guidelines for JavaScript software developers​
* Integrating NodeJS security measures as part of your build CI/CD DevOps process​

Speakers
avatar for Liran Tal

Liran Tal

Developer Advocate, Snyk
Liran Tal is a Developer Advocate at Snyk and a member of the Node.js Security working group. He is a JSHeroes ambassador, passionate about building communities and the open source movement and greatly enjoys pizza, wine, web technologies, and CLIs. Liran is also the author of Essential... Read More →


Monday September 19, 2016 14:15 - 15:00 IDT
Main Auditorium
  Track 1

16:55 IDT

Integrating Security in Agile Projects
There are many different security development lifecycles (SDLC) frameworks in the modern world. However, a fully implemented SDLC program is often represented as heavy, time-consuming and not suitable to Agile development methodology. We’d like to break the myth and show how a very comprehensive security program, managed by a dedicated security office, can be successfully integrated in agile development project on a real case example.

We’ll shortly describe the main challenges, and the techniques and procedures helping to overcome the challenges. We’ll present the Security Lifecycle Management (SLM) Framework developed and used in HPE SW in the last three years, and describe how it integrated into development of new SaaS based fully agile developed product, with emphasis on main activities and roles. As a part of the presentation we would like to highlight the importance of the proper program management and role of the PMO and how it became a key success factor in the effective security program implementation.

Speakers
avatar for Elena Kravchenko

Elena Kravchenko

ADM BU Security Lead, Micro Focus (former HPE Software)
Elena represents the Security side of the project and brings vast experience in both development and security areas. She is responsible for a department developing 12 products ( ~400 developers) HPE Software Security Lead for HPE's Application Delivery Management (ADM) Business... Read More →
avatar for Efrat Wasserman

Efrat Wasserman

Product manager, Intel
Efrat is a Product Manager at Intel. Efrat brings deep knowledge and experience in both software development and project/product management areas. Efrat's former position was a Senior Program Manager at HPE SW, Efrat holds a BSc in Computer Science and Mathematics and an MBA in... Read More →


Monday September 19, 2016 16:55 - 17:25 IDT
Main Auditorium
  Track 1

16:55 IDT

Signoff or Sign-Out
Software Signoff is an inevitable step in maturing our software development processes in order to deliver better and safer software. Like with other engineering disciplines before, the growing concerns for safety, security and standards is driving the industry to do better. In this talk we will explain what Software Signoff means and why organizations must adopt it before it is too late.

Speakers
avatar for Ofer Maor

Ofer Maor

Director of Security Strategy, Synopsys
Ofer Maor is a security expert and entrepreneur with over 20 years of experience in information and application security. Ofer has been involved in application security from its early days, through research, penetration testing, consulting, and product developmentAs the founder and... Read More →


Monday September 19, 2016 16:55 - 17:25 IDT
Room 10 - CS and Communications Building
  Track 2