July 30-31, the fifth Internet Security Leadership Summit (CSS) was held in Beijing to "industrial upgrading, safety rise dimension" as the theme for the development of space industry were safe and the future direction of depth.
Tencent security platform, Cloud Security Team Leader Luo Xijun share Tencent research since the construction of the road safety in the special cloud security, unveils the new trend Tencent research since the security capabilities of the external output. Security Ministry's cutting-edge technology platform security research team Tencent Blade Team is the first published research on the forefront of vulnerability parser rules, and is preparing the relevant open source vulnerability assessment tool.
Tencent Security Platform, Director and Chief Tencent Blade Team Leader Hooper said: "The age of the Internet industry, security issues companies face even more severe, one of the core competitiveness has become the company's ability to secure Tencent will actively years of research since the security capabilities precipitation output. , to support the Internet cloud security capabilities to upgrade. "
Casting multi-dimensional security force offensive and defensive "fortress"
How to enhance their own security capacity to effectively respond to new security challenges of the new era, it is a big problem in front of businesses.
Luo Xijun course of construction Tencent self-developed security were introduced. In the field of transport dimensional security applications, Tencent security platform around the Ministry of DDoS protection, data protection, vulnerability convergence concentrated force fields, through the products, special support from the underlying security Tencent complete security system to protect the company's products and services and core data at the level of the network, system, application security.
Within the above framework, a network security platform portion by Aegis layer, hole onion, iron general, the application layer of the host layer rhinoceros, keeper, and means for inverse authentication adamantyl blue Tencent, Tencent Blade Team four dimensions portfolio, work together to build the most solid security offensive and defensive fortress Tencent.
Embrace the Internet industry do Digital Age Security Assistant
If the consumer Internet era "Security is all in front of the 01", then the age of the Internet industry, security has become the primary needs of enterprise digital transformation, which is a challenge and an opportunity for enterprises.
"The ability to secure external output, also asked the team to embed security into business processes, to achieve the objective from the subjective realized, from design to coding needs test, then the last iteration of the line, playing through every aspect of business security." Luo Xijun representation. Future, Tencent will continue to consolidate their security capabilities in support Tencent good business apart from research, enabling active outside, and gradually open to the ability to secure Tencent cloud, help to improve the ecology of Internet security.
Cutting-edge research safety precautions
Security Ministry's cutting-edge technology platform security research team Tencent Blade Team members money Wenxiang and Li Yuxiang, the security explore Forum (TSec) in the CSS Tencent share issues, and participants discuss how to dredge parser rules loophole.
The software can see a lot of basic grammar parser figure, such as SQLite, Chrome, PHP and so on. In software, the parser act as similar to the "prosecutor" plus "translator" role, check the command input to determine the legality and translate it into software "can understand", then, to facilitate its implementation. Therefore, once the rules loopholes, spread to a very wide range.
In contrast, the security of this area of research is relatively lacking, the Tencent Blade Team rules on how to tap the parser vulnerability to do a detailed analysis from the theoretical to the practical, introduces hand-dug excavation and structured fuzzing two ideas, and made targeted safety rules written recommendations. Future Tencent Blade Team will open source vulnerability assessment tool to further deepen the linkage with the industry, and promote the construction of ecological safety.
Tencent Blade Team at the time of the Google Home intelligent speaker for the study of parsing exploits also help them discover the Magellan series of loopholes, and finally for the first time to break the Google Home remote intelligent speakers. It is understood that the relevant security issues Tencent Blade Team also named to the Blackhat and DEFCON year.
Up to now, Tencent Blade Team team has discovered Google, Apple, Amazon, Microsoft, Adobe and many other well-known international companies in more than 100 security vulnerabilities, focus areas IoT security, virtualization security, AI security, block chain security, the team has been invited to participate in Blackhat, DEFCON, CanSecWest, HITB and many other top international security summit were sharing issues, are widely recognized by the Internet industry, manufacturers and international security community.
Tencent security platform part of the system by cutting-edge research, help make business Tencent internal security reserve capacity, but also to enhance safety awareness and boost the industry's ability to provide a reference for the early distribution enterprise security strategy.
