AppSec Israel 2016 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Defenders [clear filter]
Monday, September 19

10:55 IDT

The Dark Side of Search Engines Optimizations
Search engines optimization (SEO) is a technique being used by web sites owners in order to improve visibility and traffic to their web site. Legitimate SEO activity will use optimization techniques such as: changing structure and textual usage of the web site pages, publication in social media and web forums that will referrer relevant users.
The ultimate goal of SEO campaign is to promote web site ranking in the leading search engines, having the promoted web site returned in the primary result page once searching for relevant terms and keywords. 

In the presentation I’m going to present what happens when threat actors get into the world of SEO campaigns abuse SEO optimization techniques and moreover, use all kind of attack techniques such as SQL injection and open redirects in order to manipulate search engines ranking.
I will also evaluate some of the SEO attacks and the manipulating techniques, try to determine who are the victims in this story, check if these attacks achieved their goal and supply more interesting insights on the world of “Blackhat SEO”.

avatar for Or Katz

Or Katz

Principal Lead, Security Researcher, Akamai
Or Katz is a security veteran, with years of experience at industry leading vendors, currently serves as Principal Lead Security Researcher for Akamai. Katz is a frequent Speaker in security conferences and published several articles and white papers on threat intelligence and defensive... Read More →

Monday September 19, 2016 10:55 - 11:25 IDT
Room 10 - CS and Communications Building
  Track 2

11:45 IDT

Could a few lines of code it all up!
March 2016. An anonymous open source developer decides to remove his code (left-pad) from a public repository.
Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute.
Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee.
Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified?

Join us for an insightful session that will reveal our research on this topic where you will learn:
• Which common open source packages might not be there tomorrow and how this can affect you?
• How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development
• How intertwined and complex dependencies have become

avatar for Amit Ashbel

Amit Ashbel

Cyber Security Evangelist
Amit has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and... Read More →
avatar for Erez Yalon

Erez Yalon

Director of Security Research, Checkmarx

Monday September 19, 2016 11:45 - 12:30 IDT
Room 10 - CS and Communications Building
  Track 2

12:35 IDT

Hacking HTTP/2 - New attacks on the Internet’s Next Generation Foundation
HTTP/2 is the emerging network protocol for the Internet, facilitating leaner and faster web browsing by introducing several new mechanisms which can be seen as a single transition layer for web traffic. The adoption of HTTP/2 is lightning fast, and even though only a year has passed since its publication, HTTP/2 is already supported by all significant players in the field including browsers, web servers and Content Delivery Networks.
In the presentation we will overview the HTTP/2 attack surface - stream multiplexing, flow control, HPACK compression and server push, with a focus on how the way HTTP/2 servers implement these mechanisms can make or break your security posture. We will continue with presenting new classes of vulnerabilities that have been introduced by the mechanisms used with HTTP/2, and explaining how these vulnerabilities can be used for mounting effective attacks against web servers like Apache, IIS, Ngnix, Jetty and nghttp. We will explain in details several serious zero-day vulnerabilities, such as CVE-2016-1546, CVE-2016-0150 and CVE-2016-1544, and end with discussing several approaches for mitigating attacks of these types.
Those attending this session will understand that:
1. As an emerging technology that introduces novel and flexible mechanisms, HTTP/2 also induces new risks.
2. HTTP/2 implementations are still not “security mature.” Therefore it is almost certain that scrutiny of HTTP/2 implementations will increase in coming years, resulting in the discovery of new vulnerabilities, exploits and security patches. With HTTP/2 gaining more popularity, this trend will intensify.
3. An effective security strategy for newly adopted technologies must rely on supplemental solutions rather than patching


Nadav Avital

Application Security Research Team Leader, Imperva
Nadav Avital is an expert in Web Application Security. He leads an Imperva team who captures and analyzes hacking activities and then create mitigation strategies. These efforts result in research for new technologies and protocols. Nadav has more than 10 years’ industry experience... Read More →

Noam Mazor

Noam Mazor worked in Imperva as security research engineer in the Web Application Security team. Noam has experience in analyzing hacking activities, creating mitigation and researching vulnerabilities. He holds BSc in Computer Science and is currently a MSc student in Tel Aviv U... Read More →

Monday September 19, 2016 12:35 - 13:20 IDT
Main Auditorium
  Track 1

15:05 IDT

Bot Extension - Abusing Google Chrome Extensions for Bot Attacks
Chrome extensions have opened a variety of opportunities for either users and developers, expanding the limits of what we've known as browsing experience. Attacker have also spotted the widely usage of such extensions, and abuse people's trust in Chrome Web Store to distribute malicious extensions. This allows them to run web-based bot attacks straight from victims' browsers, shending cross-site Ajax requests, resulting in impersonation of users in third-party websites.
Furthermore, the detection of such bot attack by the attacked server is more complex than in regular distributed attacks, since real humans actually use the Chrome tab abused to attack the victim.
The lecture will include an overview on Chrome Extension abilities followed by techniques to abuse them in order to run bot attacks, as well as distribute a malicious extensions to big crowds of victims.

avatar for Tomer Cohen

Tomer Cohen

R&D Security Team Leader, Wix.com
Experienced security researcher & pentester, one of the founders of Magshimim Cyber Training Program.

Monday September 19, 2016 15:05 - 15:50 IDT
Room 10 - CS and Communications Building
  Track 2
  • Audience Defenders
  • Language Hebrew
  • Technical Level Intermediate / Advanced