Key Takeaways from YOOZOO’s First Innovation Security Developer Salon

On October 25, YOOZOO held its first Innovation Security Developer Salon in the 2nd‑floor theater, featuring five security engineers from leading internet companies discussing data security, intrusion detection, scanning, and DDoS defense.

Topic 1: Data Security in Enterprise Backend

Presented by senior data security engineer “挖土” from Ctrip, the talk covered challenges of monitoring sensitive data access in backend systems. A solution using Suricata with LuaJIT regex matching was demonstrated, along with session‑cookie based request‑to‑user correlation for fine‑grained alerts.

Topic 2: osquery in Practice

Senior security engineer Spoock shared experiences using osquery, an open‑source cross‑platform telemetry tool, for host intrusion detection and endpoint access control. He described query syntax, common pitfalls such as watchdog‑cgroup conflicts and large DB files, and detailed their large‑scale deployment as a HIDS agent.

Topic 3: “Unlimited Protection” Cloud Security

Security engineer “甜橙” from Zhidao Chuangyu discussed recent DDoS attacks on AWS DNS, categorizing attacks by resource consumption (network, system, application) and evaluating defense strategies, emphasizing the effectiveness of their own anti‑DDoS services.

Topic 4: Black‑Box Payload Generation Techniques

Senior security engineer Gaba from Didi presented methods for automated black‑box vulnerability scanning, achieving over 95% detection rates. He explained request template design, rule‑based parameter mutation, and scenario rule set construction, as well as optimization tips from fellow researcher Alice.

Topic 5: Linux HIDS Discussion

YOOZOO senior security engineer E_Bwill reviewed Linux kernel‑mode HIDS (AgentSmith‑HIDS), compared it with user‑mode solutions on Windows and macOS, and argued that future security will shift toward kernel‑level defenses as cloud adoption reduces network‑edge protection.