LINE on Securing the Application Development Lifecycle with Bug Bounties buy fresh cvv online, dumps with pin 2018

Based in Japan, LINE Corporation is dedicated to the mission of “Closing the Distance,” bringing together information, services and people. The LINE messaging app launched in June 2011, offering users chat, voice call and video call services, as well as features like Timeline, News, and LINE Stickers. The messaging app has since grown to 167 million global monthly users. More recently, LINE has grown to provide other services like AI, fintech, blockchain, and various O2O services like LINE Delima. With so much data exchanged between their millions of users and their emerging technology channels, LINE’s security team is tasked with reducing risk across their attack surface at scale.
We recently sat down with LINE Application Security Engineer, Byoungyun Lee, to learn more about how they incorporate their bug bounty program on HackerOne into their comprehensive application security strategy. Take a look at what we learned.
 
Q: What are LINE’s main tenets? How do you approach application security?
In application security, we try to consider security at every stage of the development lifecycle. From the early stages of project planning, to reviewing what threats may occur, to periodically conducting security trainings so that developers can consider security in the implementation stage, all the way to monitoring and reviewing our products once implementation is complete. Whenever there are new product updates, we repeat these steps. We are also introducing automated monitoring techniques to increase efficiency and expand what can be covered. Through the bug bounty program, we are able to encourage the global community of hackers to identify any bugs that our internal security team may have missed.
HackerOne has a large hacker community and the platform necessary to operate LINE’s bug bounty program. By using HackerOne’s platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
Q: How does this tie into LINE’s philosophy and mission of driving application safety?
The evolution of technology thrives on responding to those who find vulnerabilities. LINE’s security has to keep up with the security field. Our security team is constantly looking closely at the various threats and vulnerabilities found in our services, learning from them, and taking steps to improve. We share those results with the hacker community to encourage them and to get more feedback from them.
LINE has adopted a very open strategy toward security and would like to be more transparent to our users and to the hacker community. We believe we can build user trust by adopting this approach, and that it helps us build better relationships with the hacker community by giving them public recognition for their contributions.
In addition, our approach demonstrates clearly and openly how LINE handles bugs, which promotes engagement if hackers see how we work with them. We hope that will encourage them to continue working with us in the future.
Q: What are the main types of vulnerabilities that a service provider such as LINE must be aware of?
Various vulnerabilities are being discovered and corrected by the internal security team and the bug bounty participants. Traditional vulnerabilities such as XSS, SSRF, and vulnerabilities due to misconfigurations can be easily found.
However, there are highly skilled hackers that approach LINE’s services and the entire LINE ecosystem with a deeper understanding. They understand how LINE’s services are connected, and how and where the internal data flows. They realize how problems can occur in-between services’ relationships and report the vulnerabilities that are hard to find with traditional methods or tools. For example, hackers can connect not-so-serious problems based on that knowledge and build them into a serious threat. A minor glitch over here can trigger bigger problems over there. These kinds of problems are hard to catch and cost a lot to be fixed, and because our solutions are complex, they often require major changes to entire architectures. Service providers that operate huge ecosystems of products must be prepared for the kind of vulnerabilities that invariably exist between complex service relationships.
Q: How do you react to trends?
It is always better to find problems in the early stages of planning and design. That’s why we perform security assessments at every stage of service development. It is difficult to find these types of relational vulnerabilities by just looking for vulnerabilities within very specific source codes and binaries.
During the security assessment in the planning and design stage, we assess not only technical threats, but also business-related threats, such as personal information leakage, and help the developer and business teams to make the needed fixes. In the code review and test stage, we once again assess the threats and make sure everything is safe.
Q: How does LINE work to improve the handling of security issues over time?
In addition to the above, we have also adopted various methods to develop our security:
Q: How do we learn about and deal with new types of attacks? How do we ensure that LINE security is always improving?
Most of the LINE application security teams have a history as hackers. New types of vulnerabilities always excite us. Once we encounter them, we dive in and start analyzing, and we don’t stop when we just understand them — rather, we continue studying them until we find similar threats or better methods. We document the research and share it internally to improve the overall skills of our teammates. And then we perform “complete enumeration” for the threats over our infrastructure to see if there are other services with similar problems. If these tasks can be automated, we add tasks to our scanner for a complete sweep. Once the enumeration is finished, we make sure that this type of threat is always checked during future security assessments. It’s either added to a scanner or to the checklist.
Q: How have the reports improved your ability to address and react to potential threat scenarios? 
Those reports have been good chances for us to know what we’re missing. We try to assess all services before releasing/updating, but some slip through our fingers. Old legacy services tend to not be maintained as well, and problems can hide in the shadows.
To prevent problems from happening, we have set up alert systems to sense changes in services, and we are running scanners that can find vulnerabilities in legacy systems. Through this process, we have eliminated over 200 potential threats from being released.
Q: Are there any impressive contributions from the hacker community that you would like to highlight? 
There plenty of great examples, but the ones that come to mind that I encourage other hackers to check out include: 
The global hacker community is valuable to LINE, as we are able to leverage the abilities of some of the most talented hackers around the globe and adapt those results to maintain our security policies. It is also naturally clear that the more hackers we have trying to discover bugs, the more we should be able to find, creating an even safer user environment.
We recognize that money is very important for bug bounty hunters. When they find a bug, they need to be rewarded appropriately for it. So, we make sure to provide sufficient rewards for their work. And in order to induce more talented bug bounty hunters to participate, we need to give them special incentives.
Q: What do we want to achieve by being in this for the long term? What does success look like?
By working with hackers, LINE gets one more layer of security from the point of view of the hackers, providing an additional security check of LINE’s services, which moves us one step closer to our goal of a best in class security program.
 
buy fresh cvv online dumps with pin 2018

Author: wpadmin