Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introducing an In-house Cybersecurity Training ...

LINE DevDay 2019
November 20, 2019
Technology
0
320

Introducing an In-house Cybersecurity Training Platform

Junho Jang (ramses)
LINE Plus GrayLab Security Engineer
https://linedevday.linecorp.com/jp/2019/sessions/S1-07

LINE DevDay 2019

November 20, 2019
Tweet

More Decks by LINE DevDay 2019

See All by LINE DevDay 2019
What is the engineering organization that LINE DevRel is aiming for
line_devday2019
3
2.4k
The IoT technology inside LINE DEVELOPER DAY 2019
line_devday2019
6
1.1k
How to reduce Android app launch time by scoping your dependencies using Koin DI
line_devday2019
3
810
Efficient integrating data from multiple data providers
line_devday2019
0
460
Now supporting Dark Mode on LINE messenger
line_devday2019
0
1.8k
LIFF v2, the latest Webview SDK lets you leverage LINE
line_devday2019
0
1.7k
Modern Web Testing with Cypress.io
line_devday2019
0
630
Speed up iOS Development with LLDB Code Injection and Framework Live Preview
line_devday2019
1
390
Faster iOS Builds with Bazel
line_devday2019
0
1.5k

Other Decks in Technology

See All in Technology
Chasing the White Whale of Open Source - ROI
mrbobbytables
0
120
【平成レトロ】へぇボタンハック👨🔧
vanchan2625
0
120
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
670
A Tour of Anti-patterns for Functional Programming
guvalif
0
530
OCI Vault 概要
oracle4engineer
PRO
0
9.8k
SDNという名のデータプレーンプログラミングの歴史
ebiken
PRO
2
200
プロダクト活用度で見えた真実 ホリゾンタルSaaSでの顧客解像度の高め方
tadaken3
0
260
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.8k
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
320
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
560
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
12
1.5k
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
230

Featured

See All Featured
Building Applications with DynamoDB
mza
90
6.1k
A designer walks into a library…
pauljervisheath
204
24k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Typedesign – Prime Four
hannesfritz
40
2.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Building an army of robots
kneath
302
43k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
17k
Being A Developer After 40
akosma
87
590k
Code Reviewing Like a Champion
maltzj
520
39k

Transcript

  1. 2019 DevDay Introducing an in-House Cybersecurity Training Platform > Junho

    Jang (ramses) > LINE Plus GrayLab Security Engineer

  2. Team GrayLab > GrayHash: Famous offensive security team • Have

    appeared on TV as ethical hackers > GrayLab: Joined LINE after Apr. 2018 • Application security assessment • Consulting security design • Security branding • Various security things

  3. Our Role In Development Cycle Security Consulting Code Review Risk

    Assessment
 Penetration Test Incident Response Implementation Verification Release Design

  4. Our Role In Development Cycle Security Consulting Code Review Risk

    Assessment
 Penetration Test Incident Response Implementation Verification Release Design

  5. Top 5 Vulnerabilities 1705 Vulnerabilities Had Been Found During Security

    Assessment in LINE (Jan. 2019. ~ Oct. 2019.) Cross Site Scripting Information Leakage Cross Site Request Forgery SQL Injection Denial of Service 0 20 40 60 80 100 120 19 20 33 51 124

  6. > Most common vulnerability type in the world > Most

    hackers learn this type for the very first step > Easy to fix it when developers knows the concept Cross Site Scripting(XSS)

  7. Time-Critical Release In Development Cycle > All people want: Faster

    release > Security rule: No release until all bugs are patched > Many basic bugs = Inefficient! Implementation Verification Release Design BUG BUG BUG BUG Security

  8. How Can We Relieve It In Development Cycle Implementation Verification

    Release Design Cybersecurity
 Education BUG B U G BUG BUG

  9. Cybersecurity Education Platform

  10. Ƃ CEP: Cybersecurity Education Platform For Every Employee

  11. Key Objectives Useful Convenient Fun

  12. Easy Contents > Example-based • Vulnerable code • Secure code

  13. Ƃ Quiz > Short quiz for understanding > Developers can

    skip the lesson,
 if they can solve quizzes

  14. Ƃ Course > For developers • Front-end course • Back-end

    course > For every employee • Essential course

  15. Ƃ Credit System Back-End Developers Should Get 20 Credits for

    Graduation

  16. Mobile Support All Employees Can Learn Anywhere

  17. Wargame: Practice Like a Hacker

  18. Wargame: Practice Like a Hacker

  19. Any Questions? [email protected]

  20. Thank You