https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=AnthonylaiOWASP - User contributions [en]2026-05-28T08:40:54ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Hong_Kong&diff=226570Hong Kong2017-02-21T08:50:18Z<p>Anthonylai: </p>
<hr />
<div>http://www.pisa.org.hk/event/owasp-hk_logo.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user and security groups including VXRL in Hong Kong.<br />
<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
== OWASP HK Chapter Core ==<br />
Facebook: https://www.facebook.com/OwaspHongKongChapter<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
''' OWASP TechDay 2017'''<br />
<br />
'''Time: 0930 - 1730'''<br />
<br />
'''Venue: LTG, HKUST''<br />
<br />
'''Details:'''<br />
<br />
We will hold a seminar on 11 March in HKUST:<br />
<br />
Please kindly find the details including agenda, venue and registration in the URL below:<br />
https://www.eventbrite.hk/e/owasp-techday-2017-hk-tickets-32188270985<br />
<br />
Thank you for your joining.<br />
<br />
Some speakers are OWASP Core Members have been involved in various Web application research and CTF games, please come and enjoy.<br />
<br />
We are thankful to HKUST to sponsor the venue and host the event with us.<br />
<br />
Organizer: OWASP Hong Kong Chapter<br />
Co-Host: HKUST Computer Science Department<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]<br />
[[Category:Asia]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=226568Hong Kong2017-02-21T06:11:51Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.pisa.org.hk/event/owasp-hk_logo.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
== OWASP HK Chapter Core ==<br />
Facebook: https://www.facebook.com/OwaspHongKongChapter<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
''' OWASP TechDay 2017'''<br />
<br />
'''Time: 0930 - 1730'''<br />
<br />
'''Venue: LTG, HKUST''<br />
<br />
'''Details:'''<br />
<br />
We will hold a seminar on 11 March in HKUST:<br />
<br />
Please kindly find the details including agenda, venue and registration in the URL below:<br />
https://www.eventbrite.hk/e/owasp-techday-2017-hk-tickets-32188270985<br />
<br />
Thank you for your joining.<br />
<br />
All speakers are OWASP Core Members and/or VXRL researchers and have been involved in various Web application research and CTF games, please come and enjoy.<br />
<br />
We are thankful to HKUST to sponsor the venue and host the event with us.<br />
<br />
Organizer: OWASP Hong Kong Chapter<br />
Co-Host: HKUST Computer Science Department<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]<br />
[[Category:Asia]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=155425Hong Kong2013-07-12T16:11:39Z<p>Anthonylai: /* OWASP HK Chapter Core */</p>
<hr />
<div>http://www.pisa.org.hk/event/owasp-hk_logo.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
== OWASP HK Chapter Core ==<br />
Facebook: https://www.facebook.com/OwaspHongKongChapter<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
'''Seminar: OWASP HK Chapter: Half-Day Event on 27 July (Sat)'''<br />
<br />
'''Time: 1400 - 1730'''<br />
<br />
'''Venue: R502, Polytechnic Univiesity, Hunghom'''<br />
<br />
'''Details:'''<br />
<br />
We will hold a seminar on 27 July with the following topic and speakers:<br />
<br />
OWASP Top 10 2013 Update - Anthony Lai, SANS GWAPT<br />
<br />
CTF for Fun and Profit - Anthony Lai, SANS GWAPT<br />
<br />
Mobile Phone Browser XSS - Alan Ho, SANS GWAPT (Gold paper)<br />
<br />
Crypto and Web Hack - Zetta KE, PhD student, ISMS, HKUST<br />
<br />
The time would be from 1400 to 1800 held in Polytechnic University. We will keep you posted on the venue. Please reach me for registration with your full nam e and email address. <br />
<br />
Thank you for your joining.<br />
<br />
All speakers are VXRL researchers and have been involved in various Web application research and CTF games, please come and enjoy<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]<br />
[[Category:Asia]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=155423Hong Kong2013-07-12T05:51:25Z<p>Anthonylai: </p>
<hr />
<div>http://www.pisa.org.hk/event/owasp-hk_logo.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
== OWASP HK Chapter Core ==<br />
To be listed later.<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
'''Seminar: OWASP HK Chapter: Half-Day Event on 27 July (Sat)'''<br />
<br />
'''Time: 1400 - 1730'''<br />
<br />
'''Venue: R502, Polytechnic Univiesity, Hunghom'''<br />
<br />
'''Details:'''<br />
<br />
We will hold a seminar on 27 July with the following topic and speakers:<br />
<br />
OWASP Top 10 2013 Update - Anthony Lai, SANS GWAPT<br />
<br />
CTF for Fun and Profit - Anthony Lai, SANS GWAPT<br />
<br />
Mobile Phone Browser XSS - Alan Ho, SANS GWAPT (Gold paper)<br />
<br />
Crypto and Web Hack - Zetta KE, PhD student, ISMS, HKUST<br />
<br />
The time would be from 1400 to 1800 held in Polytechnic University. We will keep you posted on the venue. Please reach me for registration with your full nam e and email address. <br />
<br />
Thank you for your joining.<br />
<br />
All speakers are VXRL researchers and have been involved in various Web application research and CTF games, please come and enjoy<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]<br />
[[Category:Asia]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=155420Hong Kong2013-07-12T05:41:40Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
'''Seminar: OWASP HK Chapter: Half-Day Event on 27 July (Sat)'''<br />
<br />
'''Time: 1400 - 1730'''<br />
<br />
'''Venue: R502, Polytechnic Univiesity, Hunghom'''<br />
<br />
'''Details:'''<br />
<br />
We will hold a seminar on 27 July with the following topic and speakers:<br />
<br />
OWASP Top 10 2013 Update - Anthony Lai, SANS GWAPT<br />
<br />
CTF for Fun and Profit - Anthony Lai, SANS GWAPT<br />
<br />
Mobile Phone Browser XSS - Alan Ho, SANS GWAPT (Gold paper)<br />
<br />
Crypto and Web Hack - Zetta KE, PhD student, ISMS, HKUST<br />
<br />
The time would be from 1400 to 1800 held in Polytechnic University. We will keep you posted on the venue. Please reach me for registration with your full nam e and email address. <br />
<br />
Thank you for your joining.<br />
<br />
All speakers are VXRL researchers and have been involved in various Web application research and CTF games, please come and enjoy<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]<br />
[[Category:Asia]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=49353Hong Kong2008-12-16T08:15:32Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 16 Dec 2008 : '''The speaker will arrive on 19 Dec and please bring USB storage more than 8GB to copy the VM for practice later on)<br />
Please act fast to reserve it first and the current reservation is 30. The class size is expected to be at most 35.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 17:30<br />
Breaks: 15 minutes each (from 11:30 to 11:45 and 16:00 to 16:15)<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee' (For PISA, HTCIA and OWASP members)''<br />
<br />
1000 HKD (On or Before 13 Dec) <br />
<br />
1500 HKD (From 14 and before 18 Dec 2008)<br />
<br />
'''Fee' (For others)''<br />
<br />
2000 HKD (On or Before 13 Dec) <br />
<br />
2500 HKD (After 13 and before 18 Dec 2008)<br />
<br />
<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=48120Hong Kong2008-12-08T06:17:55Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 4 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 24. The class size is expected to be at most 35.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee' (For PISA, HTCIA and OWASP members)''<br />
<br />
1000 HKD (On or Before 13 Dec) <br />
<br />
1500 HKD (From 14 and before 18 Dec 2008)<br />
<br />
'''Fee' (For others)''<br />
<br />
2000 HKD (On or Before 13 Dec) <br />
<br />
2500 HKD (After 13 and before 18 Dec 2008)<br />
<br />
<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=48119Hong Kong2008-12-08T04:11:46Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 4 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 24. The class size is expected to be at most 35.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
'''Supporting Organization'''<br />
PISA (Professional Information Security Association)(www.pisa.org.hk)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee' (For PISA, HTCIA and OWASP members)''<br />
<br />
1000 HKD (On or Before 13 Dec) <br />
<br />
1500 HKD (From 14 and before 18 Dec 2008)<br />
<br />
'''Fee' (For others)''<br />
<br />
2000 HKD (On or Before 13 Dec) <br />
<br />
2500 HKD (After 13 and before 18 Dec 2008)<br />
<br />
<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=48058Hong Kong2008-12-07T17:32:16Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 4 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 24. The class size is expected to be at most 35.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
'''Supporting Organization'''<br />
PISA (Professional Information Security Association)(www.pisa.org.hk)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee' (For PISA, HTCIA and OWASP members)''<br />
<br />
1000 HKD (On or Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
'''Fee' (For others)''<br />
<br />
2000 HKD (On or Before 8 Dec) <br />
<br />
2500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
2800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47553Hong Kong2008-12-04T02:53:03Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 4 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 24. The class size is expected to be at most 35.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
'''Supporting Organization'''<br />
PISA (Professional Information Security Association)(www.pisa.org.hk)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee'''<br />
<br />
1000 HKD (Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47552Hong Kong2008-12-04T02:41:35Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 3 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 23. The class size is expected to be at most 35~40.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
'''Supporting Organization'''<br />
PISA (Professional Information Security Association)(www.pisa.org.hk)<br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee'''<br />
<br />
1000 HKD (Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47443Hong Kong2008-12-03T03:31:37Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 3 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 23. The class size is expected to be at most 35~40.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee'''<br />
<br />
1000 HKD (Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47442Hong Kong2008-12-03T03:31:06Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 3 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.<br />
Please act fast to reserve it first and the current reservation is 23. The class size is expected to be at most 35~40.<br />
<br />
Payment Method:<br />
<br />
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to anthonation@gmail.com and anthonylai@owasp.org<br />
<br />
2) Please reach me if you have enquiry at +852 6778 2668.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee'''<br />
<br />
1000 HKD (Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47441Hong Kong2008-12-03T03:27:14Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 6 Nov 2008 : '''The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
<br />
'''Fee'''<br />
<br />
1000 HKD (Before 8 Dec) <br />
<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47440Hong Kong2008-12-03T03:25:57Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 6 Nov 2008 : '''The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD (Before 8 Dec) <br />
''<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
''<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
''<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=47439Hong Kong2008-12-03T03:25:19Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 6 Nov 2008 : '''The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD (Before 8 Dec)<br />
1500 HKD (After 8 and before 13 Dec 2008)<br />
1800 HKD (After 13 and before 18 Dec 2008)<br />
<br />
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)<br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=46027Hong Kong2008-11-06T16:07:32Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 6 Nov 2008 : '''The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD <br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
a. Overwrite critical variable<br />
<br />
b. Overwrite return address<br />
<br />
c. Return to .text<br />
<br />
d. Return to libc<br />
<br />
e. Overwrite .dtors<br />
<br />
f. Overwrite .got<br />
<br />
g. Overwrite .bss, functors<br />
<br />
h. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=46026Hong Kong2008-11-06T16:06:27Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
<br />
'''Status - 6 Nov 2008 : '''The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD <br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
1. Overwrite critical variable<br />
<br />
2. Overwrite return address<br />
<br />
3. Return to .text<br />
<br />
4. Return to libc<br />
<br />
5. Overwrite .dtors<br />
<br />
6. Overwrite .got<br />
<br />
7. Overwrite .bss, functors<br />
<br />
8. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=46025Hong Kong2008-11-06T16:05:32Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
<br />
Status: The speaker has got my invitation letter and he is now applying the traveling VISA to Hong Kong.<br />
Money collection will start once he confirmed me the air ticket and VISA application. However, you need to reserve it as there are already 17 reservations. The class size is expected to be 30-40.<br />
<br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter) and PISA <br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD <br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
1. Overwrite critical variable<br />
<br />
2. Overwrite return address<br />
<br />
3. Return to .text<br />
<br />
4. Return to libc<br />
<br />
5. Overwrite .dtors<br />
<br />
6. Overwrite .got<br />
<br />
7. Overwrite .bss, functors<br />
<br />
8. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=46007Hong Kong2008-11-06T08:27:51Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<paypal>Hong Kong</paypal><br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
<br />
<br />
<br />
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''<br />
<br />
''<br />
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[anthonylai@owasp.org]] for reservation. <br />
''<br />
<br />
'''Instructor'''<br />
Nam Nguyen<br />
<br />
'''Date and Time'''<br />
2 days, 20 - 21 Dec 2008 (Sat and Sun)<br />
Registration Time: 9:45am<br />
Time: 10:00 - 13:00; 14:30 - 18:00<br />
<br />
'''Venue'''<br />
Room 172, IVE Haking Wong, Cheung Sha Wan<br />
<br />
'''Organizer'''<br />
OWASP (Hong Kong Chapter)<br />
<br />
'''Co-organizer and Venue Sponsorship'''<br />
PISA and Vocational Training Council (Haking Wong)<br />
<br />
'''Fee'''<br />
1000 HKD <br />
<br />
'''Summary'''<br />
This course is a primer into software exploitation on the Linux environment.<br />
The course assumes only basic understanding of the Linux commands, and C<br />
programming with the standard library. It explains the computer<br />
architecture, assembly language then moves on to three basic classes of<br />
security bug: buffer overflow, format string, and race condition and methods<br />
to take advantage of them. Throughout the course, various examples are<br />
introduced with increasing difficulty so that participants will naturally<br />
realize the art of software exploitation for themselves.<br />
<br />
This course does not discuss about shell coding. Except on one example where<br />
provided shell code is used as an illustration, all other challenges require<br />
only good analysis and calculation.<br />
<br />
The course is conducted as a workshop with heavy interaction between<br />
participants and instructor. There will not be any presentation slide.<br />
Participants are to take note during the course.<br />
<br />
'''Audience'''<br />
<br />
Software developers, system administrators, security engineers \with some<br />
experience in Linux and C programming. It is good to prepare a candidate to<br />
join for Capture The Flag (CTF) event.<br />
<br />
'''Table of Contents'''<br />
<br />
1. Computer architecture<br />
<br />
2. Assembly language<br />
<br />
3. Buffer overflow<br />
<br />
4. Format string<br />
<br />
5. Race condition<br />
<br />
6. Techniques<br />
<br />
1. Overwrite critical variable<br />
<br />
2. Overwrite return address<br />
<br />
3. Return to .text<br />
<br />
4. Return to libc<br />
<br />
5. Overwrite .dtors<br />
<br />
6. Overwrite .got<br />
<br />
7. Overwrite .bss, functors<br />
<br />
8. By pass Advanced Space Layout Randomization<br />
<br />
7. Tools of the trade: IDA, GDB, and Python<br />
<br />
8. Sharing of CTF in HITB<br />
<br />
'''Workshop Specifics'''<br />
As we have got a lab. An VM image will be provided.<br />
<br />
'''Speaker Biography'''<br />
Nam Nguyen is currently the principal security consultant with Blue<br />
Moon Consulting Co., Ltd. He started poking at binaries when he<br />
couldn't finish Dune 2 and has since spent more than a decade reverse<br />
engineering and understanding how stuffs work.<br />
Nam is a CISSP, a core member of the VNSecurity group, and a chapter<br />
lead of OWASP Vietnam. His interests include code construction and<br />
destruction, decompilation and Python.<br />
<br />
----<br />
<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)<br />
<br />
[[Category:China]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Anthony_Lai_(Dark_Floyd),_OWASP_HK_Chapter&diff=44403Anthony Lai (Dark Floyd), OWASP HK Chapter2008-10-22T18:20:14Z<p>Anthonylai: </p>
<hr />
<div>Anthony Lai (Dark Floyd)<br />
<br />
Dark Floyd (hacker alias used in oCTF@DefCon) is a regional senior risk consultant in an European financial institute to oversee on risk assessment, technology risk management and penetration verification in the APAC region. His major interests are reverse engineering, exploit development, web application security, hacking investigation, response and forensic. <br />
<br />
He is the chapter leader of OWASP (Hong Kong), program committee member of PISA (www.pisa.org.hk), program director of HTCIA (Asia Pacific Chapter)(www.htcia.org.hk) and founder/editor of InfoSec Hong Kong web site (www.infosechk.org) <br />
<br />
He could be reached at anthonylai@owasp.org (however, I am waiting for head office to reset my password...) and anthony.lai@htcia.org.hk</div>Anthonylaihttps://wiki.owasp.org/index.php?title=OWASP_AppSec_Asia_2008_-_Taiwan&diff=44402OWASP AppSec Asia 2008 - Taiwan2008-10-22T18:15:12Z<p>Anthonylai: /* (2008/10/27) - Day 1 */</p>
<hr />
<div>Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].<br />
<br />
Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.<br />
<br />
<br />
[[Image:Map2.png|center]]<br />
<br />
== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | <br />
=== (2008/10/27) - Day 1 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br><br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-10:50''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]]<br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[YM Chen, Director, Foundstone, A Division of McAfee]]<br><BR>''' <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00-11:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[Wayne Huang, OWASP Taiwan Chapter]]<br><BR>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 11:50 - 12:40 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''12:40 - 13:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | '''13:40 - 15:40 Asia Chapter Leader Meeting''' <br />
'''Attendee:''' China, Delhi, HK, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters<br />
<br />
'''P.S:''' Meeting with go in parallel to the two of the talk sessions and coffee break.<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:40 - 14:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]]<br>'''<br />
|-<br />
<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:30 - 14:50 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:50 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices<br />
<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Yuan Fan, OWASP China Chapter]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin (Taiwan Information & Communication Security Technology Center)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:10''' || style="width:30%; background:#A7BFDE" align="center" | '''Penetration Test with BackTrack: Metasploit and Meterpreter<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Anthony Lai (Dark Floyd), OWASP HK Chapter]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" |<br />
<br />
=== (2008/10/28) - Day 2 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]]<br>'''<br />
|-<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] <br>'''<br />
|-<br />
<br />
<br />
|}<br />
<br />
==Conference Fees & Registration==<br />
<br />
<br />
<br />
=== Conference Fees ===<br />
<br />
The fee for the two days conference is USD 35, which includes:<br />
*Two lunches<br />
*Coffee breaks<br />
*Conference T-Shirt<br />
<br />
=== Registration ===<br />
<br />
Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.<br />
<br />
== Conference T-Shirt ==<br />
[[Image:OWAS AppSec Asia Tshirt.png]]<br />
<br />
== Conference Venue==<br />
<br />
'''NTUH International Convention Center'''<br />
<br />
'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City<br />
<br />
'''[http://www.thcc.net.tw/en/index.htm Website]'''<br />
<br />
'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''<br />
<br />
<br />
== Hotel Information ==<br />
<br />
'''San Want Hotel'''<br />
<br />
'''Address:''' No.172, Sec. 4, ZhongXiao East Road, Taipei, Taiwan<br />
<br />
Tel:+886-2-2772-2121 | Fax : +886-2-2721-0302<br />
<br />
'''[http://www.sanwant.com/ Website]''' <br />
<br />
<br />
'''Hope City FuShing Hotel'''<br />
<br />
'''Address:''' No.275, Sec.1, Fushing S. Rd., Taipei, Taiwan<br />
<br />
Tel : +886-2-2703-9990 | Fax : +886-2-2706-8547<br />
<br />
'''[http://www.city-hotel.com.tw/bussiness/b2/b2-en.htm Website]'''<br />
<br />
== Taipei City Map - With OWASP Venue and Hotels Marked ==<br />
<br />
<br />
[[Image:Owasp_appsec_asia_2007_tpe_map-1.psd|center]]<br />
<br />
== Welcome to Taiwan==<br />
And WELCOME TO TAIWAN! Please check out [http://tw.youtube.com/watch?v=wRc0q9xQEQ4 this video] about interesting places in Taiwan.<br />
If you need suggestions on how to plan out your trip, please feel free to [mailto:wayne.owasp@gmail.com '''contact us!''']</div>Anthonylaihttps://wiki.owasp.org/index.php?title=OWASP_AppSec_Asia_2008_-_Taiwan&diff=44401OWASP AppSec Asia 2008 - Taiwan2008-10-22T18:05:22Z<p>Anthonylai: /* (2008/10/27) - Day 1 */</p>
<hr />
<div>Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].<br />
<br />
Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.<br />
<br />
<br />
[[Image:Map2.png|center]]<br />
<br />
== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | <br />
=== (2008/10/27) - Day 1 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br><br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-10:50''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]]<br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[YM Chen, Director, Foundstone, A Division of McAfee]]<br><BR>''' <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00-11:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[Wayne Huang, OWASP Taiwan Chapter]]<br><BR>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 11:50 - 12:40 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''12:40 - 13:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | '''13:40 - 15:40 Asia Chapter Leader Meeting''' <br />
'''Attendee:''' China, Delhi, HK, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters<br />
<br />
'''P.S:''' Meeting with go in parallel to the two of the talk sessions and coffee break.<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:40 - 14:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]]<br>'''<br />
|-<br />
<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:30 - 14:50 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:50 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices<br />
<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Yuan Fan, OWASP China Chapter]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin (Taiwan Information & Communication Security Technology Center)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:10''' || style="width:30%; background:#A7BFDE" align="center" | '''Penetration Test with BackTrack: Art of Exploitation<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Anthony Lai (Dark Floyd), OWASP HK Chapter]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" |<br />
<br />
=== (2008/10/28) - Day 2 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]]<br>'''<br />
|-<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] <br>'''<br />
|-<br />
<br />
<br />
|}<br />
<br />
==Conference Fees & Registration==<br />
<br />
<br />
<br />
=== Conference Fees ===<br />
<br />
The fee for the two days conference is USD 35, which includes:<br />
*Two lunches<br />
*Coffee breaks<br />
*Conference T-Shirt<br />
<br />
=== Registration ===<br />
<br />
Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.<br />
<br />
== Conference T-Shirt ==<br />
[[Image:OWAS AppSec Asia Tshirt.png]]<br />
<br />
== Conference Venue==<br />
<br />
'''NTUH International Convention Center'''<br />
<br />
'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City<br />
<br />
'''[http://www.thcc.net.tw/en/index.htm Website]'''<br />
<br />
'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''<br />
<br />
<br />
== Hotel Information ==<br />
<br />
'''San Want Hotel'''<br />
<br />
'''Address:''' No.172, Sec. 4, ZhongXiao East Road, Taipei, Taiwan<br />
<br />
Tel:+886-2-2772-2121 | Fax : +886-2-2721-0302<br />
<br />
'''[http://www.sanwant.com/ Website]''' <br />
<br />
<br />
'''Hope City FuShing Hotel'''<br />
<br />
'''Address:''' No.275, Sec.1, Fushing S. Rd., Taipei, Taiwan<br />
<br />
Tel : +886-2-2703-9990 | Fax : +886-2-2706-8547<br />
<br />
'''[http://www.city-hotel.com.tw/bussiness/b2/b2-en.htm Website]'''<br />
<br />
== Taipei City Map - With OWASP Venue and Hotels Marked ==<br />
<br />
<br />
[[Image:Owasp_appsec_asia_2007_tpe_map-1.psd|center]]<br />
<br />
== Welcome to Taiwan==<br />
And WELCOME TO TAIWAN! Please check out [http://tw.youtube.com/watch?v=wRc0q9xQEQ4 this video] about interesting places in Taiwan.<br />
If you need suggestions on how to plan out your trip, please feel free to [mailto:wayne.owasp@gmail.com '''contact us!''']</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Anthony_Lai_(Dark_Floyd),_OWASP_HK_Chapter&diff=44397Anthony Lai (Dark Floyd), OWASP HK Chapter2008-10-22T18:02:04Z<p>Anthonylai: New page: Anthony Lai (Dark Floyd) Dark Floyd (hacker alias used in oCTF@DefCon) is a regional senior risk consultant in an European financial institute to oversee on risk assessment, technology ri...</p>
<hr />
<div>Anthony Lai (Dark Floyd)<br />
<br />
Dark Floyd (hacker alias used in oCTF@DefCon) is a regional senior risk consultant in an European financial institute to oversee on risk assessment, technology risk management and penetration verification in the APAC region. His major interests are reverse engineering, exploit development, web application security, hacking investigation, response and forensic. <br />
<br />
He is the chapter leader of OWASP (Hong Kong), program committee member of PISA (www.pisa.org.hk), program director of HTCIA (Asia Pacific Chapter)(www.htcia.org.hk) and founder/editor of InfoSec Hong Kong web site (www.infosechk.org) <br />
<br />
You could be reached at anthonylai@owasp.org (however, I am waiting for head office to reset my password...) and anthony.lai@htcia.org.hk</div>Anthonylaihttps://wiki.owasp.org/index.php?title=OWASP_AppSec_Asia_2008_-_Taiwan&diff=44394OWASP AppSec Asia 2008 - Taiwan2008-10-22T17:52:04Z<p>Anthonylai: /* (2008/10/27) - Day 1 */</p>
<hr />
<div>Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].<br />
<br />
Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.<br />
<br />
<br />
[[Image:Map2.png|center]]<br />
<br />
== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==<br />
<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | <br />
=== (2008/10/27) - Day 1 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<br><br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-10:50''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]]<br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[YM Chen, Director, Foundstone, A Division of McAfee]]<br><BR>''' <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00-11:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[Wayne Huang, OWASP Taiwan Chapter]]<br><BR>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 11:50 - 12:40 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''12:40 - 13:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | '''13:40 - 15:40 Asia Chapter Leader Meeting''' <br />
'''Attendee:''' China, Delhi, HK, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters<br />
<br />
'''P.S:''' Meeting with go in parallel to the two of the talk sessions and coffee break.<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:40 - 14:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]]<br>'''<br />
|-<br />
<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:30 - 14:50 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:50 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices<br />
<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Yuan Fan, OWASP China Chapter]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin (Taiwan Information & Communication Security Technology Center)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:10''' || style="width:30%; background:#A7BFDE" align="center" | '''Penetration Test with BackTrack: Gathering sexy data X Art of Exploitation<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Anthony Lai (Dark Floyd), OWASP HK Chapter]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" |<br />
<br />
=== (2008/10/28) - Day 2 ===<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]]<br>'''<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]]<br>'''<br />
|-<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break<br />
|-<br />
{| style="width:80%" border="0" align="center"<br />
! colspan="4" align="center" style="background:#4F81BD; color:white" | <br />
<br />
|-<br />
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''<br />
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''<br />
<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]]<br>'''<br />
|-<br />
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]]<BR><br>'''<br />
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] <br>'''<br />
|-<br />
<br />
<br />
|}<br />
<br />
==Conference Fees & Registration==<br />
<br />
<br />
<br />
=== Conference Fees ===<br />
<br />
The fee for the two days conference is USD 35, which includes:<br />
*Two lunches<br />
*Coffee breaks<br />
*Conference T-Shirt<br />
<br />
=== Registration ===<br />
<br />
Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.<br />
<br />
== Conference T-Shirt ==<br />
[[Image:OWAS AppSec Asia Tshirt.png]]<br />
<br />
== Conference Venue==<br />
<br />
'''NTUH International Convention Center'''<br />
<br />
'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City<br />
<br />
'''[http://www.thcc.net.tw/en/index.htm Website]'''<br />
<br />
'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''<br />
<br />
<br />
== Hotel Information ==<br />
<br />
'''San Want Hotel'''<br />
<br />
'''Address:''' No.172, Sec. 4, ZhongXiao East Road, Taipei, Taiwan<br />
<br />
Tel:+886-2-2772-2121 | Fax : +886-2-2721-0302<br />
<br />
'''[http://www.sanwant.com/ Website]''' <br />
<br />
<br />
'''Hope City FuShing Hotel'''<br />
<br />
'''Address:''' No.275, Sec.1, Fushing S. Rd., Taipei, Taiwan<br />
<br />
Tel : +886-2-2703-9990 | Fax : +886-2-2706-8547<br />
<br />
'''[http://www.city-hotel.com.tw/bussiness/b2/b2-en.htm Website]'''<br />
<br />
== Taipei City Map - With OWASP Venue and Hotels Marked ==<br />
<br />
<br />
[[Image:Owasp_appsec_asia_2007_tpe_map-1.psd|center]]<br />
<br />
== Welcome to Taiwan==<br />
And WELCOME TO TAIWAN! Please check out [http://tw.youtube.com/watch?v=wRc0q9xQEQ4 this video] about interesting places in Taiwan.<br />
If you need suggestions on how to plan out your trip, please feel free to [mailto:wayne.owasp@gmail.com '''contact us!''']</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Category:OWASP_Logging_Project&diff=23940Category:OWASP Logging Project2007-12-12T15:39:18Z<p>Anthonylai: </p>
<hr />
<div>The OWASP Logging Project [[OWASP Logging Project Roadmap]] .<br />
<br />
==Logging Overview==<br />
http://www.pisa.org.hk/event/eventlog-mgt.jpg<br />
<br />
This is the project initiated by Hong Kong Chapter. The idea is sparked when I am required to review various system logs and establish the log standard and review practice as well as process.<br />
<br />
In fact, how many people could spend time and put it as a serious item in their routine checklist? Logs review seems to be a low-tech without skills. However, there are many state of arts behind the scene. <br />
<br />
Anthony Lai, Chapter Leader and Sam Ng, member of Hong Kong Chapter will be responsible to lead this group and please feel free to join us.<br />
<br />
We need your efforts and contribution to this project. Please feel free to reach Anthony at anthonylai@owasp.org or anthony.lai@htcia.org.hk for details. In addition, you are welcomed to add relevant content and share materials/tools related to log management in this project group.<br />
<br />
<br />
==Recent Activities==<br />
Feb 2006 Event log management seminar held with PISA:<br />
http://www.pisa.org.hk/event/eventlog-mgt.htm<br />
<br />
<br />
== Feedback and Participation: ==<br />
<br />
We hope you find the OWASP Logging Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Logging Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-logging subscription page.]<br />
<br />
== News related to Logging: ==<br />
NIL<br />
<br />
== Other Resources and Practice: ==<br />
* HARDENING WINDOWS TIPS - Audit event log to increase system security <br />
<u>http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1116378,00.html</u><br />
<br />
* Detecting hack attacks: Application logging is critical <br />
<u>http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1201090,00.html</u><br />
<br />
[[Category:OWASP Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Category:OWASP_Logging_Project&diff=23939Category:OWASP Logging Project2007-12-12T15:33:53Z<p>Anthonylai: </p>
<hr />
<div>The OWASP Logging Project [[OWASP Logging Project Roadmap]] .<br />
<br />
==Logging Overview==<br />
http://www.pisa.org.hk/event/eventlog-mgt.jpg<br />
<br />
This is the project initiated by Hong Kong Chapter. The idea is sparked when I am required to review various system logs and establish the log standard and review practice as well as process.<br />
<br />
In fact, how many people could spend time and put it as a serious item in their routine checklist? Logs review seems to be a low-tech without skills. However, there are many state of arts behind the scene. <br />
<br />
Anthony Lai, Chapter Leader and Sam Ng, member of Hong Kong Chapter will be responsible to lead this group and please feel free to join us.<br />
<br />
We need your efforts and contribution to this project. Please feel free to reach Anthony at anthonylai@owasp.org or anthony.lai@htcia.org.hk for details. In addition, you are welcomed to add relevant content and share materials/tools related to log management in this project group.<br />
<br />
<br />
==Recent Activities==<br />
Feb 2006 Event log management seminar held with PISA:<br />
http://www.pisa.org.hk/event/eventlog-mgt.htm<br />
<br />
<br />
== Feedback and Participation: ==<br />
<br />
We hope you find the OWASP Logging Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Logging Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-logging subscription page.]<br />
<br />
== News related to Logging: ==<br />
<br />
<br />
[[Category:OWASP Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=23938Log review and management2007-12-12T15:11:00Z<p>Anthonylai: /* Logging Tools */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
== Logging Tools ==<br />
<br />
'''Resources from Syslog.org'''<br />
<br />
* Event Notification<br />
<u>http://www.syslog.org/wiki/Main/EventNotification</u> <br />
* Syslog Clients <br />
<u>http://www.syslog.org/wiki/Main/SyslogClients</u><br />
* Syslogd Replacements <br />
<u>http://www.syslog.org/wiki/Main/SyslogdReplacements</u><br />
* Event Viewers <br />
<u>http://www.syslog.org/wiki/Main/EventViewers</u><br />
* Log Analyzers <br />
<u>http://www.syslog.org/wiki/Main/LogAnalyzers</u><br />
* Event Correlation <br />
<u>http://www.syslog.org/wiki/Main/EventCorrelation</u><br />
* Windows <br />
<u>http://www.syslog.org/wiki/Main/Windows</u><br />
* Misc Log Tools <br />
<u>http://www.syslog.org/wiki/Main/MiscLogTools</u><br />
<br />
'''Best Practice and Tips from Syslog'''<br />
* Syslog Security Tip <br />
<u>http://www.syslog.org/wiki/Main/SyslogSecurityTip</u><br />
* Central Syslog Tip <br />
<u>http://www.syslog.org/wiki/Main/CentralSyslogTip</u><br />
* Logging Windows To Syslog Server <br />
<u>http://www.syslog.org/wiki/Main/LoggingWindowsToSyslogServer</u><br />
*Logging Troubleshoot<br />
<u>http://www.syslog.org/wiki/Main/TroubleshootingSyslogForwarding</u><br />
* Syslog Best Practices <br />
<u>http://www.syslog.org/wiki/Main/SyslogBestPractices</u><br />
* Logging, Log File Rotation, and Syslog Tutorial <br />
<u>http://www.hccfl.edu/pollock/AUnix2/Logging.htm</u><br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=23937Log review and management2007-12-12T15:02:06Z<p>Anthonylai: /* Logging Tools */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
== Logging Tools ==<br />
<br />
'''Resources from Syslog.org'''<br />
<br />
* Event Notification<br />
<u>http://www.syslog.org/wiki/Main/EventNotification</u> <br />
* Syslog Clients <br />
<u>http://www.syslog.org/wiki/Main/SyslogClients</u><br />
* Syslogd Replacements <br />
<u>http://www.syslog.org/wiki/Main/SyslogdReplacements</u><br />
* Event Viewers <br />
<u>http://www.syslog.org/wiki/Main/EventViewers</u><br />
* Log Analyzers <br />
<u>http://www.syslog.org/wiki/Main/LogAnalyzers</u><br />
* Event Correlation <br />
<u>http://www.syslog.org/wiki/Main/EventCorrelation</u><br />
* Windows <br />
<u>http://www.syslog.org/wiki/Main/Windows</u><br />
* Misc Log Tools <br />
<u>http://www.syslog.org/wiki/Main/MiscLogTools</u><br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=23936Log review and management2007-12-12T15:00:35Z<p>Anthonylai: /* Logging Tools */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
== Logging Tools ==<br />
<br />
Resources from Syslog.org<br />
<br />
* Event Notification<br />
<u>http://www.syslog.org/wiki/Main/EventNotification</u> <br />
* Syslog Clients <br />
<u>http://www.syslog.org/wiki/Main/SyslogClients</u><br />
* Syslogd Replacements <br />
<u>http://www.syslog.org/wiki/Main/SyslogdReplacements</u><br />
* Event Viewers <br />
<u>http://www.syslog.org/wiki/Main/EventViewers</u><br />
* Log Analyzers <br />
<u>http://www.syslog.org/wiki/Main/LogAnalyzers</u><br />
* Event Correlation <br />
<u>http://www.syslog.org/wiki/Main/EventCorrelation</u><br />
* Windows <br />
<u>http://www.syslog.org/wiki/Main/Windows</u><br />
* Misc Log Tools <br />
<u>http://www.syslog.org/wiki/Main/MiscLogTools</u><br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=23935Log review and management2007-12-12T14:58:39Z<p>Anthonylai: /* Logging Tools */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
== Logging Tools ==<br />
<br />
* Event Notification<br />
<u>http://www.syslog.org/wiki/Main/EventNotification</u> <br />
* Syslog Clients <br />
<u>http://www.syslog.org/wiki/Main/SyslogClients</u><br />
* Syslogd Replacements <br />
<u>http://www.syslog.org/wiki/Main/SyslogdReplacements</u><br />
* Event Viewers <br />
<u>http://www.syslog.org/wiki/Main/EventViewers</u><br />
* Log Analyzers <br />
<u>http://www.syslog.org/wiki/Main/LogAnalyzers</u><br />
* Event Correlation <br />
<u>http://www.syslog.org/wiki/Main/EventCorrelation</u><br />
* Windows <br />
<u>http://www.syslog.org/wiki/Main/Windows</u><br />
* Misc Log Tools <br />
<u>http://www.syslog.org/wiki/Main/MiscLogTools</u><br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=23934Log review and management2007-12-12T14:54:56Z<p>Anthonylai: /* Subactivity 3 */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
== Logging Tools ==<br />
<br />
Event Notification <br />
Syslog Clients <br />
Syslogd Replacements <br />
Event Viewers <br />
Log Analyzers <br />
Event Correlation <br />
Windows <br />
Misc Log Tools <br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Error_Handling,_Auditing_and_Logging&diff=23933Error Handling, Auditing and Logging2007-12-12T14:44:55Z<p>Anthonylai: /* Further Reading */</p>
<hr />
<div>[[Guide Table of Contents]]__TOC__<br />
<br />
==Objective ==<br />
<br />
Many industries are required by legal and regulatory requirements to be:<br />
<br />
* Auditable – all activities that affect user state or balances are formally tracked<br />
<br />
* Traceable – it’s possible to determine where an activity occurs in all tiers of the application<br />
<br />
* High integrity – logs cannot be overwritten or tampered by local or remote users<br />
<br />
Well-written applications will dual-purpose logs and activity traces for audit and monitoring, and make it easy to track a transaction without excessive effort or access to the system. They should possess the ability to easily track or identify potential fraud or anomalies end-to-end. <br />
<br />
==Environments Affected ==<br />
<br />
All.<br />
<br />
==Relevant COBIT Topics ==<br />
<br />
DS11 – Manage Data – All sections should be reviewed, but in particular:<br />
<br />
DS11.4 Source data error handling<br />
<br />
DS11.8 Data input error handling<br />
<br />
==Description ==<br />
<br />
Error handling, debug messages, auditing and logging are different aspects of the same topic: how to track events within an application:<br />
<br />
<br />
<br />
==Best practices ==<br />
<br />
* Fail safe – do not fail open<br />
<br />
* Dual purpose logs<br />
<br />
* Audit logs are legally protected – protect them<br />
<br />
* Reports and search logs using a read-only copy or complete replica <br />
<br />
==Error Handling ==<br />
<br />
Error handling takes two forms: structured exception handling and functional error checking. Structured exception handling is always preferred as it is easier to cover 100% of code. Functional languages such as PHP 4 that does not have exceptions are very hard to cover 100% of all errors. Code that covers 100% of errors is extraordinarily verbose and difficult to read, and can contain subtle bugs and errors in the error handling code itself.<br />
<br />
Motivated attackers like to see error messages as they might leak information that leads to further attacks, or may leak privacy related information. Web application error handling is rarely robust enough to survive a penetration test. <br />
<br />
Applications should always fail safe. If an application fails to an unknown state, it is likely that an attacker may be able to exploit this indeterminate state to access unauthorized functionality, or worse create, modify or destroy data.<br />
<br />
===Fail safe ===<br />
<br />
* Inspect the application’s fatal error handler.<br />
<br />
* Does it fail safe? If so, how?<br />
<br />
* Is the fatal error handler called frequently enough?<br />
<br />
* What happens to in-flight transactions and ephemeral data?<br />
<br />
===Debug errors ===<br />
<br />
* Does production code contain debug error handlers or messages? <br />
<br />
* If the language is a scripting language without effective pre-processing or compilation, can the debug flag be turned on in the browser?<br />
<br />
* Do the debug messages leak privacy related information, or information that may lead to further successful attack?<br />
<br />
===Exception handling ===<br />
<br />
* Does the code use structured exception handlers (try {} catch {} etc) or function-based error handling? <br />
<br />
* If the code uses function-based error handling, does it check every return value and handle the error appropriately?<br />
<br />
* Would fuzz injection against the average interface fail? <br />
<br />
===Functional return values ===<br />
<br />
Many languages indicate an error condition by return value. E.g.:<br />
<br />
''$query = mysql_query(“SELECT * FROM table WHERE id=4”, $conn);''<br />
<br />
''if ( $query === false ) {''<br />
<br />
'' // error''<br />
<br />
''} ''<br />
<br />
* Are all functional errors checked? If not, what can go wrong?<br />
<br />
==Detailed error messages ==<br />
<br />
Detailed error messages provide attackers with a mountain of useful information.<br />
<br />
===How to determine if you are vulnerable ===<br />
<br />
* Are detailed error messages turned on? <br />
<br />
* Do the detailed error messages leak information that may be used to stage a further attack, or leak privacy related information? <br />
<br />
* Does the browser cache the error message?<br />
<br />
===How to protect yourself ===<br />
<br />
Ensure that your application has a “safe mode” which it can return if something truly unexpected occurs. If all else fails, log the user out and close the browser window<br />
<br />
Production code should not be capable of producing debug messages. If it does, debug mode should be triggered by editing a file or configuration option on the server. In particular, debug should not enabled by an option in the application itself<br />
<br />
If the framework or language has a structured exception handler (ie try {} catch {}), it should be used in preference to functional error handling<br />
<br />
If the application uses functional error handling, its use must be comprehensive and thorough<br />
<br />
Detailed error messages, such as stack traces or leaking privacy related information, should never be presented to the user. Instead a generic error message should be used. This includes HTTP status response codes (ie 404 or 500 Internal Server error). <br />
<br />
==Logging ==<br />
<br />
===Where to log to? ===<br />
<br />
Logs should be written so that the log file attributes are such that only new information can be written (older records cannot be rewritten or deleted). For added security, logs should also be written to a write once / read many device such as a CD-R.<br />
<br />
Copies of log files should be made at regular intervals depending on volume and size (daily, weekly, monthly, etc.). .). A common naming convention should be adopted with regards to logs, making them easier to index. Verification that logging is still actively working is overlooked surprisingly often, and can be accomplished via a simple cron job!<br />
<br />
Make sure data is not overwritten.<br />
<br />
Log files should be copied and moved to permanent storage and incorporated into the organization's overall backup strategy.<br />
<br />
Log files and media should be deleted and disposed of properly and incorporated into an organization's shredding or secure media disposal plan. Reports should be generated on a regular basis, including error reporting and anomaly detection trending.<br />
<br />
Be sure to keep logs safe and confidential even when backed up.<br />
<br />
===Handling ===<br />
<br />
Logs can be fed into real time intrusion detection and performance and system monitoring tools. All logging components should be synced with a timeserver so that all logging can be consolidated effectively without latency errors. This time server should be hardened and should not provide any other services to the network.<br />
<br />
No manipulation, no deletion while analyzing.<br />
<br />
===General Debugging ===<br />
<br />
Logs are useful in reconstructing events after a problem has occurred, security related or not. Event reconstruction can allow a security administrator to determine the full extent of an intruder's activities and expedite the recovery process.<br />
<br />
===Forensics evidence ===<br />
<br />
Logs may in some cases be needed in legal proceedings to prove wrongdoing. In this case, the actual handling of the log data is crucial.<br />
<br />
===Attack detection ===<br />
<br />
Logs are often the only record that suspicious behavior is taking place: Therefore logs can sometimes be fed real-time directly into intrusion detection systems.<br />
<br />
===Quality of service ===<br />
<br />
Repetitive polls can be protocol led so that network outages or server shutdowns get protocolled and the behavior can either be analyzed later on or a responsible person can take immediate actions.<br />
<br />
===Proof of validity ===<br />
<br />
Application developers sometimes write logs to prove to customers that their applications are behaving as expected.<br />
<br />
* Required by law or corporate policies<br />
<br />
* Logs can provide individual accountability in the web application system universe by tracking a user's actions.<br />
<br />
It can be corporate policy or local law to be required to (as example) save header information of all application transactions. These logs must then be kept safe and confidential for six months before they can be deleted.<br />
<br />
The points from above show all different motivations and result in different requirements and strategies. This means, that before we can implement a logging mechanism into an application or system, we have to know the requirements and their later usage. If we fail in doing so this can lead to unintentional results.<br />
<br />
Failure to enable or design the proper event logging mechanisms in the web application may undermine an organization's ability to detect unauthorized access attempts, and the extent to which these attempts may or may not have succeeded. We will look into the most common attack methods, design and implementation errors as well as the mitigation strategies later on in this chapter.<br />
<br />
There is another reason why the logging mechanism must be planned before implementation. In some countries, laws define what kind of personal information is allowed to be not only logged but also analyzed. For example, in Switzerland, companies are not allowed to log personal information of their employees (like what they do on the internet or what they write in their emails). So if a company wants to log a workers surfing habits, the corporation needs to inform her of their plans in advance.<br />
<br />
This leads to the requirement of having anonymized logs or de-personalized logs with the ability to re-personalized them later on if need be. If an unauthorized person has access to (legally) personalized logs, the corporation is acting unlawful again. So there can be a few (not only) legal traps that must be kept in mind.<br />
<br />
===Logging types ===<br />
<br />
Logs can contain different kinds of data. The selection of the data used is normally affected by the motivation leading to the logging. This section contains information about the different types of logging information and the reasons why we could want to log them.<br />
<br />
In general, the logging features include appropriate debugging information’s such as time of event, initiating process or owner of process, and a detailed description of the event. The following are types of system events that can be logged in an application. It depends on the particular application or system and the needs to decide which of these will be used in the logs:<br />
<br />
* Reading of data file access and what kind of data is read. This not only allows to see if data was read but also by whom and when.<br />
<br />
* Writing of data logs also where and with what mode (append, replace) data was written. This can be used to see if data was overwritten or if a program is writing at all.<br />
<br />
* Modification of any data characteristics, including access control permissions or labels, location in database or file system, or data ownership. Administrators can detect if their configurations were changed.<br />
<br />
* Administrative functions and changes in configuration regardless of overlap (account management actions, viewing any user's data, enabling or disabling logging, etc.)<br />
<br />
* Miscellaneous debugging information that can be enabled or disabled on the fly.<br />
<br />
* All authorization attempts (include time) like success/failure, resource or function being authorized, and the user requesting authorization. We can detect password guessing with these logs. These kinds of logs can be fed into an Intrusion Detection system that will detect anomalies.<br />
<br />
* Deletion of any data (object). Sometimes applications are required to have some sort of versioning in which the deletion process can be cancelled.<br />
<br />
* Network communications (bind, connect, accept, etc.). With this information an Intrusion Detection system can detect port scanning and brute force attacks.<br />
<br />
* All authentication events (logging in, logging out, failed logins, etc.) that allow to detect brute force and guessing attacks too.<br />
<br />
==Noise ==<br />
<br />
Intentionally invoking security errors to fill an error log with entries (noise) that hide the incriminating evidence of a successful intrusion. When the administrator or log parser application reviews the logs, there is every chance that they will summarize the volume of log entries as a denial of service attempt rather than identifying the 'needle in the haystack'.<br />
<br />
===How to protect yourself ===<br />
<br />
This is difficult since applications usually offer an unimpeded route to functions capable of generating log events. If you can deploy an intelligent device or application component that can shun an attacker after repeated attempts, then that would be beneficial. Failing that, an error log audit tool that can reduce the bulk of the noise, based on repetition of events or originating from the same source for example. It is also useful if the log viewer can display the events in order of severity level, rather than just time based.<br />
<br />
==Cover Tracks ==<br />
<br />
The top prize in logging mechanism attacks goes to the contender who can delete or manipulate log entries at a granular level, "as though the event never even happened!". Intrusion and deployment of rootkits allows an attacker to utilize specialized tools that may assist or automate the manipulation of known log files. In most cases, log files may only be manipulated by users with root / administrator privileges, or via approved log manipulation applications. As a general rule, logging mechanisms should aim to prevent manipulation at a granular level since an attacker can hide their tracks for a considerable length of time without being detected. Simple question; if you were being compromised by an attacker, would the intrusion be more obvious if your log file was abnormally large or small, or if it appeared like every other day's log?<br />
<br />
===How to protect yourself ===<br />
<br />
Assign log files the highest security protection, providing reassurance that you always have an effective 'black box' recorder if things go wrong. This includes:<br />
<br />
Applications should not run with Administrator, or root-level privileges. This is the main cause of log file manipulation success since super users typically have full file system access. Assume the worst case scenario and suppose your application is exploited. Would there be any other security layers in place to prevent the application's user privileges from manipulating the log file to cover tracks?<br />
<br />
Ensuring that access privileges protecting the log files are restrictive, reducing the majority of operations against the log file to alter and read.<br />
<br />
Ensuring that log files are assigned object names that are not obvious and stored in a safe location of the file system.<br />
<br />
Writing log files using publicly or formally scrutinized techniques in an attempt to reduce the risk associated with reverse engineering or log file manipulation.<br />
<br />
Writing log files to read-only media (where event log integrity is of critical importance).<br />
<br />
Use of hashing technology to create digital fingerprints. The idea being that if an attacker does manipulate the log file, then the digital fingerprint will not match and an alert generated.<br />
<br />
Use of host-based IDS technology where normal behavioral patterns can be 'set in stone'. Attempts by attackers to update the log file through anything but the normal approved flow would generate an exception and the intrusion can be detected and blocked. This is one security control that can safeguard against simplistic administrator attempts at modifications.<br />
<br />
==False Alarms ==<br />
<br />
Taking cue from the classic 1966 film "How to Steal a Million", or similarly the fable of Aesop; "The Boy Who Cried Wolf", be wary of repeated false alarms, since this may represent an attacker's actions in trying to fool the security administrator into thinking that the technology is faulty and not to be trusted until it can be fixed.<br />
<br />
===How to protect yourself ===<br />
<br />
Simply be aware of this type of attack, take every security violation seriously, always get to the bottom of the cause event log errors rather, and don't just dismiss errors unless you can be completely sure that you know it to be a technical problem.<br />
<br />
===Denial of Service ===<br />
<br />
By repeatedly hitting an application with requests that cause log entries, multiply this by ten thousand, and the result is that you have a large log file and a possible headache for the security administrator. Where log files are configured with a fixed allocation size, then once full, all logging will stop and an attacker has effectively denied service to your logging mechanism. Worse still, if there is no maximum log file size, then an attacker has the ability to completely fill the hard drive partition and potentially deny service to the entire system. This is becoming more of a rarity though with the increasing size of today's hard disks.<br />
<br />
===How to protect yourself ===<br />
<br />
The main defense against this type of attack are to increase the maximum log file size to a value that is unlikely to be reached, place the log file on a separate partition to that of the operating system or other critical applications and best of all, try to deploy some kind of system monitoring application that can set a threshold against your log file size and/or activity and issue an alert if an attack of this nature is underway.<br />
<br />
==Destruction ==<br />
<br />
Following the same scenario as the Denial of Service above, if a log file is configured to cycle round overwriting old entries when full, then an attacker has the potential to do the evil deed and then set a log generation script into action in an attempt to eventually overwrite the incriminating log entries, thus destroying them.<br />
<br />
If all else fails, then an attacker may simply choose to cover their tracks by purging all log file entries, assuming they have the privileges to perform such actions. This attack would most likely involve calling the log file management program and issuing the command to clear the log, or it may be easier to simply delete the object which is receiving log event updates (in most cases, this object will be locked by the application). This type of attack does make an intrusion obvious assuming that log files are being regularly monitored, and does have a tendency to cause panic as system administrators and managers realize they have nothing upon which to base an investigation on.<br />
<br />
===How to protect yourself ===<br />
<br />
Following most of the techniques suggested above will provide good protection against this attack. Keep in mind two things:<br />
<br />
Administrative users of the system should be well trained in log file management and review. 'Ad-hoc' clearing of log files is never advised and an archive should always be taken. Too many times a log file is cleared, perhaps to assist in a technical problem, erasing the history of events for possible future investigative purposes.<br />
<br />
An empty security log does not necessarily mean that you should pick up the phone and fly the forensics team in. In some cases, security logging is not turned on by default and it is up to you to make sure that it is. Also, make sure it is logging at the right level of detail and benchmark the errors against an established baseline in order measure what is considered 'normal' activity.<br />
<br />
==Audit Trails ==<br />
<br />
Audit trails are legally protected in many countries, and should be logged into high integrity destinations to prevent casual and motivated tampering and destruction. <br />
<br />
===How to determine if you are vulnerable ===<br />
<br />
* Do the logs transit in the clear between the logging host and the destination?<br />
<br />
* Do the logs have a HMAC or similar tamper proofing mechanism to prevent change from the time of the logging activity to when it is reviewed?<br />
<br />
* Can relevant logs be easily extracted in a legally sound fashion to assist with prosecutions?<br />
<br />
===How to protect yourself ===<br />
<br />
* Only audit truly important events – you have to keep audit trails for a long time, and debug or informational messages are wasteful<br />
<br />
* Log centrally as appropriate and ensure primary audit trails are not kept on vulnerable systems, particularly front end web servers<br />
<br />
* Only review copies of the logs, not the actual logs themselves<br />
<br />
* Ensure that audit logs are sent to trusted systems<br />
<br />
* For highly protected systems, use write-once media or similar to provide trust worthy long term log repositories<br />
<br />
* For highly protected systems, ensure there is end-to-end trust in the logging mechanism. World writeable logs, logging agents without credentials (such as SNMP traps, syslog etc) are legally vulnerable to being excluded from prosecution <br />
<br />
==Further Reading ==<br />
<br />
* Oracle Auditing<br />
<br />
<u>http://www.sans.org/atwork/description.php?cid=738</u> <br />
<br />
* Sarbanes Oxley for IT security<br />
<br />
<u>http://www.securityfocus.com/columnists/322</u><br />
<br />
* Java Logging Overview<br />
<u>http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html</u><br />
<br />
==Error Handling and Logging ==<br />
<br />
All applications have failures – whether they occur during compilation or runtime. Most programming languages will throw runtime exceptions for illegally executing code (e.g. syntax errors) often in the form of cryptic system messages. These failures and resulting system messages can lead to several security risks if not handled properly including; enumeration, buffer attacks, sensitive information disclosure, etc. If an attack occurs it is important that forensics personnel be able to trace the attacker’s tracks via adequate logging.<br />
<br />
<br />
<br />
ColdFusion provides structured exception handling and logging tools. These tools can help developers customize error handling to prevent unwanted disclosure, and provide customized logging for error tracking and audit trails. These tools should be combined with web server, J2EE application server, and operating system tools to create the full system/application security overview.<br />
<br />
<br />
<br />
'''Error Handling'''<br />
<br />
Hackers can use the information exposed by error messages. Even missing templates errors (HTTP 404) can expose your server to attacks (e.g. buffer overflow, XSS, etc.). If you enable the Robust Exception Information debugging option, ColdFusion will display:<br />
<br />
Physical path of template <br />
<br />
URI of template <br />
<br />
Line number and line snippet <br />
<br />
SQL statement used (if any) <br />
<br />
Data source name (if any) <br />
<br />
Java stack trace<br />
<br />
<br />
<br />
ColdFusion provides tags and functions for developers to use to customize error handling. Administrators can specify default templates in the ColdFusion Administrator (CFAM) to handle unknown or unhandled exceptions. ColdFusion’s structure exception handling works in the following order:<br />
<br />
Template level (ColdFusion templates and components)<br />
<br />
ColdFusion exception handling tags: cftry, cfcatch, cfthrow, and cfrethrow<br />
<br />
try and catch statements in CFScript<br />
<br />
Application level (Application.cfc/cfm)<br />
<br />
Specify custom templates for individual exceptions types with the cferror tag<br />
<br />
Application.cfc onError method to handle uncaught application exceptions<br />
<br />
System level (ColdFusion Administrator settings)<br />
<br />
Missing Template Handler execute when a requested ColdFusion template is not found<br />
<br />
Site-wide Error Handler executes globally for all unhandled exceptions on the server<br />
<br />
<br />
<br />
'''Best Practices '''<br />
<br />
Do not allow exceptions to go unhandled<br />
<br />
Do not allow any exceptions to reach the browser<br />
<br />
Display custom error pages to users with an email link for feedback<br />
<br />
Do not enable “Robust Exception Information” in production.<br />
<br />
Specify custom pages for ColdFusion to display in each of the following cases: <br />
<br />
When a ColdFusion page is missing (the Missing Template Handler page) <br />
<br />
When an otherwise-unhandled exception error occurs during the processing of a page (the Site-wide Error Handler page) <br />
<br />
You specify these pages on the Settings page in the Server Settings are in the ColdFusion MX Administrator; for more information, see the ColdFusion MX Administrator Help.<br />
<br />
Use the cferror tag to specify ColdFusion pages to handle specific types of errors. <br />
<br />
Use the cftry, cfcatch, cfthrow, and cfrethrow tags to catch and handle exception errors directly on the page where they occur. <br />
<br />
In CFScript, use the try and catch statements to handle exceptions. <br />
<br />
Use the onError event in Application.cfc to handle exception errors that are not handled by try/catch code on the application pages. <br />
<br />
<br />
<br />
'''Logging'''<br />
<br />
Log files can help with application debugging and provide audit trails for attack detection. ColdFusion provides several logs for different server functions. It leverages the Apache Log4j libraries for customized logging. It also provides logging tags to assist in application debugging. <br />
<br />
<br />
<br />
The following is a partial list of ColdFusion log files and their descriptions''' '''<br />
<br />
<br />
{| border=1<br />
<br />
|| Log file || Description <br />
<br />
|-<br />
<br />
|| application.log || Records every ColdFusion MX error reported to a user. Application page errors, including ColdFusion MX syntax, ODBC, and SQL errors, are written to this log file.<br />
<br />
|-<br />
<br />
|| exception.log || Records stack traces for exceptions that occur in ColdFusion.<br />
<br />
|-<br />
<br />
|| scheduler.log || Records scheduled events that have been submitted for execution. Indicates whether task submission was initiated and whether it succeeded. Provides the scheduled page URL, the date and time executed, and a task ID.<br />
<br />
|-<br />
<br />
|| server.log || Records start up messages and errors for ColdFusion MX.<br />
<br />
|-<br />
<br />
|| customtag.log || Records errors generated in custom tag processing.<br />
<br />
|-<br />
<br />
|| mail.log || Records errors generated by an SMTP mail server.<br />
<br />
|-<br />
<br />
|| mailsent.log || Records messages sent by ColdFusion MX.<br />
<br />
|-<br />
<br />
|| flash.log || Records entries for Macromedia Flash Remoting.<br />
<br />
|-<br />
<br />
|}<br />
<br />
<br />
<br />
<br />
<br />
The CFAM contains the Logging Settings and log viewer screens. Administrators can configure the log directory, maximum log file size, and maximum number of archives. It also allows administrators to log slow running pages, CORBA calls, and scheduled task execution. The log viewer allows viewing, filtering, and searching of any log files in the log directory (default is cf_root/logs). Administrators can archive, save, and delete log files as well.<br />
<br />
<br />
<br />
The cflog and cftrace tags allow developer to create customized logging. <cflog> can write custom messages to the Application.log, Scheduler.log, or a custom log file. The custom log file must be in the default log directory – if it does not exist ColdFusion will create it. <cftrace> tracks execution times, logic flow, and variable at the time the tag executes. It records the data in the cftrace.log (in the default logs directory) and can display this info either inline or in the debugging output of the current page request. Use <cflog> to write custom error messages, track user logins, and record user activity to a custom log file. Use <cftrace> to track variables and application state within running requests.<br />
<br />
<br />
<br />
'''Best Practices'''<br />
<br />
Use <cflog> for customized logging<br />
<br />
Incorporate into custom error handling<br />
<br />
Record application specific messages<br />
<br />
Actively monitor and fix errors in ColdFusion’s logs<br />
<br />
Optimize logging settings <br />
<br />
Rotate log files to keep them current <br />
<br />
Keep files size manageable<br />
<br />
Enable logging of slow running pages<br />
<br />
Set the time interval lower than the configured Timeout Request value in the CFAM Settings screen<br />
<br />
Long running page timings are recorded in the server.log<br />
<br />
Use <cftrace> sparingly for audit trails<br />
<br />
Use with inline=“false”<br />
<br />
Use it to track user input – Form and/or URL variables<br />
<br />
<br />
<br />
'''''Best Practices in Action'''''<br />
<br />
<br />
<br />
The following code adds error handling and logging to the dbLogin and logout methods in the code from Authentication section.<br />
<br />
<br />
{| border=1<br />
<br />
||<br />
<br />
<cffunction name="dblogin" access="private" output="false" returntype="struct"><br />
<br />
<cfargument name="strUserName" required="true" type="string"><br />
<br />
<cfargument name="strPassword" required="true" type="string"><br />
<br />
<cfset var retargs = StructNew()><br />
<br />
<cftry><br />
<br />
<cfif IsValid("regex", uUserName, "[A-Za-z0-9%]*") AND IsValid("regex", uPassword, "[A-Za-z0-9%]*")><br />
<br />
<cfquery name="loginQuery" dataSource="#Application.DB#" ><br />
<br />
SELECT hashed_password, salt<br />
<br />
FROM UserTable<br />
<br />
WHERE UserName =<br />
<br />
<cfqueryparam value="#strUserName#" cfsqltype="CF_SQL_VARCHAR" maxlength="25"><br />
<br />
</cfquery><br />
<br />
<cfif loginQuery.hashed_password EQ Hash(strPassword & loginQuery.salt, "SHA-256" )><br />
<br />
<cfset retargs.authenticated="YES"><br />
<br />
<cfset Session.UserName = strUserName><br />
<br />
<cflog text="#getAuthUser()# has logged in!" <br />
<br />
type="Information" <br />
<br />
file="access" <br />
<br />
application="yes"><br />
<br />
<br />
<br />
<!-- Add code to get roles from database --><br />
<br />
<cfelse><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
</cfif><br />
<br />
<cfelse><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
</cfif><br />
<br />
<cfcatch type="database"><br />
<br />
<cflog text="Error in dbLogin(). #cfcatch.details#"<br />
<br />
type="Error" <br />
<br />
log="Application" <br />
<br />
application="yes"><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
<cfreturn retargs><br />
<br />
</cfcatch><br />
<br />
</cftry><br />
<br />
<cfreturn retargs><br />
<br />
</cffunction><br />
<br />
<cffunction name="logout" access="remote" output="true"><br />
<br />
<cfargument name="logintype" type="string" required="yes"><br />
<br />
<cfif isDefined("form.logout")><br />
<br />
<cflogout><br />
<br />
<cfset StructClear(Session)><br />
<br />
<cflog text="#getAuthUser()# has been logged out." <br />
<br />
type="Information" <br />
<br />
file="access" <br />
<br />
application="yes"> <br />
<br />
<cfif arguments.logintype eq "challenge"><br />
<br />
<cfset foo = closeBrowser()><br />
<br />
<cfelse><br />
<br />
<!--- replace this URL to a page logged out users should see ---><br />
<br />
<cflocation url="login.cfm"><br />
<br />
</cfif><br />
<br />
</cfif><br />
<br />
</cffunction><br />
<br />
<cffunction name="dblogin" access="private" output="false" returntype="struct"><br />
<br />
<cfargument name="strUserName" required="true" type="string"><br />
<br />
<cfargument name="strPassword" required="true" type="string"><br />
<br />
<cfset var retargs = StructNew()><br />
<br />
<cftry><br />
<br />
<cfif IsValid("regex", uUserName, "[A-Za-z0-9%]*") AND IsValid("regex", uPassword, "[A-Za-z0-9%]*")><br />
<br />
<cfquery name="loginQuery" dataSource="#Application.DB#" ><br />
<br />
SELECT hashed_password, salt<br />
<br />
FROM UserTable<br />
<br />
WHERE UserName =<br />
<br />
<cfqueryparam value="#strUserName#" cfsqltype="CF_SQL_VARCHAR" maxlength="25"><br />
<br />
</cfquery><br />
<br />
<cfif loginQuery.hashed_password EQ Hash(strPassword & loginQuery.salt, "SHA-256" )><br />
<br />
<cfset retargs.authenticated="YES"><br />
<br />
<cfset Session.UserName = strUserName><br />
<br />
<cflog text="#getAuthUser()# has logged in!" <br />
<br />
type="Information" <br />
<br />
file="access" <br />
<br />
application="yes"><br />
<br />
<br />
<br />
<!-- Add code to get roles from database --><br />
<br />
<cfelse><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
</cfif><br />
<br />
<cfelse><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
</cfif><br />
<br />
<cfcatch type="database"><br />
<br />
<cflog text="Error in dbLogin(). #cfcatch.details#"<br />
<br />
type="Error" <br />
<br />
log="Application" <br />
<br />
application="yes"><br />
<br />
<cfset retargs.authenticated="NO"><br />
<br />
<cfreturn retargs><br />
<br />
</cfcatch><br />
<br />
</cftry><br />
<br />
<cfreturn retargs><br />
<br />
</cffunction><br />
<br />
<cffunction name="logout" access="remote" output="true"><br />
<br />
<cfargument name="logintype" type="string" required="yes"><br />
<br />
<cfif isDefined("form.logout")><br />
<br />
<cflogout><br />
<br />
<cfset StructClear(Session)><br />
<br />
<cflog text="#getAuthUser()# has been logged out." <br />
<br />
type="Information" <br />
<br />
file="access" <br />
<br />
application="yes"> <br />
<br />
<cfif arguments.logintype eq "challenge"><br />
<br />
<cfset foo = closeBrowser()><br />
<br />
<cfelse><br />
<br />
<!--- replace this URL to a page logged out users should see ---><br />
<br />
<cflocation url="login.cfm"><br />
<br />
</cfif><br />
<br />
</cfif><br />
<br />
</cffunction><br />
<br />
|-<br />
<br />
|}<br />
<br />
[[Guide Table of Contents]]<br />
[[Category:OWASP_Guide_Project]]<br />
[[Category:Error Handling]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Category:OWASP_Logging_Project&diff=23932Category:OWASP Logging Project2007-12-12T14:41:59Z<p>Anthonylai: </p>
<hr />
<div>The OWASP Logging Project [[OWASP Logging Project Roadmap]] .<br />
<br />
==Logging Overview==<br />
http://www.pisa.org.hk/event/eventlog-mgt.jpg<br />
<br />
This is the project initiated by Hong Kong Chapter. The idea is sparked when I am required to review various system logs and establish the log standard and review practice as well as process.<br />
<br />
In fact, how many people could spend time and put it as a serious item in their routine checklist? Logs review seems to be a low-tech without skills. However, there are many state of arts behind the scene. <br />
<br />
Anthony Lai, Chapter Leader and Sam Ng, member of Hong Kong Chapter will be responsible to lead this group and please feel free to join us.<br />
<br />
We need your efforts and contribution to this project. Please feel free to reach Anthony at anthonylai@owasp.org for details. In addition, you are welcomed to add relevant content and share materials/tools related to log management in this project group.<br />
<br />
<br />
==Recent Activities==<br />
Feb 2006 Event log management seminar held with PISA:<br />
http://www.pisa.org.hk/event/eventlog-mgt.htm<br />
<br />
<br />
== Feedback and Participation: ==<br />
<br />
We hope you find the OWASP Logging Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Logging Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-logging subscription page.]<br />
<br />
[[Category:OWASP Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17306Log review and management2007-03-17T10:16:08Z<p>Anthonylai: /* Overview */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* Who typically does this?<br />
<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17305Log review and management2007-03-17T10:15:14Z<p>Anthonylai: /* Log Standard */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* who typically does this?<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Highlighting system and user adminsitrator activities<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name (Sometimes, event may involve the action from administrator)<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Code, Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17304Log review and management2007-03-17T10:07:50Z<p>Anthonylai: /* Log Standard */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* who typically does this?<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Log archive and export<br />
<br />
* Log code and description table<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17303Log review and management2007-03-17T10:06:25Z<p>Anthonylai: /* Overview */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* How to detect suspicious activities as soon as possible to reduce the impact of incidence or make prevention if possible.<br />
* How to unify the log format and elements as well as the functions?<br />
<br />
Role:<br />
<br />
* who typically does this?<br />
Security Administrator or independent party who has no access rights/accounts in the reviewed systems. You can't be an user administrator. At the same time, you review your activity everyday. However, if there is a resource limitation, you need another supervisor to authorize your log review.<br />
<br />
Frequency:<br />
It depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months. In fact, log review is a kind of detective control and the preventive control is lacking. Log review will be the Goal Keeper and frequency is critical.<br />
<br />
However, user account and authority list should be reviewed at least 3 to 6 months and never take a check ONLY when the audit cycle is coming<br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17302Log review and management2007-03-17T09:55:51Z<p>Anthonylai: /* Subactivity 2 */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* Communicate potential risks to stakeholder.<br />
* Communicate rationale for security-relevant decisions to stakeholder.<br />
<br />
Role:<br />
<br />
* who typically does this<br />
<br />
Frequency:<br />
<br />
* <br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
== Log Standard ==<br />
<br />
In fact, we are suffering various log format and standard from various systems even we are working in-house or act as a consultant. Why don't we produce a standard/guidelines to developer before they design the user administrative and audit trail functions to fulfill security control.<br />
<br />
Functions:-<br />
* Search - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Sorting - By date and time, by event type, by criticality, by account/user ID, by department<br />
<br />
* Paging (Optional)<br />
<br />
* Critical event is marked by "*"<br />
<br />
* Show expired and inactive accounts (for example: 90 days)<br />
<br />
<br />
Mandatory Fields:-<br />
* User ID and Name<br />
<br />
* Activity Date/Timestamp<br />
<br />
* Activity Type and Description<br />
<br />
* Terminal IP address and Location<br />
<br />
<br />
User Account List:-<br />
* User Info - Name, Department, Role<br />
<br />
* Last Accessed Time<br />
<br />
* Account Creation Date/Time<br />
<br />
* Current Authority and Role<br />
<br />
* Account authority and information change history<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17301Log review and management2007-03-17T09:40:06Z<p>Anthonylai: /* Log Review Tips */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* Communicate potential risks to stakeholder.<br />
* Communicate rationale for security-relevant decisions to stakeholder.<br />
<br />
Role:<br />
<br />
* who typically does this<br />
<br />
Frequency:<br />
<br />
* <br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
==Subactivity 2==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17300Log review and management2007-03-17T09:39:48Z<p>Anthonylai: /* Log Review Tips */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* Communicate potential risks to stakeholder.<br />
* Communicate rationale for security-relevant decisions to stakeholder.<br />
<br />
Role:<br />
<br />
* who typically does this<br />
<br />
Frequency:<br />
<br />
* <br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
1. Consecutive login failure especially in non-office hour.<br />
<br />
2. Login in non-office hour.<br />
<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
<br />
4. Any system administrator's activities<br />
<br />
5. Any unknown workstation/server are plugged into the network?<br />
<br />
6. Logs removal/log overwritten/log size is full<br />
<br />
7. Pay more attention to the log reports after week-end and holiday<br />
<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
==Subactivity 2==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Log_review_and_management&diff=17299Log review and management2007-03-17T09:39:23Z<p>Anthonylai: /* Log Review Tips */</p>
<hr />
<div>==Overview==<br />
<br />
Purpose: <br />
<br />
* Communicate potential risks to stakeholder.<br />
* Communicate rationale for security-relevant decisions to stakeholder.<br />
<br />
Role:<br />
<br />
* who typically does this<br />
<br />
Frequency:<br />
<br />
* <br />
<br />
== Log Review Tips ==<br />
<br />
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?<br />
1. Consecutive login failure especially in non-office hour.<br />
2. Login in non-office hour.<br />
3. Authority change, addition and removal. Check them against with authorized application.<br />
4. Any system administrator's activities<br />
5. Any unknown workstation/server are plugged into the network?<br />
6. Logs removal/log overwritten/log size is full<br />
7. Pay more attention to the log reports after week-end and holiday<br />
8. Any account unlocked/password reset by system administrators without authorized forms?<br />
<br />
==Subactivity 2==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
==Subactivity 3==<br />
<br />
Describe the subactivity here<br />
<br />
<br />
<br />
[[Category:Activity]]<br />
[[Category:Logging]]<br />
[[Category:OWASP Logging Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=17298Hong Kong2007-03-17T09:24:44Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
http://www.takungpao.com/images/new.gif<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=17297Hong Kong2007-03-17T09:24:06Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
http://www.takungpao.com/images/new.gif<br />
<br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=17296Hong Kong2007-03-17T09:22:34Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
http://www.takungpao.com/images/new.gif <br />
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg<br />
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:''' <br />
URL:http://www.infosecurityproject.com/<br />
<br />
<br />
'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=17295Hong Kong2007-03-17T09:19:06Z<p>Anthonylai: /* News from Hong Kong Chapter */</p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hongkong|emailarchives=http://lists.owasp.org/pipermail/owasp-hongkong}}<br />
----<br />
<br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
http://www.takungpao.com/images/new.gif '''OWASP(HK Chapter) sparks web application security concern in Infosecurityproject Conference:''' http://www.infosecurityproject.com/<br />
<br />
'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)<br />
Richard from Handshake Networking could tell you the truth of that.<br />
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)</div>Anthonylaihttps://wiki.owasp.org/index.php?title=OWASP_Community&diff=17285OWASP Community2007-03-16T17:46:52Z<p>Anthonylai: /* Events */</p>
<hr />
<div>This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.<br />
<br />
Events from previous years are archived here:<br />
* '''[[OWASP Community 2006]]'''<br />
<br />
This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:<br />
<br />
'''Mon ## (##:00h) - [[Article]]'''<br />
<br />
<!--<br />
<br />
CHAPTER LEADS -- please put your schedule here and we'll post a month in advance<br />
<br />
*** Belgium ***<br />
'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
*** OTTAWA: Rough dates ***<br />
'''May 9 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''Sept 12 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
'''Nov 14 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
<br />
*** BOSTON: Every first Wednesday of the month ***<br />
'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
*** MELBOURNE: First Tuesday of the month ***<br />
'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''Jun 5 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
'''Jul 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
*** NETHERLANDS: Second Thursday of the month sometimes ***<br />
'''Sept 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
'''Dec 13 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
*** ROCHESTER: Every third Monday of the month ***<br />
'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
*** TORONTO: Every second Wednesday of the month<br />
'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
*** VIRGINIA: Every second tuesday of the month ***<br />
'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
--><br />
<br />
==Events==<br />
<br />
'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''<br />
<br />
'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Ojbectives in 2007]]'''<br />
<br />
'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''<br />
<br />
'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''<br />
<br />
; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''<br />
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”<br />
<br />
'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''<br />
<br />
'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''<br />
<br />
'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''<br />
<br />
'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''<br />
<br />
'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''<br />
<br />
'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''<br />
<br />
'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''<br />
<br />
'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''<br />
<br />
'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''<br />
<br />
; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''<br />
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”<br />
<br />
'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''<br />
<br />
'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''<br />
<br />
'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''<br />
<br />
'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''<br />
<br />
'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''<br />
<br />
'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''<br />
<br />
'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''<br />
<br />
'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''<br />
<br />
'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''<br />
<br />
'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''<br />
<br />
'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''<br />
<br />
'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''<br />
<br />
'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''<br />
<br />
'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''<br />
<br />
'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''<br />
<br />
'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''<br />
<br />
'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''<br />
<br />
'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''<br />
<br />
'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''<br />
<br />
'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''<br />
<br />
'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''<br />
<br />
'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''<br />
<br />
'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''<br />
<br />
'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''<br />
<br />
'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Category:OWASP_Logging_Project&diff=14519Category:OWASP Logging Project2006-12-21T09:11:55Z<p>Anthonylai: /* Recent Activities */</p>
<hr />
<div>The OWASP Logging Project [[OWASP Logging Project Roadmap]] .<br />
<br />
==Logging Overview==<br />
http://www.pisa.org.hk/event/eventlog-mgt.jpg<br />
<br />
This is the project initiated by Hong Kong Chapter. The idea is sparked when I am required to review various system logs and establish the log standard and review practice as well as process.<br />
<br />
In fact, how many people could spend time and put it as a serious item in their routine checklist? Logs review seems to be a low-tech without skills. However, there are many state of arts behind the scene. <br />
<br />
Anthony Lai, Chapter Leader and Sam Ng, member of Hong Kong Chapter will be responsible to lead this group and please feel free to join us.<br />
<br />
We need your efforts and contribution to this project. Please feel free to reach Anthony at anthonylai@owasp.org for details. In addition, you are welcomed to add relevant content and share materials/tools related to log management in this project group.<br />
<br />
<br />
==Recent Activities==<br />
Feb 2006 Event log management seminar held with PISA:<br />
http://www.pisa.org.hk/event/eventlog-mgt.htm<br />
<br />
Dec 2006 A simple logs review tips will be provided in Jan 2006<br />
<br />
== Feedback and Participation: ==<br />
<br />
We hope you find the OWASP Logging Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Logging Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-logging subscription page.]<br />
<br />
[[Category:OWASP Project]]</div>Anthonylaihttps://wiki.owasp.org/index.php?title=User_talk:Anthonylai&diff=14518User talk:Anthonylai2006-12-21T09:01:42Z<p>Anthonylai: </p>
<hr />
<div>I am chapter leader of OWASP (Hong Kong Chapter). I am now working on security policy implementation, assessment and web application penetration test. You could reach me at anthonylai@owasp.org</div>Anthonylaihttps://wiki.owasp.org/index.php?title=Hong_Kong&diff=7140Hong Kong2006-07-06T15:25:21Z<p>Anthonylai: </p>
<hr />
<div>http://www.infosechk.org/download/OWASP/owasp_banner.jpg<br />
<br />
<br />
{{Chapter Template|chaptername=Hong Kong|extra=The chapter leader is [mailto:anthonylai@owasp.org Anthony LAI,CISSP,CISA]|mailinglistsite=http://lists.sourceforge.net/lists/listinfo/owasp-hongkong/}}<br />
----<br />
<br />
<br />
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because:<br />
-There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.<br />
<br />
- Raise the security awareness of web application development among the professionals.<br />
<br />
<br />
- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.<br />
<br />
<br />
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.<br />
<br />
http://www.clarencewong.com/photo/owasp_meeting.jpg<br />
<br />
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Staff, Marco Leung and Gary Kung''<br />
<br />
<br />
'''Coding Practice'''<br />
<br />
- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment<br />
<br />
- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.<br />
<br />
- Recent Web application security concerns.<br />
<br />
- Regularly convey latest projects and presentations from OWASP. <br />
<br />
<br />
<br />
== News from Hong Kong Chapter ==<br />
<br />
http://www.takungpao.com/images/new.gif '''OWASP(HK Chapter) sparks web application security concern in Infosecurityproject Conference:''' http://www.infosecurityproject.com/<br />
<br />
<br />
'''Hong Kong Standard: HKU changes Internet policy to boost security<br />
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''<br />
<br />
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006<br />
<br />
<br />
'''Hong Kong Standard: Online enemy within<br />
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''<br />
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006<br />
<br />
<br />
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm<br />
<br />
http://www.pisa.org.hk/event/web-appl-sec.jpg<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''<br />
https://hkjug.dev.java.net/gatherings/2005/0730.html<br />
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG<br />
<br />
<br />
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''<br />
<br />
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg<br />
<br />
<br />
== Contact Us ==<br />
<br />
'''Chapter Mailbox'''<br />
<br />
P.O. Box No. 6684, General Post Office, Hong Kong SAR<br />
<br />
<br />
== Recent Update ==<br />
--[[User:Anthonylai|Anthony Lai]] 11:25, 6 July 2006 (EDT)</div>Anthonylai