OWASP AppSec Israel 2018

Tel Aviv University September 06, 2018

Tags: Policy and legal, Devops, Defender, Breaker, Builder

CFP closed at  July 15, 2018 21:07 UTC

The annual OWASP AppSec Israel Conference is the largest conference in Israel for application and software security, has been going regularly for over a decade and always draws hundreds of participants. Over 650 people attended last year, this year we expect well over 700!

OWASP AppSec Israel will take place this year on September 6th, 2018. The Conference usually starts at 9AM and lasts until 18:00. It will also be preceded by a day of Developer Training.

But AppSecIL is not just for security experts! We also have talks aimed at developers, testers, architects, product designers, and managers - anyone involved with the software lifecycle is welcome, regardless of type of software, website, mobile app, or any other type of application.

If you are responsible for, or involved with:

  • web security
  • devops security
  • cloud security
  • mobile security
  • application security
  • software development
  • quality assurance
  • software maintenance or operations

… we want to hear from you at AppSecIL!

AppSec Israel 2018 will have two lecture tracks. There will also be a sponsors pavilion for vendors of products and services relevant to application security and developers, and for recruiting. Note that sponsorship deals never include talks! The content is selected independently of sponsors, and we do not abide “pay for play” (i.e. $ != talk).

AppSec Israel always has excellent talks, but even if you’ve never done this before - you should not be discouraged from submitting! It is very important to us to have a diverse variety of speakers, and even if this is your first time presenting we will ensure that you have the support needed to give a great talk, including speaker mentorship if you want. (AppSecIL is also a super friendly crowd, so it’s a great place to start out!)

CFP Description

Anything and everything AppSec! Application security, software security, web security…

In general, the only restriction on the subject of the talks is being related to Application Security or Software Security in some way (not necessarily Web). We will not accept any talks regarding other aspects of Security, that are not applicative in nature. Talks at any technical level can be accepted.

We especially appreciate talks from security folk in large organizations (“security consumers”) who can share different Case Studies from the field. Specifically, the topics we look for include, but are not limited to, the following subject areas:

  • Secure development: secure coding, static analysis, application threat modelling, web frameworks security, countermeasures, SDLC, DevOps, etc.
  • Mobile security: Development and/or testing devices and the mobile web
  • Cloud security: Offensive and defensive considerations for cloud-based web applications
  • Applicative Infrastructure security: Database security, VoIP, hardware, identity management, serverless and containers frameworks
  • Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
  • Emerging web technologies and associated security considerations
  • Internet of Things: IoT security and other devices
  • SCADA and Industrial Control Systems: and how these can be secured, or hacked, at an application or software level.
  • Applied Cryptography: Relevant research, new models, algorithm usage, interesting attacks, and other applications.
  • Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
  • OWASP tools and projects in practice
  • Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
  • Cool hacks and other fun stuff: cryptography, social engineering, etc.

AppSecIL will include 2 lecture tracks. The specific division of these tracks will be decided later, but it will likely be aligned with OWASP’s Builders / Breakers / Defenders nomenclature:

  • Builders: Targeting developers, testers, and managers involved in the secure software development lifecycle.
  • Breakers: Focusing on matters relevant to penetration testers, researchers, and other security professionals.
  • Defenders: Emphasizing operations issues affecting infrastructure security teams, administrators, support, etc.
  • Policy and Legal: Addressing privacy, compliance, and legal issues affecting development and security communities.

Since we usually get many more “Breaker” talks than Builder or Defender talks, we may give extra weight for these.