BestHub
Sign in
Tagged articles
20 articles
Page 1 of 1
Black & White Path
Black & White Path
Mar 10, 2026 · Information Security

OpenAI Unveils Codex Security: An AI Agent That Autonomously Finds, Verifies, and Fixes Vulnerabilities

OpenAI's new Codex Security agent, codenamed "Aardvark," shifts application security from static scanning to a full‑process AI loop that builds custom threat models, validates exploits in a sandbox, generates patch code, and has already identified hundreds of critical bugs across millions of code commits.

Application SecurityCodex SecurityOpenAI
0 likes · 7 min read
OpenAI Unveils Codex Security: An AI Agent That Autonomously Finds, Verifies, and Fixes Vulnerabilities
AntTech
AntTech
Sep 19, 2025 · Information Security

How Alipay Uses AI to Revolutionize Its Application Security Lifecycle

Since 2016, Alipay's security team has built the Alipay‑SDL 1.0 framework and now integrates AI and large‑model technologies to automate risk identification, enhance security tools, and streamline operations across the entire software development lifecycle, addressing rising business complexity and engineer workload.

AIApplication Securitymachine learning
0 likes · 15 min read
How Alipay Uses AI to Revolutionize Its Application Security Lifecycle
Alipay Experience Technology
Alipay Experience Technology
Sep 18, 2025 · Information Security

How Alipay Uses AI to Revolutionize Application Security Development Lifecycle

This article details Alipay's AI4SDL framework, describing how AI-driven tools and multimodal models automate risk identification, enhance code analysis, and streamline security operations across the entire software development lifecycle, while also outlining current challenges, systematic solutions, and future directions for secure, rapid product innovation.

AIApplication Securitymachine learning
0 likes · 14 min read
How Alipay Uses AI to Revolutionize Application Security Development Lifecycle
Ops Development & AI Practice
Ops Development & AI Practice
Sep 2, 2025 · Information Security

How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets

The article reveals how a seemingly harmless XSS flaw in an internal development platform can be weaponized to steal high‑privilege credentials, pivot across internal services, and ultimately breach production systems, urging teams to treat development environments as critical security frontiers.

Application SecurityDevOps SecurityInfrastructure
0 likes · 9 min read
How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets
FunTester
FunTester
Jul 28, 2025 · Information Security

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

This article explores the core principles, strengths, and limitations of four major application security testing approaches—Static (SAST), Dynamic (DAST), Interactive (IAST), and Runtime Application Self‑Protection (RASP)—and compares them in a concise table to guide developers in building a comprehensive security strategy.

Application SecurityDASTDevSecOps
0 likes · 8 min read
Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code
Bilibili Tech
Bilibili Tech
Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

Application SecurityDASTDevSecOps
0 likes · 15 min read
Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps
Efficient Ops
Efficient Ops
Jan 8, 2024 · Information Security

How a Securities Firm Built a 100‑Day DevSecOps Prototype

At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.

Application SecurityDevSecOpsOperations
0 likes · 5 min read
How a Securities Firm Built a 100‑Day DevSecOps Prototype
JD Tech
JD Tech
May 26, 2023 · Information Security

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

This article examines JD Cloud's Runtime Application Self‑Protection (RASP) technology, detailing its background, architecture, working principles, security advantages over traditional WAF and SAST/DAST, practical 0‑day protection examples, deployment scenarios, operational practices, and real‑world performance in large‑scale promotions and national‑level cyber‑exercises.

Application SecurityCloud NativeRASP
0 likes · 14 min read
JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices
AntTech
AntTech
Jul 8, 2022 · Information Security

Ant Group mPaaS Full‑Chain Mobile Security Solution: Overview and Practical Insights

This article reviews Ant Group's award‑winning mPaaS mobile security solution, detailing the current mobile app security landscape, regulatory pressures, and the four‑layer full‑chain protection architecture—including data security, privacy control, biometric authentication, and app hardening—along with practical compliance and risk‑mitigation practices.

Ant GroupApplication SecurityData Protection
0 likes · 8 min read
Ant Group mPaaS Full‑Chain Mobile Security Solution: Overview and Practical Insights
Architecture and Beyond
Architecture and Beyond
Jan 2, 2022 · Information Security

Building an Application Security System: SDL and DevSecOps Approaches

The article examines application security challenges for startups, presents statistical attack data, defines what application security entails, outlines common security issues, and compares two main frameworks—Microsoft's Security Development Lifecycle (SDL) and DevSecOps—offering guidance on selecting and implementing a suitable security system.

Application SecurityDevSecOpsSDL
0 likes · 16 min read
Building an Application Security System: SDL and DevSecOps Approaches
Dada Group Technology
Dada Group Technology
Jul 16, 2021 · Information Security

Application Security Testing Practices and Risk Assessment at JD Daojia

This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.

Application SecurityDevSecOpsThreat Modeling
0 likes · 13 min read
Application Security Testing Practices and Risk Assessment at JD Daojia
Architects Research Society
Architects Research Society
Jul 27, 2020 · Information Security

What Are Application Security Principles?

Application security principles are language‑agnostic design and implementation guidelines that help reduce the likelihood and impact of threats, providing a systematic way to make secure decisions, derive requirements, and identify potential defects in software systems.

Application SecuritySoftware Architectureinformation security
0 likes · 5 min read
What Are Application Security Principles?
Meituan Technology Team
Meituan Technology Team
May 17, 2018 · Information Security

Data Security Practices and Solutions at Meituan: Application Systems and Data Warehouse

Meituan‑Dianping’s Information Security Center combats data leakage by deploying multi‑layered safeguards—device fingerprinting, CAPTCHAs, behavior‑based crawler detection, robust watermarking, honey‑pot datasets, UEBA analytics, and advanced masking, tokenization, privacy‑preserving techniques, asset mapping, and automated database scanning—to protect both application systems and its massive data‑warehouse environment.

Application SecurityUEBAdata masking
0 likes · 18 min read
Data Security Practices and Solutions at Meituan: Application Systems and Data Warehouse
MaGe Linux Operations
MaGe Linux Operations
Jan 28, 2018 · Information Security

Essential IT Security Practices Every Ops Engineer Should Master

This article shares a seasoned ops engineer's evolving understanding of IT security, covering network, host, application, data, and web security measures, practical tools like ELK and OSSEC, and actionable recommendations to strengthen system protection against attacks and breaches.

Application SecurityELKIT security
0 likes · 10 min read
Essential IT Security Practices Every Ops Engineer Should Master
JavaScript
JavaScript
Oct 31, 2017 · Information Security

Understanding OWASP Top 10: Key Web Security Risks and Mitigation Strategies

The OWASP Top 10 project ranks the ten most critical web application security risks by analyzing threats, vulnerabilities, technical impact, and business consequences, offering developers, testers, and security teams actionable guidance to improve risk awareness and implement focused protection measures.

Application SecurityOWASPTop 10
0 likes · 2 min read
Understanding OWASP Top 10: Key Web Security Risks and Mitigation Strategies