浅谈中小型企业甲方安全体系建设

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <script src="/webstatic/js/toMobile.js?ver=1744258302"></script> <title>浅谈中小型企业甲方安全体系建设 - 百度安全社区</title> <meta name="keywords" content="企业安全,攻防,安全防御,BackerTalk"> <meta name="description" content="在建设中小型企业甲方安全体系的过程中，会遇到很多难点，例如，如何提升内部安全意识，及在被入侵后无hids感知系统情况下如何抓捕遗留问题，顺利推进SDL。"> <meta http-equiv="X-UA-Compatible" content="IE=edge;IE=10;chrome=1"> <link rel="shortcut icon" href="/favicons.ico" type="image/x-icon"> <link rel="icon" href="/favicons.ico" type="image/x-icon"> <link href="/webstatic/lib/bootstrap.min.css" type="text/css" rel="stylesheet"> <link href="/webstatic/css/common.css?ver=1744258302" type="text/css" rel="stylesheet"> <link href="/webstatic/css/forum.css?ver=1744258302" type="text/css" rel="stylesheet"></head> <body> <style> /* 用于解决 https://wappass.baidu.com/static/machine/css/api/mkd_8c7067d.css a:active opacity: .6 问题 */ a:active { opacity: inherit; } </style>  <div class="menu mover"> <div class="menu-con">   <div class="mlogin no-login"> <a class="login-btn" href="javascript:void(0);">登录</a> </div>  <div class="mlogin has-login">  <div class="muser-name"> <a target="_blank" href="javascript:void(0)" onclick="return false" class="muser-link"> <span id="user_name"></span> </a> <div class="muser-down"> <a id="quit_addr" href="#" target="_self">退出账户</a> </div> </div> </div>  <a href="/" class="mlogo"></a> <ul class="mnavlist" id="mnavlist"> </ul> </div> </div>  <div class="forum clearfix" rel="detail"> <div class="forum-right">  <div class="frbox topad" id="hotArt"> <a target="_blank" href="/article/1923" style="display:block"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> <span>安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</span> </a> </div> <div class="product-rank"> <div class="product-rank-title"> 产品人气榜 </div> <ul id="rankBox"> <li class="rank-top"> <div class="product-rank-left rankTop1"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=39" class="product-title"> 史宾格安全及隐私合规平台 </a> <div class="product-des">3分钟完成一周工作量更快实现隐私合规</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop2"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=20" class="product-title"> IP信誉查询 </a> <div class="product-des">多因子计算，多维度画像</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop3"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=67" class="product-title"> 智能数据安全网关 </a> <div class="product-des">为企业数据安全治理提供一体化数据安全解决方案</div> </div> </li><li> <div class="product-rank-left">4</div> <a href="/pages/page.html?pid=18" class="product-rank-right"> 网址安全检测 </a> </li><li> <div class="product-rank-left">5</div> <a href="/pages/page.html?pid=19" class="product-rank-right"> SMS短信内容安全 </a> </li><li> <div class="product-rank-left">6</div> <a href="/pages/page.html?pid=5" class="product-rank-right"> 百度漏洞扫描 </a> </li><li> <div class="product-rank-left">7</div> <a href="/pages/page.html?pid=49" class="product-rank-right"> 爬虫流量识别 </a> </li><li> <div class="product-rank-left">8</div> <a href="/pages/page.html?pid=61" class="product-rank-right"> 百度AI多人体温检测 </a> </li><li> <div class="product-rank-left">9</div> <a href="/pages/page.html?pid=74" class="product-rank-right"> 工业大脑解决方案 </a> </li><li> <div class="product-rank-left">10</div> <a href="/pages/page.html?pid=64" class="product-rank-right"> APP安全解决方案 </a> </li><li> <div class="product-rank-left">11</div> <a href="/pages/page.html?pid=29" class="product-rank-right"> 安全OTA </a> </li><li> <div class="product-rank-left">12</div> <a href="/pages/page.html?pid=77" class="product-rank-right"> 大模型安全解决方案 </a> </li><li> <div class="product-rank-left">13</div> <a href="/pages/page.html?pid=70" class="product-rank-right"> 安全知识图谱 </a> </li> </ul> </div><div class="fixed"> <div class="frbox tag-part" id="theme"> <h4>热门主题</h4> <div class="frboxcon frboxcon-pd"> <ul class="forum-tags" id="hotTags"> <li> <a target="_blank" href="/tag/131"> BackerTalk</a> </li> <li> <a target="_blank" href="/tag/224"> SiemPentTeam</a> </li> <li> <a target="_blank" href="/tag/419"> 百度安全</a> </li> <li> <a target="_blank" href="/tag/5"> 漏洞</a> </li> <li> <a target="_blank" href="/tag/3"> 智能安全</a> </li> <li> <a target="_blank" href="/tag/7"> 攻击</a> </li> <li> <a target="_blank" href="/tag/6"> 黑产</a> </li> <li> <a target="_blank" href="/tag/9"> 安全</a> </li> <li> <a target="_blank" href="/tag/19"> 网络安全</a> </li> <li> <a target="_blank" href="/tag/11"> 黑客</a> </li> <li> <a target="_blank" href="/tag/44"> 恶意软件</a> </li> </ul> </div> </div> </div> <div class="fixed"> <div class="frbox"> <h4>热门文章</h4> <div class="frboxcon"> <ul class="fr-notice-list" id="recommendArt"> <li class="fr-notice-list-li"> <a href="/article/1923" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> </div> <div class="notice-info">安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1922" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250318/1742276030896576.png" alt=""> </div> <div class="notice-info">模型上新！体验文心大模型4.5卓越性能，文心快码邀您探索</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1921" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250313/1741856397996482.png" alt=""> </div> <div class="notice-info">文心快码全新升级！Comate Zulu开放公测，超多好礼派送中</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1920" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250306/1741255476943495.png" alt=""> </div> <div class="notice-info">警惕！AI组件ComfyUI易被黑产盯上</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1919" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250227/1740653380412553.png" alt=""> </div> <div class="notice-info">大模型驱动智能合规 | 构建企业个保审计新范式</div> </a> </li> </ul> </div> </div> </div>  </div> <div class="forum-left"> <div class="forum-detail" id="forumDetail"><h2>浅谈中小型企业甲方安全体系建设</h2> <p class="smm">2018-12-05 16:22:47<span class="forum-article-heat">27816人阅读</span></p> <div class="forum-share forum-detail-tag-share"> <div class="tag-top"> <div class="clearfix forum-pad forum-pad-detail"> <ul class="forum-tags"> <li><a target="_blank" href="/tag/18">企业安全</a></li> <li><a target="_blank" href="/tag/241">攻防</a></li> <li><a target="_blank" href="/tag/251">安全防御</a></li> <li><a target="_blank" href="/tag/131">BackerTalk</a></li> </ul> </div> </div> <div class="share-top"> 分享至：<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=浅谈中小型企业甲方安全体系建设&url=https://anquan.baidu.com/article/473&style=simple" target="_blank"> </a> </div> </div>  <div class="fd-content clearfix"> <p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">今天分享的内容为讲师所经历以及一些做法，不代表行业观点。仅供参考。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">甲方安全其实分为红、蓝两军，而我们要清晰知道这两者之间究竟是干什么的。</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(204, 0, 0); background-color: white;">红</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; background-color: white;">攻,</span></span><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; background-color: white; font-size: 14px; color: rgb(0, 82, 255); background-position: initial initial; background-repeat: initial initial;">蓝</span><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">守。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">先简单讲些下红军日常，以发现公司内外部资产弱点为首，也可以把它当作sdl来看待，蓝军加强内外部安全边界使得红军提高攻击成本或无法渗透进来。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">再来把安全的事情定位一下：</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">1、应用安全</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">2、移动安全</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">3、iot安全</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">4、风控</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">5、安全合规</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">6、数据安全</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">7、IT安全</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; background-position: initial initial; background-repeat: initial initial;">8、more</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">还有很多这里就不一一列举了。清晰明确公司需要做哪些，有哪些可以先放一放。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">大家可能都觉得在修复漏洞的时候遇到很大的阻碍，先说下背景，我在两家甲方做过安全，但是他们给我的感觉是不一样的，第一家甲方没有人愿意修复漏洞及沟通成本比较大，所以导致没法更好推动漏洞修复。到了第二家甲方任何事情阻力比较小包括沟通，可能是因为公司对待安全比较重视所以才能有这样的效果出现，还有我们需要到一份checklist，整理好后发送给开发看可以更有效规避安全风险。给自己在测试过程中检查还存在哪些问题。后续做成报告形式，通过邮件或者soc平台进行项目人员推送，要让别人知道你是做了事情。还有要清晰知道自己是属于服务部门，在跨部门协作时要懂得巧妙语言交流。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">提问题只是完成了一半，提出问题后还要写上修复方案，而恰巧你们有soc平台时，针对漏洞类型录入方案，填写信息时直接选择就能补充，不需要太过复杂。如果没有可能要每次比较辛苦些，需要每次做复制粘贴等操作。。。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="color: rgb(136, 136, 136); font-family: 微软雅黑, sans-serif; font-size: 12px; text-align: center;"><img src="/upload/ue/image/20181205/1543997899600123.jpg" alt="1.jpg"/></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important; text-align: center;"><span style="color: rgb(136, 136, 136); font-family: 微软雅黑, sans-serif; font-size: 12px; text-align: center;">（此图来源于某乙方修复方案）</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">从我眼中看来0-1的安全只不过是在公司发展的情况下加入SDL流程并把它完善到项目开发当中。之前讲过需要给针对特定人群进行安全培训原因无非就是减少自身的工作，像是开发如果给他讲解哪些点容易常出问题，他在某个项目当中开发这个功能出现这样的问题则需要问清楚究竟是为什么会这样，如何才能避免下一次的发生。而安全测试在什么时候接入呢？个人觉得更应该是前后端联调功能完毕后立马进行安全测试，如果等到测试人员冒烟后进行测试已经来不及在上线前完成了，有问题反馈需要时间修复，没问题倒还好说。毕竟风险都是不可控的，需要做到可控的就是教育和规范。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white;">每家甲方都需要做做扫描和监控，漏扫、代码扫描、主机监控、GitHub监控、暗网监控。前段时间某站的事情就是从暗网蔓延全网事情，这里要做的是监控多平台消息，及时止损提前知道消息进行排查，不细讲。而我的漏扫方式是，每天某个时间段针对资产进行扫描，利用awvs、巡风也好，再者从运维中拉取最新的资产，做到及时同步。每天上班时间的x点程序自动推送端口扫描信息，清晰知道哪些资产对外，有什么危险端口。再去盘查为什么要这样做。说明风险。</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">需要记录公司ip、域名、服务、端口、人员等资产信息，避免出事故后在找人方面麻烦(后续会提下“麻烦”两个字)，除了记录还需要拥有自身的扫描器去定时扫描相关服务是否存在xx安全隐患然后推动。如外部出现Nday高危或严重漏洞且有poc的情况尽快弥补漏扫平台插件，及时对业务进行扫描，做到迅速发现--弥补等。从而这个流程进行一个闭环过程。当然不是每个漏洞都会有poc，没有的情况下要想这个组件自身有没有，有则研究去复现，无则空闲时研究提高自身技术。</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">到了后来，我觉得已经很安全了，没有什么点可以做了。回头想了前期发生多次攻击事件，让人很被动，完全属于无感知状态，导致tg有人发消息扬言xx内部权限出售等。虽然对自己做的事情有信心，但你不确定它究竟是否入侵成功。然后我向领导提及要做主机防御，无奈这件事情……现在没有人力资源的情况下毫无自研能力。在这过程期间，我调研了市面上有的主机安全产品，和假设我们要做的情况要有什么功能…</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">我眼中的防御，分了两步走，一步是web还有一步是服务器。</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white;">先讲下web，去调研公司现有什么东西，然后可以让我们去调用的。后来调用es平台二次开发后演变成web日志分析，这套产品定位是</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">能感知攻击者在攻击哪些业务，用什么方式攻击，持续时长，是否攻击成功。</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white;">。这里没有过多的可以讲述。属于半成品，后续如果你想做，我们可以一起深入探讨这个事情。</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">再讲主机，要知道服务器是否被shell，能否检测反弹，挖矿，写入rootkit等。都是需要我们思考能否发现的，如果少一步漏一步都有可能导致最后结果没有办法清晰溯源到攻击者。像似今日某酒店数据泄漏事件，这其实不排除人为导致的，人为因素有很多，比如把代码含数据库账户密码、连接方式上传至外网，再比如是内部员工与外部结合(内鬼事件)等，都是需要把控的一些方向。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">防御的概念还有很多，移动端有给apk加壳加固等，上至WAF下至风控都是一整套的防御，这里先简单讲解下WAF吧。主要防御是外界的一些已知和未知的攻击，已知的攻击可以通过一些指纹识别去判断攻击者采用了哪些手段去攻击。以某云为例</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="color: rgb(57, 57, 57); font-family: 微软雅黑, sans-serif; font-size: 14px; text-align: center;"><img src="/upload/ue/image/20181205/1543997947428935.png" alt="2.png"/></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="color: rgb(57, 57, 57); font-family: 微软雅黑, sans-serif; font-size: 14px; text-align: center;">它们有能力去判断你哪些代码会存在什么样的问题然后给你详细写出来具体位置，修复方案等。同理这些我们也是可以去参考做的事情。而不是xx包出问题了升级就可以的，每个业务特性都不一样。如果只是让升级包之后导致业务无法正常运行，那么锅谁来背。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="color: rgb(57, 57, 57); font-family: 微软雅黑, sans-serif; font-size: 14px; text-align: center;"><img src="/upload/ue/image/20181205/1543997926914464.jpg" alt="3.jpg"/></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="color: rgb(57, 57, 57); font-family: 微软雅黑, sans-serif; font-size: 14px; text-align: center;">这里稍微讲下webshell的检测吧，可以通过监控指定目录下的所有文件的创建、修改、重命名等操作，再比如说 <?php eval($_POST[1])?>，当代码中出现eval与$_POST时，判断为webshell，但如果只出现eval的函数，就判断为敏感函数。也可以通过webshell hash、文件名等进行检测，在GitHub上就有这么一个项目：</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(0, 56, 132); text-decoration: underline; font-size: 14px;">https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">还有就是基于关键字的特征：</span><span style="text-decoration: underline; font-family: 微软雅黑, sans-serif; color: rgb(0, 56, 132); margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">https://github.com/chiruom/Webshell_finder/blob/master/reservoir.php</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">通过机器学习的方法去检测webshell：</span><span style="text-decoration: underline; font-family: 微软雅黑, sans-serif; color: rgb(0, 56, 132); margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">https://paper.seebug.org/526/</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">思路</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">还有通过</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; background-color: white;">机器学习实现PHPWEBSHELL检测</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57);">：</span><span style="text-decoration: underline; font-family: 微软雅黑, sans-serif; color: rgb(0, 56, 132); margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">http://webshell.cdxy.me/</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">另外关于应急响应，如果真的运气不好公司遭到攻击成功且入侵内网机器，但没有安全产品的时候要怎么做？讲一件当时经历过的case，当时经业务部门反馈某应用占用cpu很高而且是特定用户组，寻找了该应用是否存在Nday和挖矿行为，果然在早期就出现过这样的案例，并被分析，当时我们已经清理掉该部门机器中的定时启动任务和kill它的行为，但我们隔一段时间发现它还是中招了，哪怕换了一批新机器，后来想到底哪里出了问题。这时候想到了内网蜜罐系统(后面会讲一下它要有什么功能)，可以部署一个蜜罐，节点在生产和测试网络上，去收集是否有机器异常扫描行为。毕竟黑客入侵后肯定会在内网进行扫描等操作，只要命中触发之后我们就可以精准定位了。部署好后，第二天回来看到记录是凌晨三点有两台这种机器在扫描，但非该业务部门的，所以遗留了残骸在内网当中。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">这次庆幸的是内网蜜罐起到作用，而该系统需要拥有什么功能呢？它需要统计攻击数据：</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">1、记录端口扫描行为</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">2、记录mysql、ssh、ftp、redis等协议爆破行为</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">3、部署web页面(误让黑客觉得是重要系统，进行登陆操作)其实它怎么输入都是错的。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;">4、……还有没想到:) 待补充</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-size: 14px; font-family: 微软雅黑, sans-serif; background-color: white; box-sizing: border-box !important; word-wrap: break-word !important;"><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">当然如果waf被bypass 我们需要完善一些机制，去弥补后端的一些平台，即使bypass了前面一层防御，还要主机层等等的防御，要做到的是让你没有办法来到后端进行后渗透操作。</span><br style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"/></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">甲方安全不仅是发现后修复，更多的是做好边界安全防御。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white; font-size: 14px; background-position: initial initial; background-repeat: initial initial;">今天只是给大家分享我做的<span style="margin: 0px; padding: 0px; max-width: 100%;">一部分</span>事情。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: 14px;"><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white;">有空可以看</span><span style="text-decoration: underline; font-family: 微软雅黑, sans-serif; color: rgb(0, 56, 132); margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;">https://xz.aliyun.com/t/1250</span><span style="margin: 0px; padding: 0px; max-width: 100%; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); background-color: white;">但仅是针对当时写的，后来做了很多事。没有补充在里面了。</span></span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;"> </span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; white-space: normal; line-height: 2em; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; color: rgb(57, 57, 57); font-size: 14px;">今天的分享到这里。后期可以继续深入交流。</span></p><p style="margin-top: 0px; margin-bottom: 0px; padding: 0px; max-width: 100%; clear: both; min-height: 1em; color: rgb(51, 51, 51); font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 17px; letter-spacing: 0.5440000295639038px; text-align: justify; white-space: normal; line-height: normal; box-sizing: border-box !important; word-wrap: break-word !important;"><span style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-family: 微软雅黑, sans-serif; font-size: 14px;"> </span></p><hr/><p style="box-sizing: border-box; margin-top: 0px; margin-bottom: 10px; line-height: 1.8; overflow: hidden; color: rgb(51, 51, 51); font-size: 14px; white-space: normal; font-family: "Helvetica Neue", Helvetica, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", 微软雅黑, Arial, sans-serif;"><span style="box-sizing: border-box; color: rgb(127, 127, 127);">文章来自Backer Talk原创作者<span style=""> - <span style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; font-size: 14px; letter-spacing: 0.5440000295639038px; text-align: justify; text-indent: 32px; background-color: rgb(255, 255, 255);">泳少@YongShao</span>，如需转载需注明作者及本文链接</span></span></p><p style="box-sizing: border-box; margin-top: 0px; margin-bottom: 10px; line-height: 1.8; overflow: hidden; color: rgb(51, 51, 51); font-size: 14px; white-space: normal; font-family: "Helvetica Neue", Helvetica, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", 微软雅黑, Arial, sans-serif;"><span style="box-sizing: border-box; color: rgb(127, 127, 127);">【Backer Talk】BSRC白客说栏目专注于安全知识分享，长期向安全爱好者征集漏洞分析、漏洞挖掘姿势分享等安全相关内容，欢迎惠赐作品！</span><span style="box-sizing: border-box; color: rgb(127, 127, 127); outline: none; background-position: 0px 0px;"><a href="https://mp.weixin.qq.com/s/d5yeDopIBWr3Roqg5kUleQ" target="_self" style="box-sizing: border-box; color: rgb(127, 127, 127); text-decoration: none; outline: none; background-position: 0px 0px; background-repeat: initial initial;">详情点击</a></span></p> </div>  <div class="forum-share forum-share-bottom">  <div class="share-bottom"> 分享至：<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=浅谈中小型企业甲方安全体系建设&url=https://anquan.baidu.com/article/473&style=simple" target="_blank"> </a> </div> </div> </div> <div id="recom-part"> <div class="detail-recom-read" id="detail-recom-read"> <div class="recom-title">推荐阅读</div> </div> <ul class="recom-reading clearfix"> <li> <a href="/article/1918"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20250224/1740388792425807.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>议题征集｜“纵深防护·极智运营”第十期「度安讲」技术沙龙议题报名！</span> </span> </a> </li> <li> <a href="/article/1907"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20241128/1732725131831517.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>度安讲｜第七期「智效融合，安全护航」深圳站技术沙龙成功举办</span> </span> </a> </li> <li> <a href="/article/1400"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20210611/1623402726491922.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>黑客团伙 GuardMiner的挖矿之路</span> </span> </a> </li> <li> <a href="/article/1189"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20201014/1602645101259000.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>研究人性弱点的Hacker？聊聊社会工程学与网络安全</span> </span> </a> </li> <li> <a href="/article/1159"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20200916/1600231238697820.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>百度世界大会公开课 | 人工智能的安全威胁：深度学习中的攻防对抗分析</span> </span> </a> </li> </ul> </div> </div> </div> <div class="popover fade top in" id="qrimg" style="left: 1172.31px; top: 10037px; display: none;"> <div class="arrow" style="left: 22.1812%;"></div> <div class="popover-content"> 微信扫描访问文章<br> <img src="" alt="" width="121"> </div> </div> <script> var aid = 473; </script> <div class="footer"> <div class="footer-container"> <div class="footer-cell contact-infos"> <div class="footer-cell-content"> <img width="158" src="/webstatic/img/logo_baiduanquan_navbar_web.svg" alt="logo"> <div class="spu-btn-primary" id="footer-apply" style="margin-bottom: 10px;">立即咨询</div> <span id="footer-contact">商务咨询：400-805-4999</span> </div> </div> <div class="footer-cell foot-border-left"> <div class="footer-cell-head">安全产品</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/1" target="_blank">DDoS攻击防护</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">解决方案</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/6" target="_blank">IDC智云盾</a> <a href="https://anquan.baidu.com/page/7" target="_blank">云高防</a> <a href="https://anquan.baidu.com/page/8" target="_blank">xSRC</a> <a href="https://anquan.baidu.com/page/9" target="_blank">gSRC</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">安全服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/13" target="_blank">渗透测试</a> <a href="https://anquan.baidu.com/page/16" target="_blank">安全培训</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">开放服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/18" target="_blank">网址安全检测</a> <a href="https://anquan.baidu.com/page/19" target="_blank">SMS短信内容安全</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">其他</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/forum" target="_blank">安全社区</a> <a href="https://www.baidu.com/duty/yinsiquan-policy.html" target="_blank">隐私协议</a> </div></div> <div class="footer-cell"> <div class="footer-cell-head">关注我们</div> <div class="footer-cell-content"> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="bar-code" width="121"> </div> </div> </div> <div class="footer-site-line"> <div class="footer-container-line pl"></div> </div> <div class="footer-tips"> <p id="relatedLinks"> <a href=http://bsb.baidu.com/ target="_blank">网址检测</a> <a href=https://www.oasesalliance.com target="_blank">OASES联盟</a> <a href=http://bsrc.baidu.com/ target="_blank">BSRC</a> <a href=https://comate.baidu.com/ target="_blank">Comate智能代码助手</a> <a href=http://hao.lenovo.com.cn/?channel=bdsec target="_blank">智慧联想浏览器</a> <a href=https://www.freebuf.com/ target="_blank">FreeBuf</a> <a href=https://www.leiphone.com target="_blank">雷锋网</a> <a href=https://www.4hou.com/ target="_blank">嘶吼</a> <a href=https://www.bugbank.cn target="_blank">漏洞银行</a> <a href=https://developer.baidu.com/?hmsr=百度安全官网 target="_blank">百度开发者中心</a> <a href=https://ziyuan.baidu.com target="_blank">百度站长平台</a> <a href=https://cloud.baidu.com/ target="_blank">百度智能云</a> <a href=http://abcxueyuan.baidu.com target="_blank">百度云智学院</a> <a href=https://vr.baidu.com target="_blank">百度VR</a> <a href=https://pan.baidu.com/union target="_blank">百度网盘开放平台</a> <a href=https://app.baidu.com/newapp/index target="_blank">百度移动分发平台</a> <a href=https://www.seclover.com/ target="_blank">四叶草安全</a> <a href=https://e.baidu.com/lp/search/?refer=1320 target="_blank">企业推广</a> <p class="copyright"> <span>© 2025  Baidu </span> <a href="https://www.baidu.com/duty/" target="_blank">  使用百度前必读</a> <a href="http://help.baidu.com/" target="_blank">  意见反馈</a>    <a href="https://beian.miit.gov.cn/" target="_blank">京ICP证030173号</a>  <a href="https://beian.miit.gov.cn/" target="_blank">京公网安备11000002000001号</a> </p> </div> <div class="contact"> <a href="" class="gotop" id="backTop"> <img src="/webstatic/img/bbs/icon_backtothetop@1x.svg"> </a> <a href="" class="aboatqr active"> </a> </div> <div class="contact-info hidden-style"> 关注我们<br> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="" width="121"> </div> </div> <div class="overall-form-box saas-modal"> <div class="modal-con overall-form-con"> <h3 class="modal-con-h3"> </h3> <span class="overall-form-close modal-close" id="closeForm"></span> <div class="overall-form-mod"> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>身份类型</span> </div> <div class="overall-mod-list-right"> <div class="overall-type-box mr40 ml10"> <span class="overall-type-select on" data-type=2><i></i>️</span> <span class="overall-type-val">企业</span> </div> <div class="overall-type-box"> <span class="overall-type-select" data-type=1><i></i>️</span> <span class="overall-type-val">个人</span> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>企业名称</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实企业名称" id="enterpriseName"> <div class="waring-hint"> 企业名称不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>真实姓名</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实姓名便于联系" id="enterpriseUserName"> <div class="waring-hint"> 真实姓名不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>电话号码</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实电话号码便于联系" id="enterprisePhone"> <div class="waring-hint" id="phoneHint"> 电话号码不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>邮箱</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实邮箱便于联系" id="enterpriseEmail"> <div class="waring-hint" id="emailHint"> 邮箱不能为空 </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-select"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>申请服务</span> </div> <div class="overall-mod-list-right"> <div class="overall-mod-apply-select-container"> <select class="overall-mod-apply-select" placeholder="申请服务" id="applySelect"> <option value="智能硬件“安全+”">智能硬件“安全+”</option> <option value="个人信息保护">个人信息保护</option> <option value="远程办公守护（WAF+VPN）">远程办公守护（WAF+VPN）</option> <option value="公益平台保护">公益平台保护</option> <option value="云加速SCDN">云加速SCDN</option> <option value="业务风控">业务风控</option> <option value="APP消息推送">APP消息推送</option> </select> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-textarea on"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>咨询内容</span> </div> <div class="overall-mod-list-right"> <textarea placeholder="请描述你想咨询的内容" class="overall-textarea"></textarea> <div class="waring-hint"> 咨询内容不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>验证码</span> </div> <div class="overall-mod-list-right pr"> <input type="text" placeholder="请输入右侧验证码" class="width140" id="enterpriseCode"> <div class="overall-code" id="overallCode"> <img src="/catpcha" alt="" height="100%"> </div> <div class="waring-hint" id="codeHint"> 验证码不能为空 </div> </div> </div> <div class="overall-submit saas-btn fr"> 提交 </div> </div> </div> </div> <div class="overall-form-success saas-modal"> <div class="modal-con overall-form-con"> <span class="overall-form-close close-form-success modal-close"></span> <div class="form-modal-title"> 提交成功 </div> <img src="/webstatic/img/footer/icon_success.svg" alt="" class="form-modal-img"> <div class="form-modal-text"> 您的申请已提交，之后会有我们的商务团队与您联系，谢谢！ </div> <div class="close-form-success saas-btn"> 关闭 </div> </div> </div> <div class="saas-login-dialog"> <div class="saas-login-container"> <div class="saas-login-container-left"> </div> <div class="saas-login-container-right"> <div class="saas-login-container-right-title"> <div class="saas-login-dialog-close"></div> </div> <div class="saas-login-dialog-tab clearfix"> <div class="saas-login-dialog-tab-item active">百度账号</div> <div class="saas-login-dialog-tab-item">百度推广账号</div> </div> <div class="saas-login-container-right-body"> <div class="passport-login saas-login-dialog-tab-container active"> <div id="passport-login"></div> </div> <div class="saas-login-dialog-tab-container"> <div id="uc-passport-login"></div> </div> </div> <div class="saas-login-container-right-footer"> 温馨提示：与百度搜索、百度贴吧、百度云盘、百度知道、百度文库等产品通用。 </div> </div> </div> </div> <div class="conpin saas-modal"> <div class="conpin-container"> <div class="conpin-close"></div> <div class="conpin-value show" data-key="voucher_price"> <div class="conpin-value-unit">￥</div> <div class="conpin-value-price">0</div> <div class="conpin-value-des">现金券</div> </div> <div class="conpin-value"></div> <div class="conpin-value" data-key="try_time"> <div class="conpin-value-price">0</div>  <div class="conpin-value-des">兑换券</div> </div> <div class="conpin-name"></div> <div class="conpin-btn">立即领取</div> <div class="conpin-no-login">登录即可领取优惠券</div> <div class="conpin-success">领取成功</div> </div> </div><script src="//hm.baidu.com/hm.js?3bc064e919b01ed9e8c5459f2fae3fe4"></script> <script src="/webstatic/lib/jquery.min.js?ver=1744258302"></script> <script type="text/javascript" src="//passport.baidu.com/passApi/js/wrapper.js?ver=1744258302"></script><script type="text/javascript" src="//cas.baidu.com/staticv2/dep/common-login/api.js?ver=1744258302"></script> <script src="/webstatic/js/renderPage.js?ver=1744258302"></script> <script src="/webstatic/js/forum.js?ver=1744258302"></script><script> (function () { var path = [ '/haoma/search', '/haoma/common', '/page/', '/product/', '/activity/prize', 'vdc/fileCheck', '/activity/srd', '/activity/su', '/springer/plan', '/bsi/index', '/activity/newYear', '/partner/apply' ]; window.antibotObserver = null; if (window.createObserver) { window.antibotObserver = createObserver(); } var len = path.length; var pathname = location.pathname; var search = location.search; var isTargetPage = false; var key = '__abbaidu_20181211_cb'; for (var i = 0; i < len; i++) { var curIndex = pathname.indexOf(path[i]); if (curIndex >= 0) { isTargetPage = true; } } if (/voucher_id/.test(search) && /voucher_flag/.test(search)) { isTargetPage = true; } if (isTargetPage) { window['__abbaidu_2024_subidgetf'] = function () { var subid = '1234'; return subid; }; window['__abbaidu_2024_cb'] = function (responseData) { if (window.localStorage) { window.localStorage.setItem(key, responseData); if (loadPageReport) { loadPageReport(responseData); } if (window.antibotObserver && window.antibotObserver.listen) { var data = {}; try { data = JSON.parse(responseData); } catch (e) { data = {}; } window.antibotObserver.listen(data); } } }; var script = document.createElement('script'); script.src = 'https://dlswbr.baidu.com/heicha/mw/abclite-2024-s.js'; document.body.appendChild(script); } else { if (window.localStorage) { window.localStorage.removeItem(key); } } })(); </script> </body> </html>

CINXE.COM

浅谈中小型企业甲方安全体系建设 - 百度安全社区