资料列表
Preview Name 作者 Date File info
  • 企业如何赢在SRC的起跑线
  • 目录

    • A SRC为何成为众多企业的安全解决方案必选项目
    • B 国内众多企业SRC的生存现状分析
    • C 健康的企业SRC都有哪些特质值得我们学习
来勇斗象科技高级产品经理 2019-01-17 11:08:59
  • 附件: 1 个
  • 大小: 0.85 M
Thinking@SlowMist 2018-12-31 09:40:15
  • 附件: 1 个
  • 大小: 4.59 M
  • 58集团漏洞治理设计与实践
  • 主要分享一下在安全测试、漏洞发现、漏洞修复等方面遇到的问题,以及58集团在解决这些问题的过程中的一些实践。

    目录

    • 漏洞发现
    • 漏洞处理
    • 安全运营&漏洞攻防
刘嵩--58赶集集团安全工程师 2018-12-26 12:37:50
  • 附件: 1 个
  • 大小: 80.51 M
gdygdy 2018-12-26 12:28:02
  • 附件: 1 个
  • 大小: 2.62 M
jkgh006|众测资深玩家,多家众测平台TOP白帽 2018-12-20 13:03:20
  • 附件: 1 个
  • 大小: 2.5 M
HackPanda青藤云安全·安全研究员 2018-12-20 13:01:37
  • 附件: 1 个
  • 大小: 2.08 M
  • DEKRA - 助推自动驾驶未来发展
  • DEKRA - 助推自动驾驶未来发展

    Stanislaw Zurkiewicz DEKRA 摘要 随着自动驾驶和车联网技术的快速发展,专业检测设施和多样性的模拟能力变得比以往更加重要。除了对 功能性组件进行测试外,全面综合性的技术测试需求也越发迫切。这其中就包括自动驾驶和车联网应用中 车辆彼此之间以及其与基础设施之间的交互方式的测试。 DEKRA 可根据OEM 及其供应商的复杂需求制定独特的应对方略。我们率先定义协议并促进标准化进程, 成为行业内OEM 及其供应商的积极合作伙伴。凭借德国自动驾驶测试场地和西班牙互联互通测试场及实 验室的专业知识,DEKRA 为未来汽车行业提供综合性完善的测试环境,满足创新带来的需求,重塑人类 的生活和出行方式。

    DEKRA - Supercharging the Future of Autonomous Driving Stanislaw Zurkiewicz DEKRA ABSTRACT The rapid advance of automated and connected driving technologies has made access to specialized testing facilities and extensive simulation capabilities more important than ever before. As well as the need for functional component testing, there is an urgent requirement for fully integrated technology testing. This includes the ways in which vehicles with automated and connected driving technologies interact with each other and with the infrastructure. DEKRA has developed a unique strategic response to the complex needs of OEMs and suppliers alike. Centered on the expertise of our test site in Germany and our specialist laboratory in Spain, our goal is to provide a fully integrated testing landscape that will meet the needs triggered by innovations that are reshaping the way we live and travel.

Stanislaw Zurkiewicz@DEKRA 2018-11-27 09:23:57
  • 附件: 1 个
  • 大小: 3.34 M
  • 自动驾驶汽车的设计确认和安全分析
  • 自动驾驶汽车的设计确认和安全分析

    通过关于自动驾驶汽车设计、安全评估和确认方法论的多个联合研究项目,我们取得相应的科学和技术成 果,涉及以下几个方面: • 如何给自主系统提供保障; • 如何改进使自主系统相关知识概念化的方式; • 我收集到了相关证据,证明自主系统是如何运转的; • 自主系统有多大程度会暴露在可能造成人员危害的关键场景。 我们尝试去描述增量工程框架的基础要件,这些基础要件已经应用于新技术开发,促进了运行部署领域分 析和前端设计优化流程 的交互。同时多种仿真技术的应用正在加速替代了系统的实际试验。

    In the context of a methodological cooperation achieved through different Research project, which concerned design, safety assessment and validation of autonomous vehicles, some scientific and technical material has been produced and collected about how to provide some assurance about autonomous systems and how it has to change the way we conceptualize knowledge about such systems and we produce evidence about how they will behave and how far they will be exposed to critical situations able to cause human damages. We try to describe the corner stones of an incremental engineering framework, which has already begun in new technology application development, and where close interaction between operational deployment field analysis and front-end design optimization process is fostered, at the same time whilst multiple simulation technics are pushed forward to substitute with real experimentation of the system.

2018-11-27 08:34:42
  • 附件: 1 个
  • 大小: 2.87 M
  • 关于现代车辆中不可预知行为的挑战
  • 关于现代车辆中不可预知行为的挑战 Bodo Seifert DURA Automotive Systems 摘要 本次演讲描述了如何面对现代车辆中不可预知的行为。它展示了不可预知行为的种类,并从流程角度出发 讨论了设计的分成。然后我们可以简要地从流程(CMMI 能力成熟度模型集成和汽车仿真电路)角度出发 了解设计的寄出,了解ISO26262 功能安全,了解网络安全(简要地介绍J3061),最后实际地实现一个 电子控制单元。 This presentation addresses how to face unexpected behavior in modern automobiles. It shows the types of unexpected behavior and then discusses the design hierarchy from a process point of view. Then we will take a brief look at the foundation of the design from a process perspective (CMMI and Automotive SPICE), look at ISO26262, then at Cyber security (with a brief excurse to J3061) and finally a practical implementation of an ECU.

Bodo Seifert@DURA Automotive Systems 2018-11-27 08:24:04
  • 附件: 1 个
  • 大小: 1.43 M
  • 看不到的攻击面
  • 内容摘要

    • Blind SqlInject (Nothing to say)
    • Blind Web Application Firewall bypass 绕过防护系统(变更 HTTP 请求方法)
    • Blind Redirect Analysis System 诱骗分析系统(变更 HTTP 请求 URI )
    • Blind CommandInject 【检测】不如都来带外数据通道( OOB )
    • 【检测】手工太麻烦使用自动插件( OOB )
    • Blind Outer to Internal System 由外到内
    • Blind PostParam 调用隐藏方法(增加或变更 HTTP 请求参数)
    • 寻找根源(大数据寻找源 IP )
CplusHua 2018-06-28 05:02:46
  • 附件: 1 个
  • 大小: 1.33 M