AppSec Labs is a GOLD SPONSOR of
OWASP AppSec Israel Conference 2018
Our activity in the annual conference:
Introduction To Application Level Attacks
Training by Erez Metula, founder and chairman of AppSec Labs.
Wednesday, September 5 • 09:45 – 12:15 | Bar-Shira Auditorium, Tel-Aviv University
The session is an introduction to application security threats, demonstrating the security problems that exist in corporate or internet based applications with a strong emphasis on application security and secure design. The seminar covers the major security vulnerabilities that might affect modern web application systems.
The main objective of the session is raising the awareness on the problems that might occur when secure coding practices are not used. The students will learn about the threat landscape and major attacks he or she must mitigate when as part of the development life cycle.
Attacking and Defending NFC Applications
Lecture by Aviad Ben-Moshe, application security consultant, AppSec Labs.
Thursday, September 6 • 12:30 – 13:00 | Room # 001, Tel-Aviv University
In this lecture, you will presented with an overview of the NFC technology, how it is being used and what industries can and will benefit from it most (hint – Retail, Fintech & IoT) – while focusing on its security aspects.
We have seen an increase of 400% in the production of NFC enables devices in the last 3 years and an increase of ~300% of the number of connected IoT devices. The numbers are continually growing rapidly.
After clarifying the uniqueness and special aspects of the NFC technology, we will take a deep dive into application security aspects of NFC based solutions such as duplicating tags, parameter tampering, sensitive information saved in plain text and more.
The technological mechanisms of NFC create a unique threat landscape which I will discuss in detail presenting the risks, threats, and mitigations relevant to NFC.
In addition, we will expose a customized PENETRATION TESTING METHODOLOGY for NFC based applications so you can tackle your next NFC based PT in an educated effective manner.
Exploiting Smart Contracts For Fun And Profit
Lecture by Erez Metula, founder and chairman of AppSec Labs.
Thursday, September 6 • 15:45 – 16:30 | Bar-Shira Auditorium, Tel-Aviv University
During the talk, we’ll discuss common security vulnerabilities that can occur in smart contracts and see how code that caused losses of millions of dollars looks like. We’ll cover the tools and techniques to explore , analyze, identify and exploit vulnerabilities in smart contracts.
We’ll talk about real world exploits, and look at the vulnerable code that caused them. We’ll talk about a new class of code vulnerabilities related to smart contracts, such as re-entrancy, time manipulations, overflows, authorization bypass, exposing secrets, etc.
IoT Startups Roadshow 2017
The event will take place on January 3rd 2017 at Lago – 6 21st Century St., Rishon LeZion.
Sign up here to see Erez Metula, founder and chairman of AppSec Labs.
The growth and central role of the Internet of Things in the technology world is already a fact. IoT is bringing the network to the real physical aspects of our live: our cars, utilities, homes, cities, industries and more… With such influence, IoT security is becoming a main concern and an enabler for the whole industry feasibility. It must be a concern for every IoT stakeholder from developers to service providers, to customers and end users. Logtel and AppSec Labs’ IoT security seminar is aimed at this challenge. It is a one day lucrative seminar focused on bringing IoT security basics to IoT professionals.
The seminar will allow managers, planners and developers wide understanding of the IoT security landscape and will give participants the tools and knowledge to develop and supply IoT security solutions.
Webinar – Top 10 Mobile Application Vulnerabilities
Erez Metula gave a Webinar on the Top 10 Mobile Application Vulnerabilities moderated by Mr. Taiye Lambo ( Founder and CTO of CloudeAssurance Inc.).
Check it out…
Mobile apps have access to our most sensitive data – passwords, financial and health related data, contacts, text messages, geographic locations and they are also adjacent to other apps on our mobile device with some potential implications. Can we really tell whether our apps are secure and are not “spying” on us? Can they be abused by hackers to penetrate our organization’s network and even more precious assets?
Erez will answer those questions and more focusing on Android & IOS mobile apps and their common vulnerabilities. Taiye will also discuss why performing independent penetration testing of Mobile apps and ensuring that Mobile Apps are using secure cloud service(s) is a must have in any CISO’s winning strategy. This webinar will be all about mobile apps security, how they can be hacked, the common mistakes developers make, and how to avoid such mistakes.
A must attend webinar for all CISOs, CIOs and CTOs, and all security professionals.
IoT Security – How to Collect & Protect your IoT Data
Hacking The IOT – Top 10 vulnerabilities of IOT products
Presented by: Erez Metula, Application Security Expert, AppSec Labs (Founder)
The “things” are all around us, with more to come exponentially as days go by. Smart homes, connected cities, smart medical devices, industrial IOT, you name it – they all are targets for attacks that were not possible up until recent years, when they can be accessed from the cloud and controlled from your favorite mobile app. Everybody talks about the benefits they’ll bring, but are they developed with security in mind? Can someone spy on our users? Or take control over something from the “physical” world? Or maybe manipulate with some information sent from the device to the cloud? During this talk, Erez will go over the most common security vulnerabilities that exists in IOT products, by sharing his experience as an IOT penetration tester. We’ll go over each of those vulnerabilities, and witness how they can be exploited by having a demos of the tools and techniques attackers will use against our IOT product.
Missed the event? Want to see the presentation?
OWASP AppSecIL Israel 2016 – AppSec Labs
Hacking The IoT (Internet of Things) – PenTesting RF Operated Devices
Presented by: Erez Metula, Application Security Expert, AppSec Labs (Founder)
We often encounter IoT (Internet of Things) systems during our work as penetration testers and security consultants. We know how to assess the security of the server side API, the associated mobile apps, the web apps and so on – but what about the device itself (the “thing”)? Moreover, what happens if the device is not using traditional HTTP/S request, or does not even “speak” plain old TCP/IP?
During this talk, we’ll go over the obstacles we have to face when analyzing unknown, custom RF based communication that drives the target IoT system we’re pentesting. We’ll talk about and see in action tools that will allow us to capture RF traffic, analyze it, brute force it, replay it, and of course forge it. It’s like plain old appsec hacking tricks, but at the RF level. So let’s hack some physical things belonging to the real world!
Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing
Presented by: Tal Melamed, Technical Leader, AppSec Labs
Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can’t? How do you modify the app to your benefit?
Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.
The lecture aims to enrich the pentester’s toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.
In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.
OWASP AppSecIL Israel 2015 – AppSec Labs
Internet of Things (IOT) Insecurity
Erez Metula, Application Security Expert and Chairman, AppSec Labs
Israel Chorzevski, CTO, AppSec Labs
During this talk we’re going to discuss the security of the so called internet-of-things (IOT),and have a better understanding of what it’s all about. This talk will give a broad overview of IOT, the major vulnerabilities that are out there, challenges that exist in securing the things, and what we as security people can do about it.
If you’ve ever heard the IOT buzzword, and you want to know what it’s all about, this talk is for you.