CVE-2013-7091 CVE-2016-9924 CVE-2019-9670 Citrix CVE-2019-19781 Jumpserver 身份验证绕过 Zabbix CVE-2017-2824 SQL注⼊ [ 2.0 ⽼版本 ] 控制台弱⼝令,敏感机器信息泄露 Cacti 低版本 SQL注⼊ 低版本 Q 注 控制台弱⼝令 Nagios 内⽹各类web服务器 [ 可⽤于后期留⼊⼝ ] 内⽹各类数据库服务器 内⽹邮件服务器 [ 可⽤于后期留⼊⼝ ] 内⽹Vpn服务器 [ 可⽤于后期留⼊⼝ ] 内⽹各类常规资产状态监控服务器,eg: zabbix,nagios,cacti... 内⽹各类防护的主控端,⽐如,防⽕墙,EDR,态势感知 产品的web主控端... 内⽹⽇志服务器 内⽹补丁服务器 内⽹各类OA,ERP,CRM,SRM,HR系统

that could become an error and will likely trigger an alert 4. Error – error conditions such as API failures, internal issues 5. Fatal – forces a termination iv. Examples of potentially significant Use telemetry to measure outcomes iv. Etsy open-sourced their experimentation framework – Feature API e. INTEGRATE A/B TESTING INTO OUR FEATURE PLANNING i. Product owners should consider each feature

suite becomes the living documentation of the system specification and represent working examples of API use e. DESIGN FOR OPERATIONS THROUGH CODIFIED NON-FUNCTIONAL REQUIREMENTS i. Designing for fast changes through pair programming or code review 3. Instrument the repository to detect suspicious code (API calls from certain types of test code) 4. Ensure every CI process is in an isolated container 5

Coined by Martin Fowler in 2004 ii. Strangler Application 1. Put existing functionality behind an API 2. New functionality implemented in new services with new architecture 3. Make calls to old system