Hacking Book | Free Online Hacking Learning


owasp hangzhou security salon at the end of 2013 - owasp

Posted by bassolino at 2020-02-27


At the end of the year and the beginning of the year, the security colleagues in Hangzhou district gathered for exchange and learning. This time, OWASP Hangzhou district and Hangzhou Google developer community, referred to as "Hangzhou GDG", jointly launched. During the salon, from Huawei, Alibaba, Anheng, Netease, pptv, edge network, freebuf, Wuyun, The security experts of OWASP and Hangzhou GDG technology talents bring new security attack and defense technologies of all dimensions, including the classic cases of the security industry in the past year, the way for small and medium-sized enterprises to survive in security protection, the high-risk problems they may face in the future, the security operation and maintenance and testing of large enterprises, cloud computing security, and the vulnerability detection technology of Android platform, Chinese version recommendation of webboat and so on

In addition to the core topics, in order to promote peer exchanges in the industry, the salon has set up a "security technology real person library" link. Participants are welcome to share their own security skills, tools, views, special resources and so on in specific fields. At present, we know that the content to be shared includes: RFID technology, honeypot tools, DIY wireless AP for special needs, Android platform hackin G suite, DNS traversal, etc. There is no limit to the content. You are welcome to all kinds of technical flows, enterprise flows, obscene flows, high wealth and handsome skills, diaosi scripts

The official media of the salon is supported by freebuf hackers and geeks (Weibo), recording and sharing the wonderful contents of the conference ~!!

In a word, all participants are welcome to bring all kinds of equipment into the venue, learn from each other and build the best safety technology exchange platform in Hangzhou. Welcome to Hangzhou security salon at the end of 2013!

Held on: 13:30-18:00, January 12, 2013 (Saturday)

Address: Xiangyi palace, 4th floor, Xiangyi Hotel, No.108 Jiefang Road, Hangzhou

Salon agenda:

1. Meeting attendance 13:30-14:00

2. Speech by head of Hangzhou district 14:00-14:15

3. New information security boundary and security testing technology for large enterprises

4. Virtual case invasion via scene Presenter: Wu Zhuoqun 14:30-14:55

5. Operation and maintenance platform penetration & pptv security architecture sharing Speaker: Xiang Hongyang 14:55-15:20

6. Interaction link of safety technology real person library 15:20-15:35

7. Rest 15:35-15:45

8. Talking about Android repackaging technology Speaker: Shen Xing 15:45-16:10

9、 Self built CDN response to mass flow denial of service Speaker: Shao Haiyang, Zhang Lei 16:10-16:35

10. Cloud computing security and security device virtualization Speaker: Yunshu 16:35-17:00

11. Rest 17:00-17:10

12. Practice and Discussion on safety operation and maintenance of large enterprises Speaker: cnhawk 17:10-17:35

13. OWASP open source project WebGate manual in Chinese speaker: Fu Kui 17:35-17:50

14. Gifts and closing remarks 18:00

OWASP Hangzhou salon full review (picture and text record)

Thank you for freebuf. Original link: http://www.freebuf.com/news/others/6809.html

On the afternoon of January 12, 2013 Beijing time, OWASP Hangzhou salon was held in Shangcheng Xiangyi Hotel, Hangzhou. Freebuf participated in the salon as the official media support. At about 1:30pm, the small team entered the site. At this time, the site was full of people. It was visually observed that there were about 150 people present, which really reached the standard of safety meeting.

After Tony, the head of OWASP Hangzhou District, and a brief opening, the salon will begin.

Topic highlight

The new information security boundary and large enterprise security testing technology inadvertently introduced Huawei's relatively mature security testing process and technical framework (including security development, security testing, security audit, security delivery process, etc.) formed through a large number of overseas project practices, which has won the recognition of many professional institutions.

From information collection to vulnerability utilization, shell rebound, power lifting and Intranet penetration, Wu Zhuoqun, a penetration engineer from Anheng, demonstrated a complete penetration test process in the way of "video + explanation". From the feedback on the spot, people are quite interested in the topic of infiltration.

Self built CDN to deal with large traffic denial of service has brought a practical issue from Shao Haiyang and Zhang Lei of GDG (Google developer group): from the perspective of cost, efficiency and specific architecture design (selection, configuration, optimization, etc.), it is proposed to deal with different types of DDoS attacks through self built CDN.

Penetration of operation and maintenance platform & pptv security architecture sharing is another key penetration topic: security engineers from pptv explain to Hongyang how to penetrate multiple large-scale websites through operation and maintenance platforms such as ZABBIX and remote management card. It is worth mentioning that the topics are all real cases; in addition, Xiang Hongyang also briefly introduces the security architecture of pptv.

Shen Xingxing, security engineer of Netease, analyzes the repackaging technology of Android, from APK file structure to file conversion, including the tools and application scenarios of repackaging technology used in actual combat.

Cloud computing security and security device virtualization comes from Alibaba's Yunshu, who has elaborated a new idea about cloud computing security, hoping to bring some new changes to security vendors.

The practice and discussion of safety operation and maintenance of large enterprises is discussed from the CNHAWK of Alipay, and the safety operation and maintenance of large enterprises are discussed. From the perspective of architecture, how to improve the safety of Party A is discussed.

Fu Kui, the Chinese version of the WebGate Manual of OWASP open source project, shares the Chinese version of the WebGate Manual of OWASP well-known open source project.

The "sheep wall" designed by the organizer of highlight is very interesting. Many account passwords are on the wall You need to pay attention to the hacker conference, not WiFi

The issue of Yunshu attracted the interest of manufacturers and some Party A, and was surrounded during the intermission

It is worth mentioning that the security enthusiasts from Zhejiang University and other universities also put forward valuable discussions on the topic on the spot, hoping that this new force of academic school can bring fresh and vitality to China's security technology.