1 views collected around this technical thread.
This guide explains how to secure container images by integrating the Trivy vulnerability scanner into the Harbor registry, covering Helm configuration, offline database setup, automated updates via cron, verification steps, and useful references for a robust cloud‑native security workflow.
This guide explains why container image security matters, details the Trivy toolchain, shows step‑by‑step how to install Trivy, scan images, obtain offline vulnerability and Java index databases, and verify scans, preparing you to integrate Trivy with Harbor for a safer CI/CD pipeline.
This article reviews the best open‑source vulnerability scanners for web applications, databases, and infrastructure in 2023, detailing each tool’s key features, advantages, disadvantages, and guidance on who should or should not use them.
This article explains what Trivy is, how to install and use it for container vulnerability scanning, demonstrates saving results in JSON, and provides a step‑by‑step guide to integrating Trivy into a GitLab CI/CD pipeline with example configuration and troubleshooting tips.
This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.
The article explains how the widespread use of third‑party open‑source components creates a large, often overlooked attack surface, describes the fragmented nature of vulnerability information, and reviews a variety of tools that help organizations detect and manage security risks in their software dependencies.
This article examines the prevalence of SQL injection attacks, presenting Imperva’s recent statistics, common attack vectors, real-world examples, and practical defenses such as prepared statements, input sanitization, and web application firewalls, while also offering Python code illustrations of secure and insecure database queries.
The article explains how static source‑code scanning, binary analysis, and advanced code‑search technologies—including incremental indexing, deduplication, real‑time Sphinx indexing, and BM25 ranking—can be combined to detect and remediate product‑level vulnerabilities early, thereby significantly raising software quality and reducing risk.
This article explains why open‑source components constitute a major attack surface, outlines the fragmented nature of vulnerability information, debunks the myth that open‑source code is inherently safer, and reviews a range of tools—both open‑source and commercial—that help organizations detect and manage security risks in software dependencies.
This article details the practical implementation of a dynamic web crawler for vulnerability scanning, covering Chrome headless setup, browser initialization, JavaScript hook injection for DOM events, navigation locking, form handling, link collection, deduplication, and task scheduling using pyppeteer.
This article describes Ctrip's automated web vulnerability detection system, detailing the shift from active to passive scanning, the distributed architecture using traffic mirroring, message queues, Redis, and MySQL, and the processes for data collection, de‑duplication, scanning, and vulnerability management.
This article shares YY's security operations journey, detailing real incident response scenarios, the evolution of their security infrastructure from 2012 onward, and the key factors considered when building a robust security ops system, including DDoS protection, WAF, vulnerability scanning, intrusion detection, and data‑driven automation.
The article examines how HTTP header and cookie parameters can serve as SQL injection vectors, evaluates the coverage of commercial and open‑source web vulnerability scanners, demonstrates manual testing techniques, and recommends tools such as sqlmap for comprehensive security assessments.