Hacking Book | Free Online Hacking Learning


owasp 2013 hangzhou salon - owasp

Posted by bassolino at 2020-03-22

Salon theme: Finance & Mobile Security

Salon time: 13:30-17:30, December 20, 2013

Salon location: conference room of Anheng Safety Research Institute, 8th floor, No. 68, Tonghe Road, Binjiang District, Hangzhou, Zhejiang Province

Salon agenda:





Sign in meeting music playing


Mobile Security Project Introduction



Traditional mobile client to game client security test

Lu Bin Liang


Vulnerability and attack status of mobile operating system

Wang Qi


Tea break


Research on chip level mobile secure payment solution

Chen Jialin


The implementation and promotion of information security system in the third-party payment industry

Lu Jin


Building Alipay's new safety system

Zheng Xin Wei


Concluding remarks

Topic name: Mobile Security Project Introduction

Speaker: have 7 years working experience in IT security, security testing and network security architecture design and implementation. He has obtained ISO27001, CIW lecturer, intelligence analyst, offensive security expert and other certification; at the same time, he is also one of the founders of China open source securitymap; deputy director of Expert Committee of Zhejiang Security Association; one of the directors of OWASP Hangzhou District, responsible for OWASP open source projects: webboat, hacking lab, mobile security.

Topic introduction: mobile application threat model

Mobile Security Test Guide

Mobile security testing methodology

Cheat sheet for mobile security

Ten mobile security control and design principles

About top 10 mobile risks

Project members and opinion collection

Topic name: traditional mobile client to game client security test

Speaker: Lu binliang, member of OWASP mobile security project team. Now Shanda game security engineer is mainly responsible for web security, anti plug-in operation and maintenance, and mobile client security.

Topic introduction: briefly share the differences, methods and experiences (mainly Android) in the past when conducting mobile client security assessment for financial and operator customers in security companies and conducting security testing for game clients up to now.

Topic name: Research on chip level mobile secure payment solutions

Speaker: Chen Jialin, senior R & D Manager of Marvell, master of information security of Wuhan University, more than 6 years of experience in R & D of embedded intelligent device platform, focusing on Android system level security solutions, making full use of system software and hardware to make Android platform reach the highest security level. Lead the team to make Marvell the first chip company to pass the highest level 5 certification of mobile intelligent terminal security requirements of the Ministry of industry and information technology of China.

Topic name: implementation and promotion of information security system in the third-party payment industry

Speaker: Lu Jin, deputy general manager of risk control and security management department of shangmeng business services Co., Ltd., deeply researched and implemented the national information security level protection standard, ISO27001 standard and ITSM service management framework, effectively combined the system standard with the problems in the actual work, and had unique understanding and experience for the it governance work of large enterprises.

Topic introduction: it is divided into four parts: introduction to the tripartite payment industry, regulatory requirements for the third-party payment industry, design and implementation of the security management system for the third-party payment industry, and expectation of information security for the third-party payment industry

Topic: building a new security system for Alipay

Speaker: Zheng Xinwei, net name: cnhawk, years of security experience, currently in the Alibaba to pay for Baoan, focusing on safety system.

Topic introduction: in the new era, the threats faced by enterprise security have also changed a lot, and new attack methods have also brought many challenges to enterprise security. How to build a new enterprise security system to protect against all kinds of attacks has become a new task for enterprise security personnel!


Venue support: the salon location is provided by Anheng

Media support: the official media of the salon continues to be supported by freebuf hackers and geeks (Weibo), recording and sharing the highlights of the meeting ~!!

Application method: please provide (OWASP China member number + name) email to memberą·owasp.org.cn for application. The email title should indicate "attend OWASP 2013 Hangzhou Salon".

Activity map: