Ctrip Information Security Salon Summary – Cloud WAF, Big Data Analysis, ELK Monitoring, and Recruitment Highlights

The second Ctrip Information Security Salon took place on August 20 at Lingkong SOHO, Shanghai, gathering security professionals and enthusiasts for in‑depth discussions on application, operational, and business security.

Opening remarks were delivered by Ctrip's Information Security Director Ling Yun, who highlighted the rapid growth of the security team and products such as WAF and risk control systems.

Key speakers included:

Zhang Liang (Ctrip Technical Assurance Center) presented "Cloud WAF and Big Data Analysis Practice," describing common web security pain points, 0‑day response, and the design of a cloud‑based Web Application Firewall with rule sources, deployment, and log processing, achieving billion‑request daily protection with sub‑millisecond latency and extremely low false‑positive rates.

Fang Bin (Vipshop) shared "Analysis of Vipshop Product Security Hardening," discussing SDL adoption, security design in product requirements, and solutions to challenges faced in a fast‑growing e‑commerce environment.

Min Jie (Ctrip) delivered "The Past and Present of Ctrip Business Security," covering front‑end captchas, back‑end risk control, offline black‑market platforms, and future plans for automated, machine‑learning‑driven security.

Li Wenji (Dianrong) spoke on internet finance risks, web and business security, and presented the company's security architecture, including self‑built WAF and business security engine.

Zhou Jun (Qunar) presented "ELK Security Monitoring Center: Pitfalls and Practices," explaining how the security team uses ELK to collect, centralize, and analyze security data, enabling automated risk detection and response.

The event also featured a recruitment segment titled "Ctrip Security Department Dating Post," inviting candidates to apply for positions such as Security R&D Engineer and Senior Security Engineer, with detailed job responsibilities and requirements listed.

Attendees participated in Q&A sessions, interactive discussions, and a prize draw, fostering networking and knowledge exchange among information security enthusiasts.

Presentation materials are available for download at http://share.weiyun.com/cb4e49cb58b1d4682bea4a7a59048491.