 The practice team wasn’t the same as the game time team.  Segregated technical and business functions  Development  Operations (Operational Waterfall)  Infrastructure Ops  Product Ops  Product technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  Oracle, DB2, SQL Server  How we got better  We read and we studied.  Created a self-improvement project  2 week

分析⽬标直接供应商 [尤其是技术外包] 根据前⾯已搜集到的各类信息制作有针对性的弱⼝令字典 ⽬标所⽤ Waf 种类识别 与 绕过 BypassWAF ⽂件上传 / 读取 / 下载 BypassWAF Sql注⼊ BypassWAF RCE BypassWAF 各类Java Web中间件已知Nday漏洞利⽤ BypassWAF Webshell 免杀 其它更多 待补充修 组件的 已知 Nday 漏洞利⽤ IIS 6.0 RCE 短⽂件漏洞 PUT 任意写 Webdav RCE CVE-2017-7269 禅道项⽬管理系统 SQL注⼊ ⽂件读取 远程执⾏ 通达 OA SQL注⼊ 任意上传 Exchange 利⽤接⼝进⾏邮箱⽤户名枚举 针对各个接⼝的弱⼝令爆破 CVE-2020-0688 [ 利⽤前提是需要先得有任意⼀个邮箱⽤户权限 Citrix CVE-2019-19781 Jumpserver 身份验证绕过 Zabbix CVE-2017-2824 SQL注⼊ [ 2.0 ⽼版本 ] 控制台弱⼝令,敏感机器信息泄露 Cacti 低版本 SQL注⼊ 低版本 Q 注 控制台弱⼝令 Nagios CVE-2016-9565 控制台弱⼝令 Webmin RCE CVE-2019-15107

the next six-month release.  DO epics and user stories to concisely define the desired system functions and provide the foundation for Agile estimation and planning. o They describe what the users want developers, testers, and other stakeholders have a clear and agreed-upon understanding of the desired functions. They offer a far more dynamic approach to managing requirements than large requirements documents

often translate requirements into epics and user stories to concisely define the desired system functions and provide the foundation for Agile estimation and planning. They describe what the users want developers, testers, and other stakeholders have a clear and agreed-upon understanding of the desired functions. They offer a far more dynamic approach to managing requirements than large requirements documents

work flow streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited. Key Concepts The Three Ways [2] The First Way emphasizes the performance

iteration in establishing software requirements • Growing software organically, adding more and more functions to systems as they are run, used, and tested”Who said it?Frederick Brooks Jr. • Joined IBM in

OF DAILY WORK i. Create infrastructure to make it easy for Dev or Ops to create telemetry for functions built ii. Generate graphs with overlays of production changes iii. Tools – StatsD, JMX, codahale

developing the application iii. QA – team responsible for ensuring feedback loop exists to ensure functions as desired iv. Operations – the team responsible for maintaing the production environment and