System Protection +DB Security +0day+, first glimpse ISC 2014 Internet Defense (free tickets)

April 8, 2014, Microsoft formally put an end to the technical support of Windows XP, as the longest service in human history of the computer operating system, in its lockout, user information security, and even national information security are facing serious challenges. How can this kind of security threat be effectively resolved after 5 months? Browser is an important way to attack viruses, in a comprehensive software market, how can we choose safe and effective tools and measures to prevent this ensuing security crisis?

September 24-25th, top hundreds of security experts from home and abroad gathered at 2014 China Internet Conference (ISC 2014) to uncover the ultimate mystery of network security for hundreds of millions of users. The current conference by the National Computer Network Emergency Technology Processing Coordination center and other guidance, 360 Internet Security Center and the Chinese Internet Association Network and Information Security Work Committee sponsored. If you are interested in mobile security, enterprise security, software security and other information security, yearning and security technology master face-to-face learning advanced attack cheats, then quickly to register!

In addition, as an important partner of the General Assembly, CSDN hosted the Software Security Forum and the cloud and data Security forum, and for the vast number of csdn users reserved some free tickets, if you are interested and experts in the operating system, desktop software vulnerabilities mining, software security testing and other technical exchanges, then seize the last limited places, Quick to sign up!

Software security is one of the most traditional areas of information security, the Forum will invite front-line combat experts, the following practical technology to explore:

system-level security, database security, desktop software security, software Anti-vulnerability mining, security testing.

This Software security forum is scheduled as follows:

Time Issues Speaker 13:30-14:10 The dialectical relationship between anti-virus and trusted computing from the security exploration of Microsoft operating system the first vice-president of the Tian ' an laboratory, and director of the Security Research and Emergency Response center of the Cheonan, Li Busong 14:10-14:50


XP Shield 3.0 Technical Insider's core protection


360 Defense Laboratory Director, XP shield a major inventor Zheng Wenbin


14:50-15:30


IE One 0day&windows 8.1 exploit


NSFocus Research Institute security researcher Song Kai


15:30-16:10


Data Security alert-talking about
from Oracle database security

, director of performance management and data security, Roheichon


16:10-16:50


Java Gray Box Security test technology sharing


, director of Hangzhou Arnhem Safety Research Institute Wu Zhouqing


16:50-17:30 software Anti-leak mining system Introduction to Snow Security Forum technical Experts, Huawei Network security technology expert Yu technology

speakers and topic Brief:

Li Busong--the first vice-president of the Antian Laboratory, and director of the Safety Research and Emergency Response center of the Cheonan

He is currently the first vice-president of the Ann Day Laboratory and director of the Security Research and Emergency Response center of the Cheonan, in charge of virus analysis and emergency response. In reverse engineering, virtual machine technology has carried out a lot of research, is the main line products AVLSDK Anti-Virus engine of the core technology to achieve one, has presided over or participated in a number of related scientific research projects, apply for a number of technical patents. Technical reports were made at XCON and other security forums.

Topic: Looking at the dialectical relationship between anti-virus and trusted computing from the security exploration of Microsoft operating system

This report demonstrates Microsoft's overall security context from the evolution route of Microsoft's operating system security, the application strategy of Windows to trusted computing technology and its attack and defense value, and illustrates the real security threat that Microsoft's operating system encounters in the process of actively trying the trusted computing technology with concrete cases. Finally, considering the security, supply chain security, social cost and other factors, this paper discusses the security model suitable for the current security situation.

Zheng Wenbin--360 first engineer, 360 Network Defense Laboratory Director, XP shield a major inventor

Domestic and foreign well-known Windows security experts, the National Information Security Vulnerability database distinguished experts. Engaged in network security for nearly a decade, 360 cloud security system and cloud main defense system design developers, 360 XP shield A major design developers, in a number of international security conferences to publish papers.

Topic: XP Shield 3.0 Technology Insider Core protection

Following the success of XP Shield 2.0 exclusive Shouji in the April XP Challenge, 360 released XP Shield 3.0 in July and participated in the second XP Range Challenge, which was held at the end of July. Although the participants in the XP challenge Hong from the best hackers and teams at home and abroad, XP Shield 3.0 still relies on a vastly enhanced vulnerability defense technology, sticking to the last minute.

In this issue, the 360XP Shield team will be among the many enhancements to the XP Shield 3.0, selecting the kernel Vulnerability protection mechanism that is critical to winning the latest XP challenge and sharing technical insider information about the technology enhancements to the ISC audience.

Song Kai (Exp-sky)--nsfocus Safety Research Institute

Has nearly 5 years of security research experience. Focus on browser security. Vulnerability mining related technology research, alone found dozens of ie110day vulnerabilities and reported to Microsoft. Advanced exploit technology research. Apt related attack and defense technology research. It was HitCon2014 speaker and XKungFoo2013 speaker.

Topic: Ie110day&windows8.1exploit

This paper mainly introduces how to develop IE11 general stable exploit technology in the case of Windows8.1 full pudding. Then we demonstrate different exploit methods by example of IE11 vulnerabilities under 2. It also includes interesting new techniques that allow you to easily and quickly and stably develop a exploit that is common to IE9 to IE11 browsers. Finally, the paper introduces the principles and countermeasures of Microsoft's new protection mechanism isolated heap, and gives the 0day demo of the actual successful confrontation.

Roheichon--Director of performance management and data security, cloud and inking

The winner of the domestic SQL competition, once served in Oracle company and other famous enterprises.

Topic: Data Security alerts-from Oracle database security

Database as the core of the enterprise IT architecture, its security should not be underestimated, the Oracle database security is roughly related to software security, access security, backup security, management security, and several major aspects, in this topic, will share Oracle database and the typical security cases and prevention methods, Content involves core technical content such as SQL injection.

Wu Zhouqing--head of Hangzhou Arnhem Safety Research Institute

Engaged in many years of information security work, penetration testing, code audit, leak mining has a wealth of experience

Topic: Java Gray Box Security test technology sharing

Web security testing methods are becoming more and more mature, the common means are through white box test and black box test, but these test method has obvious deficiencies. White-box test false positives rate is high, can not test complex business logic. Black-box test coverage is low and you cannot get the function that corresponds to the problem. Topic sharing How to implement the gray box test program, by verifying the use of Java gray Box test, can significantly improve the efficiency of the test, reduce the false alarm rate, and can track the entire code flow situation, quickly locate the problem code.

Yu Technology--Huawei network security technology expert

Watch Snow Safety Forum Technical Experts, the original star-Chen safety technology experts, China National Information Security Vulnerability database distinguished experts. 12 Network security attack and defense experience, the main areas of expertise: security coding, software system attack, crack and defense, vulnerability mining, analysis and utilization, reverse engineering, intrusion Forensics, compiler and debugger design and implementation.

Topic: Introduction to Software Anti-vulnerability mining system

the current software vulnerability mining model, software reverse engineering and reverse engineering introduction, combined with reverse engineering technology and vulnerability mining model, to build an anti-vulnerability mining system, so that the loophole can not be exploited to explore the system. Anti-exploit is similar to reverse debugging and reverse, which prevents external personnel from trying to exploit the target system.

China Internet Security Conference, enjoy the wonderful experience brought by the safety of Daniel, explore the mysterious journey of information security, more best-selling gifts, free places, wonderful succession, click for free enrollment.