Salon theme: Finance & Mobile Security
Salon time: 13:30-17:30, December 20, 2013
Salon location: conference room of Anheng Safety Research Institute, 8th floor, No. 68, Tonghe Road, Binjiang District, Hangzhou, Zhejiang Province
Salon agenda:
time
content
Speaker
13:30-14:00
Sign in meeting music playing
14:00-14:30
Mobile Security Project Introduction
Unintentionally
14:30-15:00
Traditional mobile client to game client security test
Lu Bin Liang
15:00-15:30
Vulnerability and attack status of mobile operating system
Wang Qi
15:30-15:50
Tea break
15:50-16:20
Research on chip level mobile secure payment solution
Chen Jialin
16:20-16:50
The implementation and promotion of information security system in the third-party payment industry
Lu Jin
16:50-17:20
Building Alipay's new safety system
Zheng Xin Wei
17:20-17:30
Concluding remarks
Topic name: Mobile Security Project Introduction
Speaker: have 7 years working experience in IT security, security testing and network security architecture design and implementation. He has obtained ISO27001, CIW lecturer, intelligence analyst, offensive security expert and other certification; at the same time, he is also one of the founders of China open source securitymap; deputy director of Expert Committee of Zhejiang Security Association; one of the directors of OWASP Hangzhou District, responsible for OWASP open source projects: webboat, hacking lab, mobile security.
Topic introduction: mobile application threat model
Mobile Security Test Guide
Mobile security testing methodology
Cheat sheet for mobile security
Ten mobile security control and design principles
About top 10 mobile risks
Project members and opinion collection
Topic name: traditional mobile client to game client security test
Speaker: Lu binliang, member of OWASP mobile security project team. Now Shanda game security engineer is mainly responsible for web security, anti plug-in operation and maintenance, and mobile client security.
Topic introduction: briefly share the differences, methods and experiences (mainly Android) in the past when conducting mobile client security assessment for financial and operator customers in security companies and conducting security testing for game clients up to now.
Topic name: Research on chip level mobile secure payment solutions
Speaker: Chen Jialin, senior R & D Manager of Marvell, master of information security of Wuhan University, more than 6 years of experience in R & D of embedded intelligent device platform, focusing on Android system level security solutions, making full use of system software and hardware to make Android platform reach the highest security level. Lead the team to make Marvell the first chip company to pass the highest level 5 certification of mobile intelligent terminal security requirements of the Ministry of industry and information technology of China.
Topic name: implementation and promotion of information security system in the third-party payment industry
Speaker: Lu Jin, deputy general manager of risk control and security management department of shangmeng business services Co., Ltd., deeply researched and implemented the national information security level protection standard, ISO27001 standard and ITSM service management framework, effectively combined the system standard with the problems in the actual work, and had unique understanding and experience for the it governance work of large enterprises.
Topic introduction: it is divided into four parts: introduction to the tripartite payment industry, regulatory requirements for the third-party payment industry, design and implementation of the security management system for the third-party payment industry, and expectation of information security for the third-party payment industry
Topic: building a new security system for Alipay
Speaker: Zheng Xinwei, net name: cnhawk, years of security experience, currently in the Alibaba to pay for Baoan, focusing on safety system.
Topic introduction: in the new era, the threats faced by enterprise security have also changed a lot, and new attack methods have also brought many challenges to enterprise security. How to build a new enterprise security system to protect against all kinds of attacks has become a new task for enterprise security personnel!
Thank:
Venue support: the salon location is provided by Anheng
Media support: the official media of the salon continues to be supported by freebuf hackers and geeks (Weibo), recording and sharing the highlights of the meeting ~!!
Application method: please provide (OWASP China member number + name) email to memberą·owasp.org.cn for application. The email title should indicate "attend OWASP 2013 Hangzhou Salon".
Activity map: