For various reasons, this year was the first year I made it to OWASP AppSec Israel, the national Application Security conference here in Israel. Not only that but I was honoured to be accepted to present as well. It was a long day including a speakers/organisers dinner in the evening but as well as being tired I was also really buzzing with excitement and I thought I’d jot down a few notes about the day.

The agenda

There were a bunch of really great talks on the agenda (credit to Irene Abezgauz who chaired the content committee) with a big emphasis on talks aimed at sharing ideas and experiences for defenders and builders (with a few cool hacks thrown in as well). I thought having the agenda balanced in that way was really great as, like Avi said in his opening comments, defenders and builders are the main audience for OWASP.

The atmosphere

The overall atmosphere seemed really positive, supportive and open. People seemed to be socialising, people, were making an effort to talk to other people, there seemed to be a really happy buzz in the communal areas.

Presenting at the conference

This was my first time presenting at a major conference and I was pretty nervous. Ultimately I had practiced hard and I think it went OK (if a little fast) and hopefully people will get some benefit out of the ideas I shared. (Eventually I will try and post a blog based on the talk for those who missed it.) Despite my nerves, having friends, colleagues and my boss attending and supporting really made it special and made me feel a lot better. The organisers were really supportive as well with Or telling me a joke just before I was about to start.

Seeing friends and colleagues

https://www.facebook.com/comsecgroup/posts/10155187676458985

It was great to hang out with friends who I work with, friends who I used to work with and friends who I’ve never worked with, especially catching up with those who I don’t see very often. As a presenter, having them there also made it more special. It was also great seeing colleagues who I’ve worked with on different client projects and catching up with them. A great thing about being a consultant is working with a wide range of different people it was great to see some of them there.

The sponsors

It was great to see so many local organisations sponsoring the conference including my employer, Comsec Group. Having these sponsors meant that the conference could be high quality but free to attend and it was great to see these organisations contributing back to the community.

I also thought that the sponsors area had a nice buzz to it with companies raising their profiles whilst also searching for new talent (and giving away some nice goodies as well like a showerproof Bluetooth speaker ☺.) It seemed like a win-win for everyone and I didn’t notice much aggressive attention seeking.

Fringe activities

The main conference was two tracks but there was also the CTF and workshops put on by GE Digital as part of their “Diamond” sponsorship of the conference as well as CV review sessions to help job seekers. Again, I thought these added extra facets to the day of the conference.

Meeting new people

This was a great day for meeting new people as well including people I’d never met before, fellow speakers and also people I’d had Twitter conversations with but not met face-to-face before.

Particular highlights were meeting local InfoSec superstar Keren Elazari and chatting to Tiffany Long, the OWASP Community Manager but I also had loads of great conversations with other presenters and other attendees, LobbyCon was definitely going strong.

OWASP Israel

“OWASP works!” — https://youtu.be/TfIky1agmDY?t=794

A few months back, Ian Amit gave a slightly brutal closing keynote at BSidesTLV lamenting the decline of the local InfoSec community. In that talk, he specifically praised the Israeli OWASP chapter for keeping regular meetings going and just generally staying active. The conference today was a great illustration of that strength and it’s a credit to the OWASP Israel board (led up to now by Avi Douglen with Or Katz taking the lead going forward) that the Global OWASP annual conference, AppSecEU is going to be in Tel Aviv for 2018.

These are exciting times for the local AppSec and InfoSec community and I’m looking forward to getting more involved in local and international OWASP activities in the future.

Thanks again to Avi, Or, Ofer, Hemed, Yossi and Irene (and all the others who volunteered their time and effort) for such a great conference!

Updated:

You may also enjoy

What’s going on with (Sem|open)grep?

This post discusses the recent changes in Semgrep, the creation of the Opengrep fork, and the implications for the open-source community.