信息安全知识库 http://vipread.com 信息安全相关知识库-专业的信息安全IT文档分享平台,使知识可以总结,经验可以分享,汇集优质文档资料的交流平台 http://vipread.com http://vipread.com zh-cn Tue, 11 Dec 2018 02:55:59 +0000 Frida在移动安全审计中的应用 http://vipread.com/library/item/2089 <a href='http://vipread.com/library/item/2089'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543459802.png'><br /><h1>目录</h1> <ul> <li>应用审计</li> <li>Frida介绍</li> <li>Macaron</li> <li>Passionfruit</li> <li>小结</li> </ul> http://vipread.com/library/item/2089 Thu, 29 Nov 2018 02:50:03 +0000 数据安全的冰与火之歌 从 GDPR 看企业数据安全合规建设 http://vipread.com/library/item/2088 <a href='http://vipread.com/library/item/2088'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543459632.png'><br /><h1>演讲议题</h1> <ul> <li> <ol> <li>不再安全的世界</li> </ol> </li> <li> <ol> <li>GDPR的挑战和契机</li> </ol> </li> <li> <ol> <li>企业数据安全合规应对之道</li> </ol> </li> </ul> http://vipread.com/library/item/2088 Thu, 29 Nov 2018 02:47:13 +0000 渗透中的权限维持 http://vipread.com/library/item/2087 <a href='http://vipread.com/library/item/2087'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543459526.png'><br /><h1>目录</h1> <ul> <li>1 权限维持 </li> <li>2 Windows 相关 </li> <li>3 Linux 相关 </li> <li>4 中间件 </li> <li>5 webshell</li> </ul> http://vipread.com/library/item/2087 Thu, 29 Nov 2018 02:45:27 +0000 浅谈互联网安全建设 http://vipread.com/library/item/2086 <a href='http://vipread.com/library/item/2086'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543459409.png'><br /><ul> <li>电商金融面临的主要风险类型</li> <li>基础安全</li> <li>关于设备告警/日志</li> <li>安全体系</li> <li>业务安全</li> <li>风控</li> <li>关于机器学习的应用</li> <li>DGA恶意域名判断</li> </ul> http://vipread.com/library/item/2086 Thu, 29 Nov 2018 02:43:30 +0000 保护数字时代安全 http://vipread.com/library/item/2085 <a href='http://vipread.com/library/item/2085'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543458812.png'><br /><ul> <li>我们的使命:保卫数字时代-未知威胁的防御者</li> <li>如何安全“上云”</li> </ul> http://vipread.com/library/item/2085 Thu, 29 Nov 2018 02:33:33 +0000 助力零信任安全架构的下一代 IAM http://vipread.com/library/item/2084 <a href='http://vipread.com/library/item/2084'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543458630.png'><br /><h1>目录</h1> <ul> <li>业务背景</li> <li>面临的安全风险</li> <li>下一代IAM</li> <li>实践总结</li> <li>未来展望</li> </ul> http://vipread.com/library/item/2084 Thu, 29 Nov 2018 02:30:31 +0000 转变 安全管理到安全评审 http://vipread.com/library/item/2083 <a href='http://vipread.com/library/item/2083'>本文链接</a><br /><img src='/static/uimages/2018-11-29/2_1543458451.png'><br /><h1>目录</h1> <ul> <li>01 信息安全管理体系落地实践</li> <li>02 项目安全评审生命周期运营管理</li> <li>03 信息安全监控应急建设思路</li> </ul> http://vipread.com/library/item/2083 Thu, 29 Nov 2018 02:27:32 +0000 SAE2018_AVST_Brochure_自动驾驶汽车安全技术国际论坛 http://vipread.com/library/item/2082 <a href='http://vipread.com/library/item/2082'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543311134.png'><br /><p>SAE 2018 自动驾驶汽车安全技术国际论坛</p> <p>自动驾驶已是全球汽车技术的发展趋势,正在快速成长。它将对传统汽车制造业以及出行领域产生颠覆性变革。然而公众对其报有巨大的忧虑,最为核心的就是如何保障安全。</p> <p>与传统汽车相比,自动驾驶汽车是一个更为复杂的系统,对安全将提出更高的要求。本次论坛议题涉及自动驾驶标准、法规,自动驾驶安全设计,功能安全,网络安全,自动驾驶系统技术,安全测试,验证评价。还将讨论迎接无人驾驶所做的安全准备。论坛将汇集来自世界的一流的行业领袖、专家学者,共同探讨自动驾驶汽车的安全挑战及解决方案。</p> <p>点击下载会议手册</p> <p>Download the Brochure</p> http://vipread.com/library/item/2082 Tue, 27 Nov 2018 09:32:14 +0000 DEKRA - 助推自动驾驶未来发展 http://vipread.com/library/item/2081 <a href='http://vipread.com/library/item/2081'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543310637.png'><br /><h1>DEKRA - 助推自动驾驶未来发展</h1> <p>Stanislaw Zurkiewicz DEKRA 摘要 随着自动驾驶和车联网技术的快速发展,专业检测设施和多样性的模拟能力变得比以往更加重要。除了对 功能性组件进行测试外,全面综合性的技术测试需求也越发迫切。这其中就包括自动驾驶和车联网应用中 车辆彼此之间以及其与基础设施之间的交互方式的测试。 DEKRA 可根据OEM 及其供应商的复杂需求制定独特的应对方略。我们率先定义协议并促进标准化进程, 成为行业内OEM 及其供应商的积极合作伙伴。凭借德国自动驾驶测试场地和西班牙互联互通测试场及实 验室的专业知识,DEKRA 为未来汽车行业提供综合性完善的测试环境,满足创新带来的需求,重塑人类 的生活和出行方式。</p> <p>DEKRA - Supercharging the Future of Autonomous Driving Stanislaw Zurkiewicz DEKRA ABSTRACT The rapid advance of automated and connected driving technologies has made access to specialized testing facilities and extensive simulation capabilities more important than ever before. As well as the need for functional component testing, there is an urgent requirement for fully integrated technology testing. This includes the ways in which vehicles with automated and connected driving technologies interact with each other and with the infrastructure. DEKRA has developed a unique strategic response to the complex needs of OEMs and suppliers alike. Centered on the expertise of our test site in Germany and our specialist laboratory in Spain, our goal is to provide a fully integrated testing landscape that will meet the needs triggered by innovations that are reshaping the way we live and travel.</p> http://vipread.com/library/item/2081 Tue, 27 Nov 2018 09:23:57 +0000 超越原型:EASYMILE 商用化自动驾驶小巴 http://vipread.com/library/item/2080 <a href='http://vipread.com/library/item/2080'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543310471.png'><br /><h1>超越原型:EASYMILE 商用化自动驾驶小巴</h1> <p>Pejvan Beigui EasyMile 摘要 自2014 年下半年上市以后,我们的自动驾驶班车的销量连续三年节节攀升,虽然三年的时间不长,但就“零 基础设施”的MaaS 商业化产品而言,这已经是最长的增长记录了。 很多公司设计的是独特、定制化的原型车,这是为了研发和“技术示范”,而我们的客户是要在真实的公 共交通中投运我们的车辆。我们要设计的是可以量产的车型,来满足真实运营的要求,所以我们面临的挑 战和大多数自动驾驶初创公司截然不同。 在本次报告中,EasyMile 的首席技术官Pejvan Beigui 将介绍EasyMile 所使用的技术,并探讨在满足效率 和安全要求的前提下,如何在成熟的交通行业和汽车制造行业融入最前沿的技术?在这个过程中,自动驾 驶行业又面临着什么样的挑战?</p> <p>Beyond the Prototype: EasyMile's Commercially Available Autonomous Shuttles</p> <p>With our autonomous shuttles sold and deployed since late 2014, we have a short, 3-year track record. Yet, this is probably the longest track record available for any commercial product in the "no infrastructure" MaaS space. Designing unique, bespoke prototype vehicles to conduct R&amp;D and "technology demonstrations" is vastly different from actually commercialising autonomous vehicles and managing the expectations of real, business customers who happen to be operating public transportation with your vehicles — we face completely different challenges than most "AV" startups we meet. During this talk, Pejvan Beigui, EasyMile's CTO, will provide an overview of the technology used within EasyMile, and discuss the challenges facing the AV industry when it comes to managing bleeding edge technology alongside mature transports / vehicle manufacturing industries and their efficiency and safety requirements.</p> http://vipread.com/library/item/2080 Tue, 27 Nov 2018 09:21:12 +0000 自动驾驶- 功能安全与预期功能安全相互作用的挑战 http://vipread.com/library/item/2079 <a href='http://vipread.com/library/item/2079'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543310165.png'><br /><h1>自动驾驶- 功能安全与预期功能安全相互作用的挑战</h1> <p>ISO 26262 《道路车辆—功能安全》就如何预防由汽车电子电气系统产生故障导致的意外风险提供了指导 意见。但是,即使电子电气系统没出故障,因技术或系统定义缺陷也会造成安全隐患。 ADAS 开发人员一方面要解决车辆功能安全问题,一方面要考虑时下热议的“预期功能安全(SOTIF)”, 处境越发地艰难。目前为止,关于SOTIF 的指导文件并不多。不过,即将发行的ISO PAS 21448《道路车辆— 预期功能安全》文件或将填补这一空缺。</p> <p>Automated Driving - Challenges in the Interplay between Functional Safety and Safety of the Intended Functionality Mirko Conrad Samoconsult GmbH ABSTRACT ISO 26262 "Road vehicles — Functional safety" provides guidance on how to avoid unreasonable risk due to hazards caused by malfunctioning behavior of automotive E/E systems. However, hazards can also been caused by these systems in the absence of any faults, i.e., resulting from technological shortcomings or shortcomings in their system definitions. Developers of ADAS are increasingly caught between addressing functional safety and the latter topic area, dubbed SOTIF (safety of the intended functionality). To date, there is only limited guidance on SOTIF, but ISO PAS 21448 "Road vehicles— Safety of the Intended Functionality", an upcoming Publicly Available Specification, might improve this situation.</p> http://vipread.com/library/item/2079 Tue, 27 Nov 2018 09:16:06 +0000 机器学习对高度自动驾驶功能安全系统的挑战 http://vipread.com/library/item/2078 <a href='http://vipread.com/library/item/2078'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543309536.png'><br /><h1>Can Machine Learning in Highly Automated Driving Exist in a Functional Safety System?</h1> <p>Mark A. Crawford, Jr. Great Wall Motor ABSTRACT Machine learning (ML) is increasingly becoming a key enabling technology for highly automated driving (HAD) vehicles. With all the significant advances that ML has contributed in HAD, there are significant challenges in assessing the risks associated with this artificial intelligence technology. ML presents unique hazards and software challenges that require new approaches to ensure functional safety. This presentation will review the difficulties in incorporating ML into HAD to reduce safety risks and will discuss recommendations for solving these problems in a functional safety context.</p> <p>机器学习(ML)技术正日益成为推动高度自动驾驶(HAD)汽车发展的关键因素。不过,ML 技术在推动 HAD 汽车实现重大发展的同时,也带来了一些新的安全风险。具体来说,ML 技术的应用给汽车功能安全 带来了新风险与新的软件挑战。本演讲将侧重介绍ML 技术应用于HAD 汽车所带来的安全风险,并就如 何提高HAD 汽车功能安全提出了几点建议。</p> http://vipread.com/library/item/2078 Tue, 27 Nov 2018 09:05:37 +0000 OBD-II 设备的网络安全风险 http://vipread.com/library/item/2077 <a href='http://vipread.com/library/item/2077'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543309296.png'><br /><p>Cybersecurity for OBD-II devices</p> <p>In the past few years, we are seeing a rise in the availability of aftermarket devices to access car data. Those devices often get connected to the car through the OBD-II port, which was originally designed for emissions testing. The OBD-II port allows access to the vehicle’s internal bus to anyone connecting to it. The initial standards that defined this port were targeting the access to emissions’ related information; although afterwards, new capabilities where added that allowed changing parameters or reprogramming the internal ECUs in the vehicle. Aftermarket OBD-II dongles provide consumers and enterprises with many useful features, but they also expose the vehicle to new risks that where not considered in the nineties, when the OBD standard was developed. In this presentation, we will review the risks associated to the connection of devices to the OBD-II port; and will discuss real-life examples of vulnerabilities affecting this type of devices.</p> <p>在过去的几年中,获取汽车售后数据的设备供应需求显著增加。这些设备通常通过OBD-II 接口连接到汽 车上,该端口最初是为排放测试而设计的。 OBD-II 端口允许对连接到它的任何设备访问车辆的内部总线。定义这个港口的最初标准是针对排放的相关 信息;尽管之后,添加了新的功能,并允许更改参数或重新编程车辆内部的ECUs。 汽车售后市场为消费者和企业提供了许多有用的功能,但同时也暴露了汽车的新风险,而在90 年代,当 OBD 标准被开发出来的时候,这些风险就没有被考虑过了。 在这次的演讲中,我们将回顾与OBD-II 端口连接设备相关的风险,并将讨论影响这类设备的脆弱性的真 实示例。</p> http://vipread.com/library/item/2077 Tue, 27 Nov 2018 09:01:37 +0000 自动驾驶的软件安全 http://vipread.com/library/item/2076 <a href='http://vipread.com/library/item/2076'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543307950.png'><br /><p>自动驾驶的软件安全 An AD system is, on its essence, a full stack system that is operated on a complex embedded system platform. Thus, the predominant software security concern to be addressed in such a system is the high security requirement of the components, especially the AD system components. In this presentation, we will first look at the application of software security in functional safety and SOTIF, which will cover software frameworks in complex real-time systems and the principles of reliability and redundant design. Then the presentation will address the necessity of building systematic infrastructures to facilitate information security protection function of software products. Detailed elaboration on this matter will be given, focusing on the design and requirements of information security protection in AD applications in the fields of vehicle border, vehicle terminals, communication and transmission, and security service systems. Bringing together different fields, software security will be the key to the high-volume development of AD systems!</p> <p>自动驾驶系统本质是运行在复杂嵌入式系统平台上的全栈软件系统,车载部件特别是自动驾驶对安全的极 致要求首先是系统的软件安全考虑。软件安全在功能安全和SOTIF 的应用将首先介绍,包括复杂实时系统 的软件架构、可靠性及冗余设计的核心思想;软件产品带来的信息安全防护功能需要体系建设,包括车边 界、车内终端、通信和传输、安全服务体系方面,自动驾驶应用的信息安全防护在这四方面的具体设计和 要求将阐述。作为跨行业的应用和融合技术,软件安全将是自动驾驶系统量产开发的最关键技术!</p> http://vipread.com/library/item/2076 Tue, 27 Nov 2018 08:39:11 +0000 自动驾驶汽车的设计确认和安全分析 http://vipread.com/library/item/2075 <a href='http://vipread.com/library/item/2075'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543307681.png'><br /><h1>自动驾驶汽车的设计确认和安全分析</h1> <p>通过关于自动驾驶汽车设计、安全评估和确认方法论的多个联合研究项目,我们取得相应的科学和技术成 果,涉及以下几个方面: • 如何给自主系统提供保障; • 如何改进使自主系统相关知识概念化的方式; • 我收集到了相关证据,证明自主系统是如何运转的; • 自主系统有多大程度会暴露在可能造成人员危害的关键场景。 我们尝试去描述增量工程框架的基础要件,这些基础要件已经应用于新技术开发,促进了运行部署领域分 析和前端设计优化流程 的交互。同时多种仿真技术的应用正在加速替代了系统的实际试验。</p> <p>In the context of a methodological cooperation achieved through different Research project, which concerned design, safety assessment and validation of autonomous vehicles, some scientific and technical material has been produced and collected about how to provide some assurance about autonomous systems and how it has to change the way we conceptualize knowledge about such systems and we produce evidence about how they will behave and how far they will be exposed to critical situations able to cause human damages. We try to describe the corner stones of an incremental engineering framework, which has already begun in new technology application development, and where close interaction between operational deployment field analysis and front-end design optimization process is fostered, at the same time whilst multiple simulation technics are pushed forward to substitute with real experimentation of the system.</p> http://vipread.com/library/item/2075 Tue, 27 Nov 2018 08:34:42 +0000 功能安全 - 安全自动驾驶是团队工作 http://vipread.com/library/item/2074 <a href='http://vipread.com/library/item/2074'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543307241.png'><br /><h1>功能安全 - 安全自动驾驶是团队工作</h1> <p>Christoph Maier DEKRA Digital GmbH 摘要 自动驾驶技术是未来最大的挑战之一。需要对数十个传感器进行每秒数百次的评估,以创建一个有效的环 境模型,并在此基础上,推导出驱动策略。为了确保正确和安全的功能,研发不仅要考虑电子产品,还要 考虑产品和整车水平的机制。为了在功能链中编排单个产品的行为,需要一个全面的、可追溯的风险分析、 风险缓解、测试规范和验证方法。 在此次演讲中,我们将介绍一种方法,讨论如何确保对机电产品的风险进行整体分析。</p> <p>Autonomous driving is technology wise one of the biggest challenges ahead. Dozens of sensors need to be evaluated hundreds of times a second to create a valid environmental model. Based on this model, the driving strategy will be derived. To ensure proper and safe functionality, the development has to consider not only electronics, but also mechanics on product and vehicle level. A holistic and traceable approach for risk analysis, risk mitigation, test specification and validation is needed to orchestrate the behavior of single products in the function chain. In this presentation we will present an approach on how to ensure a holistic analysis of risks of a mechatronics product.</p> http://vipread.com/library/item/2074 Tue, 27 Nov 2018 08:27:22 +0000 关于现代车辆中不可预知行为的挑战 http://vipread.com/library/item/2073 <a href='http://vipread.com/library/item/2073'>本文链接</a><br /><img src='/static/uimages/2018-11-27/3_1543307043.png'><br /><p>关于现代车辆中不可预知行为的挑战 Bodo Seifert DURA Automotive Systems 摘要 本次演讲描述了如何面对现代车辆中不可预知的行为。它展示了不可预知行为的种类,并从流程角度出发 讨论了设计的分成。然后我们可以简要地从流程(CMMI 能力成熟度模型集成和汽车仿真电路)角度出发 了解设计的寄出,了解ISO26262 功能安全,了解网络安全(简要地介绍J3061),最后实际地实现一个 电子控制单元。 This presentation addresses how to face unexpected behavior in modern automobiles. It shows the types of unexpected behavior and then discusses the design hierarchy from a process point of view. Then we will take a brief look at the foundation of the design from a process perspective (CMMI and Automotive SPICE), look at ISO26262, then at Cyber security (with a brief excurse to J3061) and finally a practical implementation of an ECU.</p> http://vipread.com/library/item/2073 Tue, 27 Nov 2018 08:24:04 +0000 爱奇艺安全的实时智能化实践 http://vipread.com/library/item/2072 <a href='http://vipread.com/library/item/2072'>本文链接</a><br /><img src='/static/uimages/2018-11-24/2_1543057954.png'><br /><p>议题简介:</p> <p>本次分享主要以爱奇艺智能安全从2.0向3.0演进为背景,以爱奇艺风控系统为落脚点,重点介绍了爱奇艺安全智能化的整体组成,风险控制的核心技术以及实时智能安全的落地案例。在讲解这些案例的过程中,我们会进一步结合对黑产攻击的实时感知,最终给出爱奇艺安全的自动驾驶探索。 </p> <ul> <li>爱奇艺智能风控</li> <li>风控3.0技术</li> <li>实时攻防对抗案例</li> </ul> http://vipread.com/library/item/2072 Sat, 24 Nov 2018 11:12:35 +0000 爱奇艺安全攻防实践 http://vipread.com/library/item/2071 <a href='http://vipread.com/library/item/2071'>本文链接</a><br /><img src='/static/uimages/2018-11-24/2_1543057817.png'><br /><p>议题简介:</p> <p>本次分享介绍爱奇艺在主机安全、应用安全、威胁检测纵深防御体系建设过程中,应急响应、漏洞扫描、渗透测试、审计合规等方面的实践经验。</p> <h1>Agenda</h1> <ul> <li>•漏洞扫描</li> <li>•威胁感知</li> <li>•入侵检测</li> <li>•堡垒机</li> <li>•渗透测试</li> </ul> http://vipread.com/library/item/2071 Sat, 24 Nov 2018 11:10:17 +0000 智能设备安全 http://vipread.com/library/item/2070 <a href='http://vipread.com/library/item/2070'>本文链接</a><br /><img src='/static/uimages/2018-11-24/2_1543057709.png'><br /><p>议题简介:</p> <p>作为前沿技术安全研究团队,Tencent Blade Team近年来在智能设备安全研究方面积累了大量成果,本次演讲中,张博将分享一些团队研究过的智能设备漏洞案例,如智能家居设备破解,智能楼宇设备破解,智能音箱窃听等,同时以此总结智能设备的攻击面与安全测试思路。最后张博将分享针对智能设备的漏洞修复与安全加固建议。</p> <h1>智能设备介绍</h1> <ul> <li>1.智能设备介绍</li> <li>2.团队研究成果</li> <li>3.智能设备安全研究思路</li> <li>4.安全建议</li> </ul> http://vipread.com/library/item/2070 Sat, 24 Nov 2018 11:08:30 +0000 唯品会攻击检测实践 http://vipread.com/library/item/2069 <a href='http://vipread.com/library/item/2069'>本文链接</a><br /><img src='/static/uimages/2018-11-24/2_1543057601.png'><br /><p>议题简介:</p> <ul> <li>(1)在海量流量中检测攻击,有如大海捞针。传统的攻击检测方案消耗大量机器性能。</li> <li>(2)如何利用流量特点,制定适用于大流量业务的攻击测方案:更少的性能需求,更好的效果。</li> <li>(3)唯品会的攻击检测 pipeline:异常检测 + 机器学习 + 专家反馈。 </li> </ul> http://vipread.com/library/item/2069 Sat, 24 Nov 2018 11:06:42 +0000 人工智能的安全问题 http://vipread.com/library/item/2068 <a href='http://vipread.com/library/item/2068'>本文链接</a><br /><img src='/static/uimages/2018-11-24/2_1543057499.png'><br /><p>人工智能近几年来发展迅速,然而在取得极大进步的同时,也暴露了很多安全问题。人工智能的安全性在不断的受到重视。我们把人工智能的安全性分为不同的层次,有系统应用层,中间层和算法层。系统应用层和中间层很大程度上是属于传统信息安全范畴,而算法层则是人工智能特有的安全问题。本次分享将从三个层次分别介绍极棒黑客大赛平台对人工智能的安全性所做的努力和目前已经取得的一些成果。</p> <ul> <li>人类对AI的恐惧</li> <li>AI安全的层次性</li> <li>AI应用系统的安全性</li> <li>AI基础系统的安全性</li> <li>AI算法的安全性</li> <li>对抗样本的危害</li> <li>对抗样本威胁模型</li> <li>安全极客与AI安全</li> <li>极棒对AI安全的支持</li> <li>CAAD对抗攻击与防御的专项赛事</li> <li>CAAD线上赛</li> <li>极棒AI赛事展望</li> </ul> http://vipread.com/library/item/2068 Sat, 24 Nov 2018 11:05:00 +0000 安全客2018季刊第三季 | 暗网下的信息泄露 http://vipread.com/library/item/2067 <a href='http://vipread.com/library/item/2067'>本文链接</a><br /><img src='/static/uimages/2018-10-23/2_1540269745.png'><br /><h1>目录</h1> <ul> <li>【暗网黑产】<ul> <li>深藏暗网下的信息泄露</li> <li>2018上半年暗网研究报告</li> <li>互联网黑灰产工具软件安全报告:2018年度半年报告</li> <li>从恶意流量看2018十大互联网安全趋势</li> <li>唯品会SRC</li> <li>360安全大脑</li> </ul> </li> <li>【漏洞分析】<ul> <li>深入解析 CVE-2018-5002 漏洞利用技术</li> <li>金钱难寐,大盗独行 - 以太坊JSON-RPC接口多种盗币手法大揭秘</li> <li>赢得ASR奖励计划历史最高奖金的漏洞利用链</li> <li>GO 代码审计 - gitea 远程命令执行漏洞链</li> <li>[360 CERT]</li> </ul> </li> <li>【工具精读】<ul> <li>Android Native Hook工具实践</li> <li>RIPS 源码精读</li> <li>sqlmap内核分析</li> <li>利用动态二进制加密实现新型一句话木马</li> <li>微软轻量级系统监控工具sysmon原理与实现完全分析</li> <li>饿了么SRC</li> </ul> </li> <li>【安全运营】<ul> <li>互联网企业:如何建设数据安全体系</li> <li>代码自动化扫描系统的建设</li> <li>恶意挖矿监测运营实践和典型样本</li> <li>长亭科技</li> <li>云鼎实验室</li> </ul> </li> <li>【安全研究】<ul> <li>cors安全完全指南</li> <li>机器学习在 Windows RDP 版本和后门检测上的应用</li> <li>毒云藤组织(APT-C-01)军政情报刺探者揭露</li> <li>基于时延的盲道研究:受限环境下的内容回传信道</li> <li>SSL Pinning Practice</li> <li>网页缓存投毒技术详解</li> <li>众安天下</li> <li>【致谢】</li> </ul> </li> </ul> http://vipread.com/library/item/2067 Tue, 23 Oct 2018 04:42:26 +0000 业务上线前后的漏洞管理实践 http://vipread.com/library/item/2066 <a href='http://vipread.com/library/item/2066'>本文链接</a><br /><img src='/static/uimages/2018-09-20/2_1537423342.png'><br /><h1>目录</h1> <ul> <li>业界实践</li> <li>业务上线前后面临的挑战</li> <li>漏洞管理思路和实践</li> <li>实践案例介绍</li> </ul> http://vipread.com/library/item/2066 Thu, 20 Sep 2018 06:02:23 +0000 下一代移动应用安全 http://vipread.com/library/item/2065 <a href='http://vipread.com/library/item/2065'>本文链接</a><br /><img src='/static/uimages/2018-09-20/2_1537413228.png'><br /><ul> <li>移动应用发展</li> <li>攻防不对等导致黑客屡屡得手</li> <li>防护对象与防护边界的变化</li> <li>现今移动安全架构</li> <li>防御能力与业务发展不匹配</li> <li>从静态防御到动态防御的趋势</li> <li>从S-SDLC和DevSecOps相结合</li> <li>下一代移动应用安全</li> <li>立体化拟态防御体系</li> <li>下一代移动应用安全示意图</li> <li>移动应用安全威胁感知</li> <li>借鉴Gartner理念</li> <li>下一代移动应用技术优势</li> <li>挑战:移动应用安全+神经网络</li> </ul> http://vipread.com/library/item/2065 Thu, 20 Sep 2018 03:13:49 +0000 自动化安全扫描,在软件产品开发过程中保障安全 http://vipread.com/library/item/2064 <a href='http://vipread.com/library/item/2064'>本文链接</a><br /><img src='/static/uimages/2018-09-20/2_1537411456.png'><br /><h1>日程</h1> <ul> <li>应用安全认知</li> <li>安全开发演化</li> <li>安全开发现状</li> <li>企业所面临的安全挑战</li> <li>研发视角理解安全问题</li> <li>S-SDLC &amp; 讨论</li> </ul> http://vipread.com/library/item/2064 Thu, 20 Sep 2018 02:44:17 +0000 企业漏洞管理与持续化追踪建设浅析 http://vipread.com/library/item/2063 <a href='http://vipread.com/library/item/2063'>本文链接</a><br /><img src='/static/uimages/2018-09-20/2_1537411323.png'><br /><h1>目录</h1> <ul> <li>01 企业安全现状</li> <li>02 可持续安全防护管理体系</li> <li>03 关于爱加密</li> </ul> http://vipread.com/library/item/2063 Thu, 20 Sep 2018 02:42:03 +0000 DevSecOps 最佳实践探索 http://vipread.com/library/item/2062 <a href='http://vipread.com/library/item/2062'>本文链接</a><br /><img src='/static/uimages/2018-09-19/2_1537351005.png'><br /><h1>目录</h1> <ul> <li>•DevSecOps漫话</li> <li>•DevOps和DevDevOps</li> <li>•DevSecOps和S-SDLC</li> <li>•S-SDLC向DevOps演进的实践</li> <li>•DevSecOps的未来</li> </ul> http://vipread.com/library/item/2062 Wed, 19 Sep 2018 09:56:46 +0000 自动化威胁利用场景下的金融业务安全浅析 全方位提高软件安全性 http://vipread.com/library/item/2061 <a href='http://vipread.com/library/item/2061'>本文链接</a><br /><img src='/static/uimages/2018-09-19/2_1537350902.png'><br /><ul> <li>WHAT– THEPROJECT</li> <li>VULHUNTER自动化灰盒安全测试工具</li> </ul> http://vipread.com/library/item/2061 Wed, 19 Sep 2018 09:55:02 +0000 OWASP自动化威胁项目(Automated Threat Project) http://vipread.com/library/item/2060 <a href='http://vipread.com/library/item/2060'>本文链接</a><br /><img src='/static/uimages/2018-09-19/2_1537350775.png'><br /><h1>目录</h1> <ul> <li>项目介绍 INTRODUCTION</li> <li>自动威胁事件简介 THE ONTOLOGY</li> <li>对策分析 COUNTERMEASURES </li> <li>用户案例场景 USE CASE SCENARIOS</li> <li>自动威胁列表导引 AUTOMATED THREAT EVENT REFERENCE</li> </ul> http://vipread.com/library/item/2060 Wed, 19 Sep 2018 09:52:56 +0000