Chinese post-90s hackers use “fireflies” to light up hope, this is the meaning of “stars”
We fought all the way, not to change the world, but to not let the world change us.
In the cybersecurity industry, there are also a group of young people who are fighting for their beliefs.
Xinglan Technology CEO Wang Yu and his hacker brothers are the best among them. “Based on security attack and defense and data intelligence, we solve enterprise network API security risks, give full play to the value of security to business, and let intelligent security capabilities guard every network call.” This is their direct and powerful self-introduction.
Since its establishment in November 2018, Xinglan Technology has been like a dazzling new star in China’s network security industry, quickly entering the vision of the industry, capital and customers. Most of the young founding teams are hackers, and their beautiful resumes are successful. attracted everyone’s attention.
CEO Wang Yu is a master of cyberspace security from Tsinghua University, a core member of “Blue Lotus” and Tea Deliverers, and has published a number of AI traffic analysis and intelligent threat research results.
Du Ji Ze, Ph.D. student at the University of Missouri, USA, his academic report is included in IEEE communications and Network Security (CNS).
Feng Luoyin, Master of Information Security from Georgia Institute of Technology, Runner-up in MIT CTF, former Application Security Tech Lead of Amazon Cloud Seattle Headquarters, obtained multiple international security certifications, International Information Security System Engineer (CISSP), Certified Data Privacy Solution Engineer (CDPSE) ).
Ding Zhanzhao, master of computer science from Peking University, captain of r3kapig team, core member of r3kapig/Eur3ka team, reached the DEFCON finals for three consecutive years. The questioner of Baidu BCTF international competitions, the questioner of XCTF international leagues, and the questioner of major domestic and international well-known competitions.
Li Chao, former senior attack and defense expert of Qihoo 360 Group, focuses on Windows domain security and Windows security and threat detection, C2 writing and red team infrastructure construction, and is the discoverer of the Potato series of vulnerabilities in all versions of Windows.
Xu Yue, former senior security engineer of Alibaba Cloud, has many years of experience in cloud security and big data analysis, and his research results have been published in well-known security conferences at home and abroad such as Blackhat, HITB, Bluehat, XCon, KCon, member of the international CTF team r3kapig, XCTF proposition person, continuous The first and second prize winners of the two-year DataCon Big Data Security Competition.
It is these hacker teams with an average age of less than 25 who form today’s Xinglan Technology. They have world-class capabilities in offensive and defensive confrontation and security research, and are highly skilled in application security, intrusion detection, malware analysis, protocol vulnerability mining and other fields. It has won many world-class championships in CTF conferences at home and abroad.
And these are only the basis of their attention. The part that really makes people feel the ability of Xinglan is their excellent performance in the implementation of technology and how to use technology to solve practical application problems.
First, they set their sights on API security risks.
OWSAP describes in the API Security Plan: “APIs are an essential part of modern mobile, SaaS, and web applications and can be found in customer-facing, partner-facing, and internal applications. By their nature, APIs expose application logic and Sensitive data such as personally identifiable information (PII), and because of this API are increasingly the target of many attackers, without a secure API, rapid innovation is impossible.”
Wang Yu told us, “Data flow, human-computer interaction, the operation of cloud-native systems, and the construction of open capabilities all need to rely on API calls. According to relevant forecasts, the global market size of API economy will reach 2.2 trillion US dollars, and API projects will reach 2.2 trillion US dollars year-on-year. The growth rate will reach more than 100%. At present, API calls are ubiquitous in cloud and edge scenarios, and due to the rapid growth of the number, huge security risks are brewing. Events caused by API security issues occur every month, even if World-class tech companies are also under serious threat.”
Wang Yu, CEO of Xinglan Technology
The use of each new technology creates a new attack surface, which brings security management and security technology issues.
In March 2020, the Weibo API security incident resulted in the leakage of 500 million user data;
In April 2021, Facebook’s 2019 online business API function was misused, resulting in information leakage, and the data of 500 million users was publicly sold on the dark web;
In June 2021, an API security issue of an e-commerce company in China led to the leakage of 1.1 billion user data.
However, there is no mature and complete API solution in the market.
In response to API security issues, Xinglan Technology has in-depth understanding of the pain points of enterprises through visiting customers:
Assets are unclear
1. What are the API assets? How are the risks?
2. Data bus? API Gateway? Which ones are not connected?
3. How to analyze old API and encrypted API?
link is invisible
1. East-west communication data is not visible.
2. The attacker’s movement path is invisible.
3. The private data flow link is invisible.
Permissions can’t be controlled
1. Open: B2C, B2B, developer platform.
2. Production: Inappropriate management of internal business API permissions.
3. Office: Illegal opening, account abuse.
After actual combat and analysis of customer pain points and application scenarios, based on the team’s offensive and defensive and technical capabilities, Xinglan Technology officially released a new API solution:
Firefly (API Intelligence).
Traditional security solutions are widely used, and one solution protects a piece of business, which is coarse-grained defense/large-scale defense. In contrast, API security is more like firefly. It guards every API, every microservice, and every back-end communication in a fine-grained manner, illuminating blind spots within complex businesses, and protecting application security from the inside out.
The features of API and microservices fit together, conveying the sense of security of “lighting up the darkness”, echoing the concept of “the long night will end”. It gathers the light of fireflies and competes with torches for brilliance, reflecting the security concept that borderless, fine-grained defense is superior to border defense. Intelligence stands for data intelligence, which is in line with the “intelligence” characteristics of Xinglan Technology’s solutions.
Xinglan Technology CTO Xu Yue pointed out at the press conference that in the context of the Internet of Everything, the idea of enterprise security construction has changed from “anti-boundary” to “borderless”, the granularity of protection has been continuously refined, and API is the “blood” that carries application data flow. ”, which needs to be collected, audited, and protected. Xu Yue introduced the solutions for different application scenarios of Firefly (API Intelligence), including enterprise general API security protection solutions, container cluster API security protection solutions, and microservice architecture API security protection solutions.
Xinglan Technology Firefly API analysis platform includes core functions such as API asset discovery, API risk identification, API threat detection, API privacy identification and classification. Protocol analysis, data intelligence, and dynamic defense are the three core capabilities of API Intelligence.
Xinglan Technology CTO Xu Yue
Hu Hongtao, founder of Apple Capital, expressed his views on API security from the perspective of investment: “API is the infrastructure in the digital world, which is equivalent to the ‘road’ in the map. The market size and growth rate are very impressive. Vendors that specialize in API protection, such as SALT, are doing very well in the United States and have raised $130 million so far.”
Some people say that to do network security, you must have firm beliefs and feelings.
In the face of groundless accusations and various forms of slander and attacks, in the face of undiscovered and uncovered dangers and unknowns, our own hacker team is slowly growing up, improving the overall security of our country’s cyberspace. ability and voice.
In the process of being lit up in the darkness, there are still many starlights constantly emerging. They are condensed by the glow of fireflies, and they are constantly approaching the dawn.
The universe is uncertain, you and I are both dark horses.