Introducing an In-house Cybersecurity Training Platform

Introducing an In-house Cybersecurity Training Platform

Junho Jang (ramses)
LINE Plus GrayLab Security Engineer
https://linedevday.linecorp.com/jp/2019/sessions/S1-07

Be4518b119b8eb017625e0ead20f8fe7?s=128

LINE DevDay 2019

November 20, 2019
Tweet

Transcript

  1. 2019 DevDay Introducing an in-House Cybersecurity Training Platform > Junho

    Jang (ramses) > LINE Plus GrayLab Security Engineer
  2. Team GrayLab > GrayHash: Famous offensive security team • Have

    appeared on TV as ethical hackers > GrayLab: Joined LINE after Apr. 2018 • Application security assessment • Consulting security design • Security branding • Various security things
  3. Our Role In Development Cycle Security Consulting Code Review Risk

    Assessment
 Penetration Test Incident Response Implementation Verification Release Design
  4. Our Role In Development Cycle Security Consulting Code Review Risk

    Assessment
 Penetration Test Incident Response Implementation Verification Release Design
  5. Top 5 Vulnerabilities 1705 Vulnerabilities Had Been Found During Security

    Assessment in LINE (Jan. 2019. ~ Oct. 2019.) Cross Site Scripting Information Leakage Cross Site Request Forgery SQL Injection Denial of Service 0 20 40 60 80 100 120 19 20 33 51 124
  6. > Most common vulnerability type in the world > Most

    hackers learn this type for the very first step > Easy to fix it when developers knows the concept Cross Site Scripting(XSS)
  7. Time-Critical Release In Development Cycle > All people want: Faster

    release > Security rule: No release until all bugs are patched > Many basic bugs = Inefficient! Implementation Verification Release Design BUG BUG BUG BUG Security
  8. How Can We Relieve It In Development Cycle Implementation Verification

    Release Design Cybersecurity
 Education BUG B U G BUG BUG
  9. Cybersecurity Education Platform

  10. Ƃ CEP: Cybersecurity Education Platform For Every Employee

  11. Key Objectives Useful Convenient Fun

  12. Easy Contents > Example-based • Vulnerable code • Secure code

  13. Ƃ Quiz > Short quiz for understanding > Developers can

    skip the lesson,
 if they can solve quizzes
  14. Ƃ Course > For developers • Front-end course • Back-end

    course > For every employee • Essential course
  15. Ƃ Credit System Back-End Developers Should Get 20 Credits for

    Graduation
  16. Mobile Support All Employees Can Learn Anywhere

  17. Wargame: Practice Like a Hacker

  18. Wargame: Practice Like a Hacker

  19. Any Questions? dl_cep@linecorp.com

  20. Thank You