How 58.com Secured Its Business Data with the 金盾 SDK: A Full‑Cycle Testing Blueprint

Background and Security Goals

Security is a core product attribute that aims to protect confidentiality, integrity, and availability of information assets. The industry‑wide 5A methodology (Asset protection, Authentication, Authorization, Access control, Auditable) guides the design of security architectures, including product, technical, and audit layers.

金盾 Project Overview

Facing rapid data‑driven attacks, 58.com launched the 金盾 project in October 2020 to protect enterprise‑level business data. The solution consists of client‑side SDKs (Android, iOS, H5), server‑side SDKs, and a management console that provide request/response encryption, data tracing, risk monitoring, and anomaly interception.

Key characteristics of the 金盾 solution are:

Standardised integration contracts for minimal intrusion.

Customisable business scenarios.

Visual data‑analysis dashboards.

SDK Integration Flow

During a rapid release, the SDK was integrated into Android and iOS apps within a day, and the backend was configured to intercept abnormal requests. Black‑market IPs were identified, blocked, and normal traffic restored after six days.

Encryption/decryption works as follows:

Client obtains a token from the server on cold start.

Requests are encrypted on the client, sent to the server, and decrypted there.

Responses are encrypted by the server, transmitted, and decrypted on the client before rendering.

The process is transparent to users, preserving the experience while enforcing data security.

Full‑Process Quality Assurance for the SDK

The testing workflow comprises eight stages: requirement risk assessment, test scheduling, test‑case design, data preparation, performance‑impact evaluation, impact analysis, risk coverage, and release decision.

Risk Quantification

Business risk is calculated as usage frequency × failure impact. Absolute weight derives from this formula, while relative weight compares a requirement’s risk to the total weight of its level. Risk contribution is the percentage of total risk a requirement accounts for.

Test‑Case Design

Test cases are grouped by module or requirement, each assigned a priority and type. Scenarios are derived from user stories, and a linear combination method is used to maximise coverage with minimal cases.

Data Preparation

Seed data is created by desensitising real production data and supplementing it with synthetic data generated via the Faker library, customised to match business‑specific rules.

Performance Impact

Encryption introduces measurable overhead. Experiments show that a 1 % performance loss is optimal, 3‑5 % is acceptable, and >8 % is rejected and requires optimisation.

Distributed Load Testing

A custom distributed load‑testing platform, built on an open‑source engine and an internal task‑scheduler, evaluates QPS, CPU, average response time, full‑GC frequency, and error rate. Results feed into stress‑ and de‑stress models.

Regression Testing Linked to Code Changes

Regression cases are tied to SDK code commits (Git push). Cases with higher defect‑discovery probability are prioritized, ensuring rapid feedback on recent changes.

Tooling

HttpRunner is used for API‑level automated tests, offering multi‑step, multi‑case orchestration with low learning curve.

Risk Evaluation and Decision Making

Server‑side risk control combines static validation, dynamic policy configuration, and data‑level encryption. Anomaly collection builds risk models (high, medium, low) that guide challenge‑captcha issuance and interception strategies.

Coverage metrics show 98 % of business risk was tested and passed, with only 1.63 % of risk covered by unexecuted cases, leading to a successful release decision.

Key Takeaways

Adopt a risk‑driven testing mindset to quantify and prioritise security work.

Integrate SDKs uniformly across mobile, H5, and server layers to enforce end‑to‑end encryption.

Use automated regression linked to version control to maintain test relevance.

Leverage lightweight data‑generation tools and distributed load testing to simulate real‑world traffic.

Continuously monitor and adjust risk models based on observed anomalies.