vulnerability management

Bilibili Tech

Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

DASTData SecurityDevSecOps

0 likes · 15 min read

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

FunTester

Jan 29, 2024 · Information Security

Fundamentals of API Security: Principles, Practices, and Lifecycle Management

This article provides a comprehensive overview of API security, covering authentication and authorization, privacy and encryption, input validation, detection, rate limiting, logging, secure coding, vulnerability management, lifecycle phases, and the importance of education and training to protect modern software ecosystems.

API securityAuthenticationAuthorization

0 likes · 14 min read

Fundamentals of API Security: Principles, Practices, and Lifecycle Management

vivo Internet Technology

Oct 31, 2023 · Information Security

Network Port Security: Risks, Attack Methods, and Governance Practices

Network port security demands continuous discovery, automated vulnerability scanning, traffic‑baseline anomaly detection, and disciplined governance—including source authentication, first‑packet drop, and lifecycle management—to mitigate DDoS, application‑layer, and exploitation attacks while ensuring minimal‑privilege openings and timely closure.

CC AttackDDoSNetwork Security

0 likes · 25 min read

Network Port Security: Risks, Attack Methods, and Governance Practices

php中文网 Courses

Jul 3, 2023 · Information Security

June API Security Vulnerability Report: MinIO, Joomla Rest API, and Argo CD Issues with Remediation Guidance

The June API security report highlights three critical vulnerabilities—MinIO unauthorized data exposure, Joomla Rest API unauthenticated access, and multiple Argo CD API flaws—detailing their impacts and providing concrete remediation steps to protect sensitive data and maintain system integrity.

API securityArgo CDInformation Security

0 likes · 4 min read

June API Security Vulnerability Report: MinIO, Joomla Rest API, and Argo CD Issues with Remediation Guidance

DevOps

Aug 10, 2022 · Information Security

Container Image Security: Pain Points, Scanning Solutions, and Trivy Integration in CI/CD Pipelines

This article explains the security challenges of containerized applications, compares popular image‑scanning tools, and demonstrates how to integrate the Trivy scanner into CI/CD pipelines to achieve shift‑left security and reduce production‑stage vulnerabilities.

CI/CDContainer SecurityImage Scanning

0 likes · 7 min read

Container Image Security: Pain Points, Scanning Solutions, and Trivy Integration in CI/CD Pipelines

DeWu Technology

Jul 15, 2022 · Information Security

Software Composition Analysis (SCA): Overview, Challenges, and Implementation

Software Composition Analysis (SCA) identifies and tracks open‑source components across languages, matches them to vulnerability databases, and integrates risk detection into CI pipelines, helping organizations mitigate widespread flaws like Log4j2 while addressing challenges of diverse package formats, binary analysis, and accurate vulnerability correlation.

Dependency AnalysisSCASoftware Security

0 likes · 8 min read

Software Composition Analysis (SCA): Overview, Challenges, and Implementation

Qunar Tech Salon

Jun 4, 2021 · Information Security

Automated Risk Monitoring and Upgrade of Jar Components at Qunar

This article describes Qunar's end‑to‑end automated workflow for detecting high‑risk Jar component vulnerabilities, collecting asset information, orchestrating remediation with a SOAR platform, and leveraging the TCDEV auto‑upgrade service to reduce manual effort and improve security operations efficiency.

AutomationJarSOAR

0 likes · 8 min read

Automated Risk Monitoring and Upgrade of Jar Components at Qunar

iQIYI Technical Product Team

Dec 25, 2020 · Information Security

iQiyi Security Incident Response Center Vulnerability Handling Policy (Version 3.0)

iQiyi Security Incident Response Center Vulnerability Handling Policy version 3.0 outlines scope, principles, reporting process, severity scoring, reward system, user levels, dispute resolution, and prohibitions, emphasizing dedicated handling, point-based rewards, and strict rules for disclosures and malicious activity.

Information SecurityRisk Assessmentbug bounty

0 likes · 13 min read

iQiyi Security Incident Response Center Vulnerability Handling Policy (Version 3.0)

AntTech

Oct 19, 2020 · Information Security

Ensuring Security in Open Source Projects: Insights from Kata Containers and Community Practices

The article examines how open‑source projects can achieve robust security through organized vulnerability management teams, active collaboration with security researchers, and community‑driven initiatives, using Kata Containers and the broader cloud‑native ecosystem as illustrative examples.

Cloud NativeSecurityconfidential computing

0 likes · 10 min read

Ensuring Security in Open Source Projects: Insights from Kata Containers and Community Practices

Ctrip Technology

Jul 9, 2020 · Information Security

Ctrip's DevSecOps Practices and Challenges

The article details Ctrip's DevSecOps challenges and solutions, covering security team structuring, threat modeling, SCA and SAST integration, IAST/DAST architecture, vulnerability management, and the resulting improvements in automated security testing within a high‑frequency CI/CD environment.

CI/CDDevSecOpsIAST

0 likes · 12 min read

Ctrip's DevSecOps Practices and Challenges

Tencent Cloud Developer

Mar 29, 2018 · Information Security

GitHub Security Alerts Accelerate Vulnerability Fixes for Ruby and JavaScript Projects

GitHub’s security alerts, launched in October, have dramatically cut remediation times for Ruby and JavaScript projects—nearly half of alerts are addressed within a week and 98% of actively maintained repositories patch within seven days—identifying over 400 million vulnerabilities across more than 500 thousand repositories, with detailed notifications delivered via the platform, email, and a new weekly summary, and future support planned for Python.

GitHubJavaScriptRuby

0 likes · 3 min read

GitHub Security Alerts Accelerate Vulnerability Fixes for Ruby and JavaScript Projects

Efficient Ops

May 11, 2017 · Information Security

Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies

This article shares practical insights from a security director at YY Live, detailing the complex Linux security landscape, common vulnerabilities, real‑world attack techniques such as Redis abuse and privilege escalation, and a multi‑layered defense approach that balances rapid business iteration with robust protection.

DDoS mitigationIntrusion DetectionLinux security

0 likes · 21 min read

Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies

Efficient Ops

Dec 14, 2015 · Operations

Top Ops Security Pitfalls and How to Safeguard Your Infrastructure

This article examines the most common operational security vulnerabilities—such as unpatched Struts, server‑status leaks, backup file exposure, SVN leaks, and weak default credentials—explains why they are critical, and offers practical recommendations for enterprises to improve their ops‑security posture.

DevOpsInfrastructureoperations security

0 likes · 15 min read

Top Ops Security Pitfalls and How to Safeguard Your Infrastructure