This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Hong Kong"

From OWASP
Jump to: navigation, search
(News from Hong Kong Chapter)
 
(13 intermediate revisions by 6 users not shown)
Line 1: Line 1:
http://www.infosechk.org/download/OWASP/owasp_banner.jpg
+
http://www.pisa.org.hk/event/owasp-hk_logo.jpg
  
  
Line 16: Line 16:
  
  
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user groups (Java User Group and .NET User Group ) and security associations (i.e. PISA) in Hong Kong.
+
- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user and security groups including VXRL in Hong Kong.
  
http://www.clarencewong.com/photo/owasp_meeting.jpg
 
 
''From left to right: James Tsao, Anthony Lai, David Walker, Richard Stagg, Marco Leung and Gary Kung''
 
  
  
Line 33: Line 30:
 
- Regularly convey latest projects and presentations from OWASP.  
 
- Regularly convey latest projects and presentations from OWASP.  
  
 
+
== OWASP HK Chapter Core ==
 +
Facebook: https://www.facebook.com/OwaspHongKongChapter
  
 
== News from Hong Kong Chapter ==
 
== News from Hong Kong Chapter ==
  
 +
''' OWASP TechDay 2017'''
  
 +
'''Time: 0930 - 1730'''
  
 +
'''Venue: LTG, HKUST''
  
'''NEW!!!! Software Exploitation - It is about reverse engineering and exploit'''
+
'''Details:'''
 
 
''
 
I feel very honorable to invite Nguyen NAM to provide 2-day workshop on software exploit and reverse engineering. In fact, we met in OWASP Appsec Conference 2008 at Taipei and his team has won CTF (Capture The Flag) in Hack In The Box (HITB) 2008. It is really a valuable chance to have him to be in Hong Kong and this workshop is normally charged at 1000 USD per head. Meanwhile, there is NO such kind of workshop held in Hong Kong. Please reach me at [[[email protected]]] for reservation.
 
 
 
 
 
'''Status - 4 Dec 2008 : '''The speaker has been notified by the agency and he will get the VISA on 6/7 Dec.
 
Please act fast to reserve it first and the current reservation is 24. The class size is expected to be at most 35.
 
 
 
Payment Method:
 
 
 
1) Send the payment to: Hang Seng Bank, 390-031367-888 and then send back the receipt to [email protected] and [email protected]
 
 
 
2) Please reach me if you have enquiry at +852 6778 2668.
 
 
 
''
 
 
 
 
 
'''Instructor'''
 
Nam Nguyen
 
 
 
 
 
'''Date and Time'''
 
2 days, 20 - 21 Dec 2008 (Sat and Sun)
 
Registration Time: 9:45am
 
Time: 10:00 - 13:00; 14:30 - 18:00
 
 
 
 
 
'''Venue'''
 
Room 172, IVE Haking Wong, Cheung Sha Wan
 
 
 
 
 
'''Organizer'''
 
OWASP (Hong Kong Chapter)
 
 
 
'''Supporting Organization'''
 
PISA (Professional Information Security Association)(www.pisa.org.hk)
 
 
 
 
 
'''Co-organizer and Venue Sponsorship'''
 
Vocational Training Council (Haking Wong)
 
 
 
 
 
'''Fee' (For PISA, HTCIA and OWASP members)''
 
 
 
1000 HKD (On or Before 8 Dec)
 
 
 
1500 HKD (After 8 and before 13 Dec 2008)
 
 
 
1800 HKD (After 13 and before 18 Dec 2008)
 
 
 
'''Fee' (For others)''
 
 
 
2000 HKD (On or Before 8 Dec)
 
 
 
2500 HKD (After 8 and before 13 Dec 2008)
 
 
 
2800 HKD (After 13 and before 18 Dec 2008)
 
 
 
 
 
Seats are limited and expected lab size at most 40. The current reservation is 24 (Last updated: 3 Dec 2008)
 
 
 
 
 
'''Summary'''
 
This course is a primer into software exploitation on the Linux environment.
 
The course assumes only basic understanding of the Linux commands, and C
 
programming with the standard library. It explains the computer
 
architecture, assembly language then moves on to three basic classes of
 
security bug: buffer overflow, format string, and race condition and methods
 
to take advantage of them. Throughout the course, various examples are
 
introduced with increasing difficulty so that participants will naturally
 
realize the art of software exploitation for themselves.
 
 
 
This course does not discuss about shell coding. Except on one example where
 
provided shell code is used as an illustration, all other challenges require
 
only good analysis and calculation.
 
 
 
The course is conducted as a workshop with heavy interaction between
 
participants and instructor. There will not be any presentation slide.
 
Participants are to take note during the course.
 
 
 
 
 
'''Audience'''
 
 
 
Software developers, system administrators, security engineers \with some
 
experience in Linux and C programming. It is good to prepare a candidate to
 
join for Capture The Flag (CTF) event.
 
 
 
'''Table of Contents'''
 
 
 
1. Computer architecture
 
 
 
2. Assembly language
 
 
 
3. Buffer overflow
 
 
 
4. Format string
 
 
 
5. Race condition
 
 
 
6. Techniques
 
 
 
a. Overwrite critical variable
 
 
 
b. Overwrite return address
 
 
 
c. Return to .text
 
 
 
d. Return to libc
 
 
 
e. Overwrite .dtors
 
 
 
f. Overwrite .got
 
 
 
g. Overwrite .bss, functors
 
 
 
h. By pass Advanced Space Layout Randomization
 
 
 
7. Tools of the trade: IDA, GDB, and Python
 
 
 
8. Sharing of CTF in HITB
 
 
 
 
 
'''Workshop Specifics'''
 
As we have got a lab. An VM image will be provided.
 
 
 
 
 
'''Speaker Biography'''
 
Nam Nguyen is currently the principal security consultant with Blue
 
Moon Consulting Co., Ltd. He started poking at binaries when he
 
couldn't finish Dune 2 and has since spent more than a decade reverse
 
engineering and understanding how stuffs work.
 
Nam is a CISSP, a core member of the VNSecurity group, and a chapter
 
lead of OWASP Vietnam. His interests include code construction and
 
destruction, decompilation and Python.
 
 
 
----
 
 
 
 
http://www.infosecurityproject.com/images/infosec2007_content_04.jpg
 
 
 
'''OWASP(HK Chapter) supports 8th Infosecurityproject Conference:'''
 
URL:http://www.infosecurityproject.com/
 
 
 
 
 
http://www.takungpao.com/images/new.gif'''OWASAP Committee Member, Richard Stagg, uncovered Security Reality (Mar 2007)
 
Richard from Handshake Networking could tell you the truth of that.
 
URL:http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=409104
 
 
 
 
 
 
 
'''Hong Kong Standard: HKU changes Internet policy to boost security
 
Hong Kong University has changed its Internet policy a week after The Standard reported that improperly indexed material listed on its Web sites could be accessed by users of the Google Internet search engine. Doug Crets 4/3/2006'''
 
 
 
URL: http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15675&sid=7341056&con_type=1&d_str=20060403&sear_year=2006
 
 
 
 
 
'''Hong Kong Standard: Online enemy within
 
The biggest threats to computer users are not hackers but their own ignorance, complacency or carelessness, writes Doug Crets 3/27/2006'''
 
URL:http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=15121&sid=7238709&con_type=1&d_str=20060327&sear_year=2006
 
 
 
 
 
'''Web Application Security with PISA:''' http://www.pisa.org.hk/event/web-appl-sec.htm
 
  
http://www.pisa.org.hk/event/web-appl-sec.jpg
+
We will hold a seminar on 11 March in HKUST:
  
 +
Please kindly find the details including agenda, venue and registration in the URL below:
 +
https://www.eventbrite.hk/e/owasp-techday-2017-hk-tickets-32188270985
  
'''OWASP (Hong Kong Chapter): Successful Web Application Security and Hacking Demo seminar co-organized with Hong Kong Java User Group (30 Jul 2005'''
+
Thank you for your joining.
https://hkjug.dev.java.net/gatherings/2005/0730.html
 
http://www.infosechk.org/download/OWASP/20050730/2_exposure.JPG
 
  
 +
Some speakers are OWASP Core Members have been involved in various Web application research and CTF games, please come and enjoy.
  
'''OWASP (Hong Kong Chapter): Web Application Security organized with Sun Wah Pearl Linux (29 Oct 2005)'''
+
We are thankful to HKUST to sponsor the venue and host the event with us.
  
http://www.infosechk.org/download/OWASP/20051029/seminar.jpg
+
Organizer: OWASP Hong Kong Chapter
 +
Co-Host: HKUST Computer Science Department
  
 
== Contact Us ==
 
== Contact Us ==
Line 227: Line 68:
  
 
[[Category:China]]
 
[[Category:China]]
 +
[[Category:Asia]]

Latest revision as of 08:50, 21 February 2017

owasp-hk_logo.jpg


OWASP Hong Kong

Welcome to the Hong Kong chapter homepage. The chapter leader is Anthony LAI,CISSP,CISA


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


<paypal>Hong Kong</paypal>

The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because: -There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one's confidential information and interrupt any critical business operations.

- Raise the security awareness of web application development among the professionals.


- Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.


- Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user and security groups including VXRL in Hong Kong.


Coding Practice

- Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment

- Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.

- Recent Web application security concerns.

- Regularly convey latest projects and presentations from OWASP.

OWASP HK Chapter Core

Facebook: https://www.facebook.com/OwaspHongKongChapter

News from Hong Kong Chapter

OWASP TechDay 2017

Time: 0930 - 1730

'Venue: LTG, HKUST

Details:

We will hold a seminar on 11 March in HKUST:

Please kindly find the details including agenda, venue and registration in the URL below: https://www.eventbrite.hk/e/owasp-techday-2017-hk-tickets-32188270985

Thank you for your joining.

Some speakers are OWASP Core Members have been involved in various Web application research and CTF games, please come and enjoy.

We are thankful to HKUST to sponsor the venue and host the event with us.

Organizer: OWASP Hong Kong Chapter Co-Host: HKUST Computer Science Department

Contact Us

Chapter Mailbox

P.O. Box No. 6684, General Post Office, Hong Kong SAR


Recent Update

--Anthony Lai 11:25, 6 July 2006 (EDT)