To help it practitioners have more harvest, in the ardent expectations of the many C powder and CTO club to build the CTO online forum since the debut since obtained from. Current invitationDark cloud network founder Fang XiaodunbringEnterprises how to build their own "security immune system"?Theme sharing.
Welcome to CTO class micro channel group and big coffee industry zero distance communication, January 29 Japan forum registration period dragged to the end of the text view.
Share guests:Dark cloud network founder Fang Xiaodun
Guest profile:Small square meal, cloud network founder, members of the famous domestic security organizations 80sec. Net for Kenshin, hacker circles celebrities, in China's information security industry known. Served Baidu security experts, responsible for the work of the hacker attacks against Baidu sites, in 2010 to create a cloud vulnerability reporting platform to become the industry's first person.
Company profile:Wooyun is security a vendors located and security studies between feedback platform, feedback and follow-up treatment to the security issues in, for Internet security researchers provide a welfare, learning, communication and research platform. Its name derived from currently on the Internet "cloud", in this not to do "cloud" embarrassed and people greeted the era, network security, whether technology or thinking, feeling a little black, so naturally the clouds.
Cloud is a community enjoys high reputation in the field of global security, the site working to become a security issues between manufacturers of network security and network security research and enthusiasts feedback platform, gathered tens of thousands of high level white hat hackers, covering web technique, client, and intelligent hardware each field.
The following is the January 21st CTO forum site complete shorthand:
Moderator: today ~ ~ ~ welcome to lecture Kenshin to introduce you to trouble yourself.
Kim:Hello, I'm the cloud's founder, is also a former technology Baidu team responsible person, responsible for Baidu security technology team construction work, from the early formation of security team of security technology to now has been in the field of security experienced 10 years the.
Moderator: we know that you are before the Baidu security architect, but also the founder of 80sec, can you share your work experience in this period of time?
Kim:I most early in the school to safety when sex good play, also set up a security team 80sec and some of the small partners to share and exchange of security technology, and now these people have is Ali, Tencent, 360 security main;
Later, some large Internet Co began to threaten and attack us into Baidu began to build the security team to help Baidu to resist external after some safety awareness, this time is more interesting for the first time, into a large enough platform and attack against us, this time from the bottom to the network even in the business system to the application level and the hacker had some contest, the earliest attacks are DDoS, some protection behind began on the application layer, finally began to consider the protection for internal APT and the production of black business class, this period also comprehensively from a purely technical thinking to safety think if the real security in the enterprise to promote and implement, how to consider the balance between security and business, also further thinking about how real enterprises produce technology Value;
Moderator: cloud platform can be said to be very well-known in the security circles, is the reason why you are determined to start doing this platform, then the idea is what kind of period encountered any problems?
Kim:When I was at Baidu that security itself is still relatively closed, as in fact most business builders cannot understand safety value, but when an opportunity is China the Internet at a faster pace than ever in the development of a large, this is the embodiment of the development of the cloud, and the cloud is the essence of data by the end of the transfer process to a cloud, we realized that if you can't really have a good understanding of security will lead to disaster in the future data, because the data loss is an irreversible process, so we want to be able to more and more enterprises and unable to protect their users do what, and in the middle the biggest problem is the problem of asymmetric information, the enterprise is not clear outside of the attack is what users do not know whether the enterprise can protect our data well And what risks will result in the loss of data.
We choose is the first step to this industry become more transparent, so that more and more enterprises understand the safety, let more users to the risk of cloud solutions, so we began to try to side can really understand the safety of white hat together to the enterprise safety issues identified, and ultimately ensure that safety issues can be open, change the relative to the previous enterprises do not attach importance to the safety and used some closed to deal with the problem, our challenge is still quite large, mainly from in all of this new mode do not understand;
This do not understand is, before you think security issues should be closed processing. However, we believe that users must be aware of this risk, resulting in many conflicts, until now we slowly accept this model;
Moderator: ask you to introduce the technical team and the black cloud network.
Kim:The cloud is an open security community, we hope to be able to build a secure Internet immune system to the strength of the community, but the community is relatively loose so we have started to apply to the enterprise community docking to produce more value to products and services, the cloud is mainly operation and research as well as its research and development team however, from the security technology is more combined with the community and the power of the platform, because we believe that no matter how strong the strength of a technical team of metropolitan boundary as the entire community are strong and the power of the Internet, we are thinking of how to put these scattered forces together to produce more value, we one step will also strengthen research and technology team, interested friends can chat with me:)
Host: would you please introduce the technology products and services provided by the clouds.
Kim:The clouds themselves is partial community, the is free of charge, we can get on their own security early warning and notification by the addition of clouds; community is relatively loose, so also for a number of security have high requirements of the enterprise, we will white hat in the community the best show for the receipt of business more efficient to help companies find security problems, this part we also has products try to SaaS model complete white hat and enterprises docking periodic monitoring of enterprise safety problems. At the same time, we also have to white hat crowdsourcing as the core of safety training and emergency services;
Moderator: what is the status of our current Internet security environment? What is the biggest challenge of the Internet in China?
Kim:At present Chinese Internet security environment has been much better than before, because more and more people begin to pay attention to the safety of this part, at the same time because of the rise of China also led to Internet security has risen to the height of national security, this is because the number of Internet users Chinese laid the foundation, but also to see the basis of trust system China the social rules and is lack of actual society, those bad things like the Internet will be enlarged, so Chinese Internet environment is actually very bad, we will attack, based on this I also think that the Internet is the biggest challenge China security challenges;
Moderator: the development of Internet products which are common security issues? What are some good suggestions?
Kim:We must be talking about when it comes to security in data security, and the data is actually throughout the technology process, from basic network to the top business, now with the continuous development of the underlying infrastructure, relatively more and more standardized and standardized, so the security problem must be moved, including security operation development and business environment, when we develop Internet products if the product is not very important or do not contain important data, there may be some security issues will be covered, but as long as you relate to user data or to pay financial profit may be used to redeem and other functions, will encounter a lot of people come here from your attack attempt to profit cash for example, the wool party is a good example, but there are still many security problems in you don't know When being used, my suggestion is we should for safety concerns, enhance the foundation of safety consciousness, at the same time when necessary to the safety input, clouds will continue to open many on security issues, examples of hope everybody can have value, and in the early to solve the problem out;
Moderator: how to understand the security issues with its original sin "?
Kim:Security issues of sin is always security into survival, security is always an important but not urgent, but once an emergency may all night. This is a paradox.
Moderator: you once said in public in the hope that through the dark clouds of their own repair methods, the way to do security, this seems to be a lot of people's consideration is not the same, can start to talk about?
Kim:And human health, an enterprise and even the entire Internet security is the same reason, the environment is dynamic, and security risks exist, then we have to do is to have a set of risk monitoring and early warning, emergency response even rapid immune mechanism, black cloud is to help everyone to build such a mechanism, on the one hand, we let the community to help companies find and repair risk. On the one hand, we will put the risk encountered by some of the latest security threats or other enterprises through the clouds tell other enterprises well in advance to prevent immune function;
Host: how to build their own enterprise security immune system? What are the key technical points?
Kim:Focus on the construction of the immune system in fact, including self perception, and the immune response mechanism, security is throughout the whole process from the bottom to the foundation for the enterprise business, according to the different stages of security also has different requirements for the technical requirements are not the same, operation research and infrastructure security is the base of and this part is the key point of the daily management system specification and safety consciousness, if related to the electricity supplier, payment and financial security, so for business will have higher requirements, need to own point grasp of business risk, business risk control mechanism is to improve, if is a platform for enterprises so we must fight against the black industry chain to consider long; the ability of the acquisition of enterprises on the one hand can rely on such as clouds The third party, on the one hand can also according to their own needs to build a security team;
Host: what is the future development direction and positioning of the clouds? In addition to loopholes, clouds can help companies do?
Kim:Clouds the future development direction is to not only help the enterprise to find security vulnerabilities, long clouds also hope to assist the company to build immune system of their own security and safety system, whether it is in the form of community service or product, the cloud to the whole community and Internet Security full power delivered to all enterprises;
Moderator: Please combine the accumulation of your own technology in these years, talk about how to achieve efficient technical people to learn and improve skills?
Kim:I think technology personnel first to explore the essence of the problem, have a desire of the technology itself, but should not only the technology as a career, if technology have higher requirements and on the nature of the thing are eager to learn, grow up soon, I feel the most efficient learning is of unknown things of interest, in the security area have a word hack to learn, quite right, everyone should hacker: when)
Moderator: please with your personal experience to talk about business on the road you have what harvest and thinking, for nowadays, more and more people want to join the venture to the sea of young people, any suggestions?
Kim:I now feel that the Internet is too impetuous, to practical work too few people, entrepreneurs encounter problems and difficulties to would be a lot more than expected, now I do not recommend youth entrepreneurship, if you really want to venture that ability is not only in the technical requirements, it is more understanding of the industry and to enhance the technical field of vision and ability, this does not in some big companies or follow some of the team together through do not grow up;
Moderator: on the technical route to go farther than the people, you have any suggestions and advice? Recommend some of the information you think is very good or books it.
Kim:I support you go further in the technical route, especially those comply with their own personality, I heard a lot of people are do technology to a certain time to turn the management or other positions, I think this is a partial impetuous ideas, the advice is to follow your heart, to have some of the harvest;
Interaction link: dark clouds and 360 have cooperation? You will carry on the vulnerability of peer detection?
Kim:We will have the technology to share cooperation, are open to the entire Internet to share security knowledge, can be in theHttp://drops.wooyun.orgSee, we will pay attention to the security of the Internet, so as long as we are related to the Internet, we will care, does not exist will be concerned about what will not pay attention to what the problem;
Interactive session: Hello, can share a case of information data is how to leak it?
Kim:Data itself is valuable, once the data value will have to try to attack, the attacker may use a variety of ways, traditional may be commercial espionage, but now more commonly have the process or management loopholes loopholes to data theft, common such as apt penetrate, SQL injection or some staff turnover are likely to cause problems;
Interactive session: system detection mechanism is not similar to the FM insurance company to establish a standard of various risk mechanisms?
Kim:The detection mechanism of the system is not a standardized content, because the technology itself is diversified, so more and more to the service and according to the technical characteristics of the program to take.
Interactive session: we are interested in white hat services, may I ask how to contact and purchase services.
Interactive link: on the recent spread of the black clouds and 360 black, I would like to ask you how to look at this?
Kim:I have not heard of the black clouds and the 360 black problems, at least the clouds did not do this thing:
Interactive session: for Internet start-ups and build a project from the start should pay attention to security issues, but rapid development projects and security budget is relatively small, how can lower cost found its own security problems, and to obtain the solutions? Do you have any suggestions.
Kim:Internet companies really early will pay more attention to the rapid development and relatively safe lag, this is the original sin of normal thinking is I mentioned safety, I suggest is started in the project do not need to introduce heavy security but development to a certain stage must be the introduction of security, this time can with third party services such as dark clouds to low cost to solve the problem. In the later period of the development to try to create your own team the.
Interactive session: "as a game development company, not in the external development environment, avoid code to leak outside, lead to PW appear?" Is there any good advice?
Kim:Can say in detail under the network development is what mean?
Q: we are now beginning to be divided into intranet and extranet, intranet is the internal network and outside the public can free access to the network.
Kim:OK, this is a typical Internet data protection case, in essence, or to do good luck peacekeeping data authorization and access control, introducing secondary verification and fine granularity access control based on, you can consider how to let your code has no value or use value becomes lower, so you can eliminate this problem.
Q: "how do you understand that you can consider how to make your code less valuable or less valuable?"
Kim:For example, the user's phone number is valuable, but if you are in the data desensitization to remove these people will not have an interest in your data. If your code does not allow someone to make a profit, no one will be interested in it. To resolve from the business point of view, the impression that the typical example is a lot of Diablo early break version but the latest version of that a basically did not version made the SaaS model. To rely on technical confrontation is not possible or to go deep into the business:
Interactive session: does the measurement service have a standardized product flow? When can I buy it?
Kim:There are standards of the measurement can be inHttp://ce.wooyun.orghave a look
To communicate with the big coffee industry zero distance, welcome to join the CTO forum micro channel group, participate in the CTO forum!
Shared themes:Discussion on technical framework of SaaS cloud customer service platform
Guest profile:Liu Ming, Yi Chong cloud customer service CTO, has many years of SaaS enterprise class product development experience. Keen to research various technologies, from the front end of the interface design extends to the back-end service operation and maintenance, familiar with distributed, cache, message, search and other mechanisms. Due to optimistic about the domestic SaaS development trends, join Yi Chong cloud customer service, has been engaged in architecture design and product development and other core work, is committed to build the industry's leading cloud customer service platform.
Company profile:Yi a cloud service since the establishment of the 2011 will let the spirit of enterprise users more satisfied, customer service more efficient, management easier for the purpose, to build China's most stable and safety of one-stop customer service system, integrated call center, micro channel customer service, online customer service, work order system, APP service, mail service, form customer service, and customer microblogging, the achievements of the Yi a cloud service: customer trust a station type enterprise level cloud services platform.
In three years time, we always from the customer, from customer service, from the angle of management to improve our products. Is our such insist, for the Baidu, 360, ape exam, Shen Tong, honey Amoy global purchase, Uber, Evernote and 30000 excellent enterprises trust.
In a SaaS model for enterprises to create all in one of the customer service platform, construction of enterprise online help center, polymerization mail, voice calls, IM chat online, feedback components, mobile app, PC / mobile terminal form, microblogging, micro channel, API interface, and other customer support channels, users will come from various sources in the form of single of response and acceptance, through enterprise pre-sale sale and after-sale customer service, make business process standardization management of customer service.
Share time and place:January 29th (Friday) 10:30, CTO Group Forum
Adding way:Scan the two-dimensional code and "C powder small assistant" friends, apply to the group.
Is not a member of the CTO Club of the company technical person in charge, welcome to join the club immediately:Prog3.com/sbdm/cto.
More club dynamics, welcome to sweep yards attention micro signal: