Introducing an In-house Cybersecurity Training Platform

2019 DevDay Introducing an in-House Cybersecurity Training Platform > Junho
Jang (ramses) > LINE Plus GrayLab Security Engineer

Team GrayLab > GrayHash: Famous offensive security team • Have
appeared on TV as ethical hackers > GrayLab: Joined LINE after Apr. 2018 • Application security assessment • Consulting security design • Security branding • Various security things

Our Role In Development Cycle Security Consulting Code Review Risk
Assessment  Penetration Test Incident Response Implementation Verification Release Design

Top 5 Vulnerabilities 1705 Vulnerabilities Had Been Found During Security
Assessment in LINE (Jan. 2019. ~ Oct. 2019.) Cross Site Scripting Information Leakage Cross Site Request Forgery SQL Injection Denial of Service 0 20 40 60 80 100 120 19 20 33 51 124

> Most common vulnerability type in the world > Most
hackers learn this type for the very first step > Easy to fix it when developers knows the concept Cross Site Scripting(XSS)

Time-Critical Release In Development Cycle > All people want: Faster
release > Security rule: No release until all bugs are patched > Many basic bugs = Inefficient! Implementation Verification Release Design BUG BUG BUG BUG Security

How Can We Relieve It In Development Cycle Implementation Verification
Release Design Cybersecurity  Education BUG B U G BUG BUG

Cybersecurity Education Platform

Ƃ CEP: Cybersecurity Education Platform For Every Employee

Key Objectives Useful Convenient Fun

Easy Contents > Example-based • Vulnerable code • Secure code

Ƃ Quiz > Short quiz for understanding > Developers can
skip the lesson,  if they can solve quizzes

Ƃ Course > For developers • Front-end course • Back-end
course > For every employee • Essential course

Ƃ Credit System Back-End Developers Should Get 20 Credits for
Graduation

Mobile Support All Employees Can Learn Anywhere

Wargame: Practice Like a Hacker

Any Questions? [email protected]

Thank You

Introducing an In-house Cybersecurity Training Platform

Introducing an In-house Cybersecurity Training Platform

LINE DevDay 2019

More Decks by LINE DevDay 2019

Other Decks in Technology

Featured

Transcript

2019 DevDay Introducing an in-House Cybersecurity Training Platform > Junho

Team GrayLab > GrayHash: Famous offensive security team • Have

Our Role In Development Cycle Security Consulting Code Review Risk

Our Role In Development Cycle Security Consulting Code Review Risk

Top 5 Vulnerabilities 1705 Vulnerabilities Had Been Found During Security

> Most common vulnerability type in the world > Most

Time-Critical Release In Development Cycle > All people want: Faster

How Can We Relieve It In Development Cycle Implementation Verification

Cybersecurity Education Platform

Ƃ CEP: Cybersecurity Education Platform For Every Employee

Key Objectives Useful Convenient Fun

Easy Contents > Example-based • Vulnerable code • Secure code

Ƃ Quiz > Short quiz for understanding > Developers can

Ƃ Course > For developers • Front-end course • Back-end

Ƃ Credit System Back-End Developers Should Get 20 Credits for

Mobile Support All Employees Can Learn Anywhere

Wargame: Practice Like a Hacker

Wargame: Practice Like a Hacker

Any Questions? [email protected]

Thank You