A while ago I mentioned that I would attend several security-related meetings in March.
The first meeting. 2008 China Software Security Summit,Http://www.sinoit.org.cn/Sponsored by the Electronics Industry Publishing House.
Below are my personal notes for some lectures for your reference. Many lectures can be downloaded.
Computer Virus development trend and anti-virus product testing
Chen Jianmin, deputy director of the National Computer Virus emergency response center
It is mentioned that Trojans are currently mounted on websites where attackers collect network traffic statistics. Because a large number of websites rely on the pace of the traffic website for statistics, once the trojan is successfully mounted on the traffic website, the Trojan's exposure is very high.
Domestic and foreign software vulnerability handling Overview
Zhou Yonglin, deputy director of the cncert/CC Operation Department
We mentioned three important security vulnerabilities this year. DNS Security Vulnerabilities (Dan Kaminsky), MS08-067 security vulnerabilities, and a yet unpublished TCP/IP security vulnerability (cncert does not know details about the vulnerability ). We mentioned the plan to create a CVE Vulnerability database program similar to that in the United States and Japan. This is very useful for tracking and managing security vulnerabilities, especially those of domestic software.
Network security in the Web 2.0 era
Shi Xiaohong, assistant chairman of Qihoo Company
The idea of evaluating the quality of URL and software through community feedback is mentioned. This is similar to the popular reputation service.
Business Software Assurance (software security assurance system)
Fortify practice ctor, Justin Derry in Asia Pacific
The Software Assurance maturity model is proposed. The HTTP isHttp://www.opensamm.org/Home.html. Are you planning to change this mode to the ISO standard? What is the difference between SDL and Microsoft?
Virtual Machine Technology Security
McAfee researcher sun Bing
Sun Bing is a master of virtual machines. After chatting with him, it is estimated that Microsoft's hyper-V will be studied soon.
Fuzz technology and software security testing
Wang Qing, a famous software security expert
Peach seems to be using more and more. Smart Fuzz must be the future development direction. The space for dumb fuzz is too small.
Microsoft Security Information Report Episode 5-Overview of China's security situation
Jiang mingzao, chief security consultant, Microsoft Greater China
There are statistics on browser-based security vulnerabilities in China. It is very interesting.
Due to time conflicts, it is a pity that I could not hear a lecture on encryption technology from the snow forum.