Huolala’s First Security Salon: Purple Team, Data Compliance & Platform Design

Part 1 – Opening Remarks

Huang Yuhong (York), head of Huolala’s Information Security Department, introduced the company’s logistics services and emphasized the importance of information‑security protection. He described the two‑stage security‑building roadmap: basic compliance, capability and culture, followed by systematic technical frameworks, business‑process (BP) mechanisms, training, and ecosystem cooperation.

Part 2 – "Purple Team: Offensive Driving Defensive"

Lin Kechen from SF Express Technology presented how integrating red‑team and blue‑team skills into a purple‑team exercise validates security monitoring effectiveness. He highlighted common monitoring gaps in the industry, demonstrated practical purple‑team scenarios, and noted limitations of BAS‑style simulations for web‑related 0‑day attacks.

Part 3 – Security Training System

Ma Jinlong, security manager at Sina, explained the design of a corporate security‑training plan. He stressed that employees are the most valuable yet vulnerable asset, and described methods to teach security policies and skills to raise overall awareness.

Part 4 – Data Security Compliance in Practice

Chen Sheng, senior engineer of Zhongtong’s Information Security Department, shared Zhongtong’s experience in implementing data‑security controls and compliance technologies, addressing the growing regulatory pressure and the need for secure data flow across business systems.

Part 5 – LLSRC Awards and White‑Hat Incentives

The LLSRC program, launched in April 2021, recognized outstanding white‑hat contributors from 2021‑2022. The award ceremony highlighted the impact of disclosed vulnerabilities on protecting Huolala’s users and announced enhancements to the vulnerability‑scoring standard (V3.0) and quarterly reward schemes.

Part 6 – Game Vulnerability Talk

Yue Shen, lead of The Loner security team, analyzed common causes of game bugs, introduced typical game‑vulnerability testing tools, and offered practical ideas for detection and prevention to ensure fair competition.

Part 7 – Evolution of Client‑Side Code Auditing

Gao Yang, senior security engineer at Ping An Bank, traced the progression from regex‑based scans to abstract‑syntax‑tree matching and modern query‑language‑enabled analysis, emphasizing the goal of reducing auditors’ need to understand compilation details.

Part 8 – Designing Huolala’s Security Operations Platform

Song Tianming, senior information‑security engineer at Huolala, described the challenges of diverse log‑analysis requirements and presented the architecture and implementation approach of Huolala’s flexible, efficient security‑operations platform.