application security

Bilibili Tech

Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

DASTData SecurityDevSecOps

0 likes · 15 min read

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

Efficient Ops

Jan 8, 2024 · Information Security

How a Securities Firm Built a 100‑Day DevSecOps Prototype

At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.

DevSecOpsOperationsSecurity Automation

0 likes · 5 min read

How a Securities Firm Built a 100‑Day DevSecOps Prototype

360 Tech Engineering

Jun 21, 2023 · Information Security

Implementing an IAST Java Agent with Javassist for Runtime Application Security Testing

This article explains the principles of Interactive Application Security Testing (IAST), details the JavaAgent-based agent instrumentation approach, and provides a step‑by‑step guide to building a Java IAST agent using Javassist, custom class loaders, ThreadLocal tracing, and Maven packaging.

IASTJavaAgentJavassist

0 likes · 13 min read

Implementing an IAST Java Agent with Javassist for Runtime Application Security Testing

JD Tech

May 26, 2023 · Information Security

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

This article examines JD Cloud's Runtime Application Self‑Protection (RASP) technology, detailing its background, architecture, working principles, security advantages over traditional WAF and SAST/DAST, practical 0‑day protection examples, deployment scenarios, operational practices, and real‑world performance in large‑scale promotions and national‑level cyber‑exercises.

RASPRuntime ProtectionVulnerability Mitigation

0 likes · 14 min read

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

AntTech

Jul 8, 2022 · Information Security

Ant Group mPaaS Full‑Chain Mobile Security Solution: Overview and Practical Insights

This article reviews Ant Group's award‑winning mPaaS mobile security solution, detailing the current mobile app security landscape, regulatory pressures, and the four‑layer full‑chain protection architecture—including data security, privacy control, biometric authentication, and app hardening—along with practical compliance and risk‑mitigation practices.

Ant GroupMobile Securityapplication security

0 likes · 8 min read

Ant Group mPaaS Full‑Chain Mobile Security Solution: Overview and Practical Insights

HaoDF Tech Team

Feb 10, 2022 · Information Security

Good Doctor Online's Practice of Integrating and Optimizing Open-Source IAST in Its Security Development Lifecycle

This article details how Good Doctor Online integrated and optimized the open-source IAST tool within its security development lifecycle, covering architecture, performance enhancements, RPC adaptation, CI/CD pipeline integration, and real-world deployment results.

CI/CDContainer OptimizationDevOps

0 likes · 12 min read

Good Doctor Online's Practice of Integrating and Optimizing Open-Source IAST in Its Security Development Lifecycle

Architecture and Beyond

Jan 2, 2022 · Information Security

Building an Application Security System: SDL and DevSecOps Approaches

The article examines application security challenges for startups, presents statistical attack data, defines what application security entails, outlines common security issues, and compares two main frameworks—Microsoft's Security Development Lifecycle (SDL) and DevSecOps—offering guidance on selecting and implementing a suitable security system.

DevSecOpsSDLSecurity Practices

0 likes · 16 min read

Building an Application Security System: SDL and DevSecOps Approaches

Dada Group Technology

Jul 16, 2021 · Information Security

Application Security Testing Practices and Risk Assessment at JD Daojia

This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.

DevSecOpsSecurity TestingThreat Modeling

0 likes · 13 min read

Application Security Testing Practices and Risk Assessment at JD Daojia

Architects Research Society

Jul 27, 2020 · Information Security

What Are Application Security Principles?

Application security principles are language‑agnostic design and implementation guidelines that help reduce the likelihood and impact of threats, providing a systematic way to make secure decisions, derive requirements, and identify potential defects in software systems.

application securityinformation securitysecure software design

0 likes · 5 min read

What Are Application Security Principles?

Efficient Ops

Sep 24, 2017 · Information Security

Essential IT Security Practices: From Network to Web Application Protection

This article shares practical IT security insights covering network, host, application, data backup, and web security measures, illustrating how comprehensive protection goes far beyond simple password changes and port tweaks.

Web Securityapplication securitydata backup

0 likes · 9 min read

Essential IT Security Practices: From Network to Web Application Protection