OWASP Hong Kong
Hong Kong
The Hong Kong chapter was formed in December 2004. The objectives to establish OWASP Hong Kong Chapter are mainly because: -There are many web applications established in past 10 years. However, how many developers know that their developed application are secure. Meanwhile, there are many transactional-based systems, we should not ignore that the web application is another channel for hackers to compromise one’s confidential information and interrupt any critical business operations.
-
Raise the security awareness of web application development among the professionals.
-
Encourage professionals to reference standard like ISO7799 for their web application security and post-deployment review as well as audit.
-
Accelerate to Share, learn, discuss and review best practices of the experienced web application development security professionals even across various user and security groups including VXRL in Hong Kong.
Coding Practice
-
Mainstream web technologies (i.e. .NET, J2EE and PHP on Linux) security assessment
-
Web application platform (i.e. Apache, IIS, Linux, Database) security assessment and review.
-
Recent Web application security concerns.
-
Regularly convey latest projects and presentations from OWASP.
Welcome
Welcome to all of you to visit our Hong Kong Chapter website.
Upcoming Meetings
We schedule our meetings on the OWASP Hong Kong Chapter Meetup Group
-> Please check the meetup group directly or the lcoal news section at the bottom of the page.
Our meetings are open to the public, and you do not need to be a member to attend. Please do consider joining OWASP if you find our community, projects, and meetings valuable, or sponsoring this chapter.
Participation
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Chapters are led by local leaders in accordance with the Chapter Policy. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.
Local News
Coming Up 2024: Intel x86/x64 buffer overflow exploit & ARM (MacOS) shellcode development - by Boris and Janet
Lab event
- Agenda:
- A crash course in Intel x86/x64 instructure set and assembly
- Walk through of buffer overflow exploit development
- featuring:
- writing assembly shellcode to download webshell
- including:
- Windows x86 SEH and Pop-Pop-Ret
- Linux x86 ROP
- featuring:
- Hands-on:
- Linux x64 Return-2-Register
- Linux x64 ROP (bypassing DEP and ASLR)
- ARM (MacOS) assembly shellcode development with null byte avoidance
- Date/Time and Venue to be announced
Past Activities in 2023
We will be running a lab session on 16 Oct 2023 for peers to practise LLM Prompt Injection.
- Agenda:
- Prompt Injection practice (Please see pre-requisites in MeetUp event)
- Time: 18:00 - 19:00
- Meeting Location: WeWork, 20/F, Cityplaza Phase 3, Quarry Bay, HK
- Everyone is welcome to join us at our chapter meetings.
We will be running a lab session on 13 Oct 2023 for peers to practise security in CI/CD pipeline as code.
- Agenda:
- CI/CD as code with security scanning hooks (Please see pre-requisites in MeetUp event)
- Time: 16:00 - 18:00
- Meeting Location: WeWork, 20/F, Cityplaza Phase 3, Quarry Bay, HK
- Everyone is welcome to join us at our chapter meetings.
We will be running a lab session on 4 Apr 2023 for peers to try out smart contract hacking and exchange ideas.
- Agenda:
- Smart Contract Hacking self practice and idea exchange
- Time: 16:00 - 18:00
- Meeting Location: WeWork, 20/F, Cityplaza Phase 3, Quarry Bay, HK
- Everyone is welcome to join us at our chapter meetings.