最近在看吴翰清的《白帽子讲Web安全》,这里列一下相关资料,方便大家有时间时浏览。
安全工程师的核心竞争力在于他对安全理解的深度,以及由此引申的看待安全问题的角度和高度。
除了能够提出解决问题的方案,更重要的是在解决这些问题时,背后的思考过程。
入门可以从基本功做起,研究常见的漏洞,把它查出来,并去分析它,不要用它来做坏事。另外,去看看公开的漏洞,研究一下漏洞的利用技巧。
通用漏洞披露 CVE(Common Vulnerabilities and Exposures)
a database of publicly known information-security vulnerabilities and exposures.CSDN 专访 吴翰清:白帽子讲Web安全;
我回阿里的29个月 值得一读;
这是吴翰清于2017年2月发表在知乎专栏 道哥的黑板报 的一篇长文。他的微信公号也很少更新。MIT Technology Review
MIT 科技评论,值得一看;
MIT Technology Review is first to report on important new technologies that will affect your organization, your career, your life.云栖社区;
马杰:创立安全宝,统领百度安全,“钝感”致我成功;
这是2016年8月微信公众号安在 的一篇文章。
堡垒机 Jumpserver
- Jumpserver 是全球首款完全开源的堡垒机,是符合 4A(Authentication, Authorization, Accounting, and Auditing) 的专业运维审计系统。
- jumpserver@github;
- 一切都在 文档 中;
架构图
吴翰清 弹性安全网络
吴翰清因提出 Elastic Security Network(弹性安全网络) 而位列 MIT TR35 2017 榜单。
TR35 是 MIT 科技评论杂志发布的一个年度创新人物名单,35岁以下的35个人:The world's top 35 innovators under the age of 35.
TR35 对 Elastic Security Network 的 介绍
A cheaper solution for devastating hacking attacks.
During a distributed denial of service (DDoS) attack, an attacker overwhelms a domain-name server with traffic until it collapses. The traditional way of fending off an attack like this is to pile up bandwidth so the server under attack always has more than enough volume to handle what the attacker has released. But as hackers become capable of attacks with bigger and bigger data volumes, this is no longer feasible.
Since the target of DDoS attacks is a website’s IP address, Hanqing Wu, the chief security scientist at Alibaba Cloud, devised a defense mechanism through which one Web address can be translated into thousands of IP addresses. This “elastic security network” can quickly divert all benign traffic to a new IP address in the face of a DDoS attack. And by eliminating the need to pile up bandwidth, this system would greatly reduce the cost of keeping the Internet safe.
-- Yiting Sun
