Back to Details

senior-security

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Senior Security Engineer

高级安全工程师

Security engineering tools for threat modeling, vulnerability analysis, secure architecture design, and penetration testing.
面向威胁建模、漏洞分析、安全架构设计和渗透测试的安全工程工具。

Table of Contents

目录

Threat Modeling Workflow

威胁建模工作流

Identify and analyze security threats using STRIDE methodology.
使用STRIDE方法论识别并分析安全威胁。

Workflow: Conduct Threat Model

工作流:开展威胁建模

  1. Define system scope and boundaries:
    • Identify assets to protect
    • Map trust boundaries
    • Document data flows
  2. Create data flow diagram:
    • External entities (users, services)
    • Processes (application components)
    • Data stores (databases, caches)
    • Data flows (APIs, network connections)
  3. Apply STRIDE to each DFD element:
    • Spoofing: Can identity be faked?
    • Tampering: Can data be modified?
    • Repudiation: Can actions be denied?
    • Information Disclosure: Can data leak?
    • Denial of Service: Can availability be affected?
    • Elevation of Privilege: Can access be escalated?
  4. Score risks using DREAD:
    • Damage potential (1-10)
    • Reproducibility (1-10)
    • Exploitability (1-10)
    • Affected users (1-10)
    • Discoverability (1-10)
  5. Prioritize threats by risk score
  6. Define mitigations for each threat
  7. Document in threat model report
  8. Validation: All DFD elements analyzed; STRIDE applied; threats scored; mitigations mapped
  1. 定义系统范围与边界:
    • 识别需要保护的资产
    • 绘制信任边界
    • 记录数据流
  2. 创建数据流图(DFD):
    • 外部实体(用户、服务)
    • 流程(应用组件)
    • 数据存储(数据库、缓存)
    • 数据流(API、网络连接)
  3. 对每个DFD元素应用STRIDE分析:
    • 仿冒(Spoofing):身份是否可伪造?
    • 篡改(Tampering):数据是否可被修改?
    • 抵赖(Repudiation):操作是否可被否认?
    • 信息泄露(Information Disclosure):数据是否会泄露?
    • 拒绝服务(Denial of Service):可用性是否会受影响?
    • 权限提升(Elevation of Privilege):访问权限是否可被提升?
  4. 使用DREAD模型为风险评分:
    • 潜在损害(1-10)
    • 可复现性(1-10)
    • 可利用性(1-10)
    • 受影响用户数(1-10)
    • 可发现性(1-10)
  5. 根据风险分数对威胁排序
  6. 为每个威胁定义缓解措施
  7. 记录到威胁建模报告中
  8. 验证标准:所有DFD元素已分析;已应用STRIDE;威胁已评分;已映射缓解措施

STRIDE Threat Categories

STRIDE威胁类别

CategoryDescriptionSecurity PropertyMitigation Focus
SpoofingImpersonating users or systemsAuthenticationMFA, certificates, strong auth
TamperingModifying data or codeIntegritySigning, checksums, validation
RepudiationDenying actionsNon-repudiationAudit logs, digital signatures
Information DisclosureExposing dataConfidentialityEncryption, access controls
Denial of ServiceDisrupting availabilityAvailabilityRate limiting, redundancy
Elevation of PrivilegeGaining unauthorized accessAuthorizationRBAC, least privilege
类别描述安全属性缓解重点
仿冒冒充用户或系统身份认证多因素认证(MFA)、证书、强认证机制
篡改修改数据或代码完整性签名、校验和、验证机制
抵赖否认已执行的操作不可抵赖性审计日志、数字签名
信息泄露泄露敏感数据保密性加密、访问控制
拒绝服务破坏系统可用性可用性速率限制、冗余机制
权限提升获取未授权访问权限授权基于角色的访问控制(RBAC)、最小权限原则

STRIDE per Element Matrix

各DFD元素的STRIDE适用矩阵

DFD ElementSTRIDE
External EntityXX
ProcessXXXXXX
Data StoreXXXX
Data FlowXXX
See: references/threat-modeling-guide.md
DFD元素STRIDE
外部实体XX
流程XXXXXX
数据存储XXXX
数据流XXX
参考:references/threat-modeling-guide.md

Security Architecture Workflow

安全架构工作流

Design secure systems using defense-in-depth principles.
使用纵深防御原则设计安全系统。

Workflow: Design Secure Architecture

工作流:设计安全架构

  1. Define security requirements:
    • Compliance requirements (GDPR, HIPAA, PCI-DSS)
    • Data classification (public, internal, confidential, restricted)
    • Threat model inputs
  2. Apply defense-in-depth layers:
    • Perimeter: WAF, DDoS protection, rate limiting
    • Network: Segmentation, IDS/IPS, mTLS
    • Host: Patching, EDR, hardening
    • Application: Input validation, authentication, secure coding
    • Data: Encryption at rest and in transit
  3. Implement Zero Trust principles:
    • Verify explicitly (every request)
    • Least privilege access (JIT/JEA)
    • Assume breach (segment, monitor)
  4. Configure authentication and authorization:
    • Identity provider selection
    • MFA requirements
    • RBAC/ABAC model
  5. Design encryption strategy:
    • Key management approach
    • Algorithm selection
    • Certificate lifecycle
  6. Plan security monitoring:
    • Log aggregation
    • SIEM integration
    • Alerting rules
  7. Document architecture decisions
  8. Validation: Defense-in-depth layers defined; Zero Trust applied; encryption strategy documented; monitoring planned
  1. 定义安全需求:
    • 合规要求(GDPR、HIPAA、PCI-DSS)
    • 数据分类(公开、内部、机密、受限)
    • 威胁建模输入
  2. 应用纵深防御层级:
    • 边界层:Web应用防火墙(WAF)、DDoS防护、速率限制
    • 网络层:网络分段、入侵检测/防御系统(IDS/IPS)、双向TLS(mTLS)
    • 主机层:补丁管理、终端检测与响应(EDR)、系统加固
    • 应用层:输入验证、身份认证、安全编码
    • 数据层:静态与传输中数据加密
  3. 实施零信任原则:
    • 持续验证(每个请求都需验证)
    • 最小权限访问(JIT/JEA)
    • 假设已被入侵(分段、监控)
  4. 配置身份认证与授权:
    • 身份提供商选择
    • MFA要求
    • RBAC/ABAC模型
  5. 设计加密策略:
    • 密钥管理方案
    • 算法选择
    • 证书生命周期管理
  6. 规划安全监控:
    • 日志聚合
    • 安全信息与事件管理(SIEM)集成
    • 告警规则
  7. 记录架构决策
  8. 验证标准:已定义纵深防御层级;已应用零信任原则;已记录加密策略;已规划监控方案

Defense-in-Depth Layers

纵深防御层级

Layer 1: PERIMETER
  WAF, DDoS mitigation, DNS filtering, rate limiting

Layer 2: NETWORK
  Segmentation, IDS/IPS, network monitoring, VPN, mTLS

Layer 3: HOST
  Endpoint protection, OS hardening, patching, logging

Layer 4: APPLICATION
  Input validation, authentication, secure coding, SAST

Layer 5: DATA
  Encryption at rest/transit, access controls, DLP, backup
Layer 1: PERIMETER
  WAF, DDoS mitigation, DNS filtering, rate limiting

Layer 2: NETWORK
  Segmentation, IDS/IPS, network monitoring, VPN, mTLS

Layer 3: HOST
  Endpoint protection, OS hardening, patching, logging

Layer 4: APPLICATION
  Input validation, authentication, secure coding, SAST

Layer 5: DATA
  Encryption at rest/transit, access controls, DLP, backup

Authentication Pattern Selection

身份认证模式选择

Use CaseRecommended Pattern
Web applicationOAuth 2.0 + PKCE with OIDC
API authenticationJWT with short expiration + refresh tokens
Service-to-servicemTLS with certificate rotation
CLI/AutomationAPI keys with IP allowlisting
High securityFIDO2/WebAuthn hardware keys
See: references/security-architecture-patterns.md
用例推荐模式
Web应用OAuth 2.0 + PKCE 搭配 OIDC
API身份认证短过期时间JWT + 刷新令牌
服务间认证带证书轮换的mTLS
CLI/自动化带IP白名单的API密钥
高安全场景FIDO2/WebAuthn硬件密钥
参考:references/security-architecture-patterns.md

Vulnerability Assessment Workflow

漏洞评估工作流

Identify and remediate security vulnerabilities in applications.
识别并修复应用中的安全漏洞。

Workflow: Conduct Vulnerability Assessment

工作流:开展漏洞评估

  1. Define assessment scope:
    • In-scope systems and applications
    • Testing methodology (black box, gray box, white box)
    • Rules of engagement
  2. Gather information:
    • Technology stack inventory
    • Architecture documentation
    • Previous vulnerability reports
  3. Perform automated scanning:
    • SAST (static analysis)
    • DAST (dynamic analysis)
    • Dependency scanning
    • Secret detection
  4. Conduct manual testing:
    • Business logic flaws
    • Authentication bypass
    • Authorization issues
    • Injection vulnerabilities
  5. Classify findings by severity:
    • Critical: Immediate exploitation risk
    • High: Significant impact, easier to exploit
    • Medium: Moderate impact or difficulty
    • Low: Minor impact
  6. Develop remediation plan:
    • Prioritize by risk
    • Assign owners
    • Set deadlines
  7. Verify fixes and document
  8. Validation: Scope defined; automated and manual testing complete; findings classified; remediation tracked
  1. 定义评估范围:
    • 纳入范围的系统与应用
    • 测试方法(黑盒、灰盒、白盒)
    • 参与规则
  2. 收集信息:
    • 技术栈清单
    • 架构文档
    • 历史漏洞报告
  3. 执行自动化扫描:
    • 静态应用安全测试(SAST)
    • 动态应用安全测试(DAST)
    • 依赖扫描
    • 密钥检测
  4. 开展手动测试:
    • 业务逻辑缺陷
    • 身份认证绕过
    • 授权问题
    • 注入漏洞
  5. 按严重程度分类发现的问题:
    • 关键:可被立即利用的风险
    • 高:影响重大,易被利用
    • 中:影响中等或利用难度较高
    • 低:影响轻微
  6. 制定修复计划:
    • 按风险优先级排序
    • 分配负责人
    • 设置截止日期
  7. 验证修复并记录
  8. 验证标准:已定义范围;自动化与手动测试已完成;发现的问题已分类;修复进度已跟踪

OWASP Top 10 Mapping

OWASP Top 10 映射

RankVulnerabilityTesting Approach
A01Broken Access ControlManual IDOR testing, authorization checks
A02Cryptographic FailuresAlgorithm review, key management audit
A03InjectionSAST + manual payload testing
A04Insecure DesignThreat modeling, architecture review
A05Security MisconfigurationConfiguration audit, CIS benchmarks
A06Vulnerable ComponentsDependency scanning, CVE monitoring
A07Authentication FailuresPassword policy, session management review
A08Software/Data IntegrityCI/CD security, code signing verification
A09Logging FailuresLog review, SIEM configuration check
A10SSRFManual URL manipulation testing
排名漏洞测试方法
A01访问控制失效手动IDOR测试、授权检查
A02加密失败算法审查、密钥管理审计
A03注入SAST + 手动载荷测试
A04不安全设计威胁建模、架构审查
A05安全配置错误配置审计、CIS基准检查
A06易受攻击的组件依赖扫描、CVE监控
A07身份认证失败密码策略、会话管理审查
A08软件/数据完整性问题CI/CD安全、代码签名验证
A09日志记录失败日志审查、SIEM配置检查
A10服务器端请求伪造(SSRF)手动URL操纵测试

Vulnerability Severity Matrix

漏洞严重程度矩阵

Impact / ExploitabilityEasyModerateDifficult
CriticalCriticalCriticalHigh
HighCriticalHighMedium
MediumHighMediumLow
LowMediumLowLow
影响 / 可利用性中等
关键关键关键
关键

Secure Code Review Workflow

安全代码审查工作流

Review code for security vulnerabilities before deployment.
在部署前审查代码中的安全漏洞。

Workflow: Conduct Security Code Review

工作流:开展安全代码审查

  1. Establish review scope:
    • Changed files and functions
    • Security-sensitive areas (auth, crypto, input handling)
    • Third-party integrations
  2. Run automated analysis:
    • SAST tools (Semgrep, CodeQL, Bandit)
    • Secret scanning
    • Dependency vulnerability check
  3. Review authentication code:
    • Password handling (hashing, storage)
    • Session management
    • Token validation
  4. Review authorization code:
    • Access control checks
    • RBAC implementation
    • Privilege boundaries
  5. Review data handling:
    • Input validation
    • Output encoding
    • SQL query construction
    • File path handling
  6. Review cryptographic code:
    • Algorithm selection
    • Key management
    • Random number generation
  7. Document findings with severity
  8. Validation: Automated scans passed; auth/authz reviewed; data handling checked; crypto verified; findings documented
  1. 确定审查范围:
    • 变更的文件与函数
    • 安全敏感区域(认证、加密、输入处理)
    • 第三方集成
  2. 运行自动化分析:
    • SAST工具(Semgrep、CodeQL、Bandit)
    • 密钥扫描
    • 依赖漏洞检查
  3. 审查身份认证代码:
    • 密码处理(哈希、存储)
    • 会话管理
    • 令牌验证
  4. 审查授权代码:
    • 访问控制检查
    • RBAC实现
    • 权限边界
  5. 审查数据处理代码:
    • 输入验证
    • 输出编码
    • SQL查询构建
    • 文件路径处理
  6. 审查加密代码:
    • 算法选择
    • 密钥管理
    • 随机数生成
  7. 记录带严重程度的发现
  8. 验证标准:自动化扫描已通过;认证/授权已审查;数据处理已检查;加密已验证;发现已记录

Security Code Review Checklist

安全代码审查检查清单

CategoryCheckRisk
Input ValidationAll user input validated and sanitizedInjection
Output EncodingContext-appropriate encoding appliedXSS
AuthenticationPasswords hashed with Argon2/bcryptCredential theft
SessionSecure cookie flags set (HttpOnly, Secure, SameSite)Session hijacking
AuthorizationServer-side permission checks on all endpointsPrivilege escalation
SQLParameterized queries used exclusivelySQL injection
File AccessPath traversal sequences rejectedPath traversal
SecretsNo hardcoded credentials or keysInformation disclosure
DependenciesKnown vulnerable packages updatedSupply chain
LoggingSensitive data not loggedInformation disclosure
类别检查项风险
输入验证所有用户输入已验证与清理注入攻击
输出编码已应用上下文适配的编码XSS攻击
身份认证密码使用Argon2/bcrypt哈希凭证窃取
会话已设置安全Cookie标记(HttpOnly、Secure、SameSite)会话劫持
授权所有端点已执行服务器端权限检查权限提升
SQL仅使用参数化查询SQL注入
文件访问已拒绝路径遍历序列路径遍历攻击
密钥无硬编码凭证或密钥信息泄露
依赖已知漏洞包已更新供应链攻击
日志未记录敏感数据信息泄露

Secure vs Insecure Patterns

安全与不安全模式对比

PatternIssueSecure Alternative
SQL string formattingSQL injectionUse parameterized queries with placeholders
Shell command buildingCommand injectionUse subprocess with argument lists, no shell
Path concatenationPath traversalValidate and canonicalize paths
MD5/SHA1 for passwordsWeak hashingUse Argon2id or bcrypt
Math.random for tokensPredictable valuesUse crypto.getRandomValues
模式问题安全替代方案
SQL字符串格式化SQL注入使用带占位符的参数化查询
Shell命令构建命令注入使用带参数列表的subprocess,不调用shell
路径拼接路径遍历验证并规范化路径
MD5/SHA1用于密码弱哈希使用Argon2id或bcrypt
Math.random生成令牌值可预测使用crypto.getRandomValues

Incident Response Workflow

事件响应工作流

Respond to and contain security incidents.
响应并遏制安全事件。

Workflow: Handle Security Incident

工作流:处理安全事件

  1. Identify and triage:
    • Validate incident is genuine
    • Assess initial scope and severity
    • Activate incident response team
  2. Contain the threat:
    • Isolate affected systems
    • Block malicious IPs/accounts
    • Disable compromised credentials
  3. Eradicate root cause:
    • Remove malware/backdoors
    • Patch vulnerabilities
    • Update configurations
  4. Recover operations:
    • Restore from clean backups
    • Verify system integrity
    • Monitor for recurrence
  5. Conduct post-mortem:
    • Timeline reconstruction
    • Root cause analysis
    • Lessons learned
  6. Implement improvements:
    • Update detection rules
    • Enhance controls
    • Update runbooks
  7. Document and report
  8. Validation: Threat contained; root cause eliminated; systems recovered; post-mortem complete; improvements implemented
  1. 识别与分类:
    • 验证事件是否真实
    • 评估初始范围与严重程度
    • 启动事件响应团队
  2. 遏制威胁:
    • 隔离受影响系统
    • 阻止恶意IP/账户
    • 禁用已泄露凭证
  3. 根除根本原因:
    • 移除恶意软件/后门
    • 修复漏洞
    • 更新配置
  4. 恢复运营:
    • 从干净备份恢复
    • 验证系统完整性
    • 监控是否复发
  5. 开展事后复盘:
    • 重建时间线
    • 根本原因分析
    • 经验总结
  6. 实施改进措施:
    • 更新检测规则
    • 增强控制措施
    • 更新运行手册
  7. 记录与报告
  8. 验证标准:威胁已遏制;根本原因已消除;系统已恢复;事后复盘已完成;改进措施已实施

Incident Severity Levels

事件严重程度等级

LevelDescriptionResponse TimeEscalation
P1 - CriticalActive breach, data exfiltrationImmediateCISO, Legal, Executive
P2 - HighConfirmed compromise, contained1 hourSecurity Lead, IT Director
P3 - MediumPotential compromise, under investigation4 hoursSecurity Team
P4 - LowSuspicious activity, low impact24 hoursOn-call engineer
等级描述响应时间升级对象
P1 - 关键正在发生的数据泄露、数据外渗立即响应CISO、法务、高管
P2 - 高已确认的入侵,已被遏制1小时内安全负责人、IT总监
P3 - 中潜在入侵,正在调查4小时内安全团队
P4 - 低可疑活动,影响轻微24小时内值班工程师

Incident Response Checklist

事件响应检查清单

PhaseActions
IdentificationValidate alert, assess scope, determine severity
ContainmentIsolate systems, preserve evidence, block access
EradicationRemove threat, patch vulnerabilities, reset credentials
RecoveryRestore services, verify integrity, increase monitoring
Lessons LearnedDocument timeline, identify gaps, update procedures
阶段行动
识别验证告警、评估范围、确定严重程度
遏制隔离系统、保存证据、阻止访问
根除移除威胁、修复漏洞、重置凭证
恢复恢复服务、验证完整性、增强监控
经验总结记录时间线、识别差距、更新流程

Security Tools Reference

安全工具参考

Recommended Security Tools

推荐安全工具

CategoryTools
SASTSemgrep, CodeQL, Bandit (Python), ESLint security plugins
DASTOWASP ZAP, Burp Suite, Nikto
Dependency ScanningSnyk, Dependabot, npm audit, pip-audit
Secret DetectionGitLeaks, TruffleHog, detect-secrets
Container SecurityTrivy, Clair, Anchore
InfrastructureCheckov, tfsec, ScoutSuite
NetworkWireshark, Nmap, Masscan
PenetrationMetasploit, sqlmap, Burp Suite Pro
类别工具
SASTSemgrep、CodeQL、Bandit(Python)、ESLint安全插件
DASTOWASP ZAP、Burp Suite、Nikto
依赖扫描Snyk、Dependabot、npm audit、pip-audit
密钥检测GitLeaks、TruffleHog、detect-secrets
容器安全Trivy、Clair、Anchore
基础设施Checkov、tfsec、ScoutSuite
网络Wireshark、Nmap、Masscan
渗透测试Metasploit、sqlmap、Burp Suite Pro

Cryptographic Algorithm Selection

加密算法选择

Use CaseAlgorithmKey Size
Symmetric encryptionAES-256-GCM256 bits
Password hashingArgon2idN/A (use defaults)
Message authenticationHMAC-SHA256256 bits
Digital signaturesEd25519256 bits
Key exchangeX25519256 bits
TLSTLS 1.3N/A
See: references/cryptography-implementation.md
用例算法密钥长度
对称加密AES-256-GCM256位
密码哈希Argon2id无(使用默认配置)
消息认证HMAC-SHA256256位
数字签名Ed25519256位
密钥交换X25519256位
TLSTLS 1.3
参考:references/cryptography-implementation.md

Tools and References

工具与参考资料

Scripts

脚本

ScriptPurposeUsage
threat_modeler.pySTRIDE threat analysis with risk scoring
python threat_modeler.py --component "Authentication"
secret_scanner.pyDetect hardcoded secrets and credentials
python secret_scanner.py /path/to/project
Threat Modeler Features:
  • STRIDE analysis for any system component
  • DREAD risk scoring
  • Mitigation recommendations
  • JSON and text output formats
  • Interactive mode for guided analysis
Secret Scanner Features:
  • Detects AWS, GCP, Azure credentials
  • Finds API keys and tokens (GitHub, Slack, Stripe)
  • Identifies private keys and passwords
  • Supports 20+ secret patterns
  • CI/CD integration ready
脚本用途使用方法
threat_modeler.py带风险评分的STRIDE威胁分析
python threat_modeler.py --component "Authentication"
secret_scanner.py检测硬编码密钥与凭证
python secret_scanner.py /path/to/project
威胁建模器特性:
  • 对任意系统组件进行STRIDE分析
  • DREAD风险评分
  • 缓解措施建议
  • JSON与文本输出格式
  • 交互式引导分析模式
密钥扫描器特性:
  • 检测AWS、GCP、Azure凭证
  • 查找API密钥与令牌(GitHub、Slack、Stripe)
  • 识别私钥与密码
  • 支持20+种密钥模式
  • 可集成到CI/CD

References

参考资料

DocumentContent
security-architecture-patterns.mdZero Trust, defense-in-depth, authentication patterns, API security
threat-modeling-guide.mdSTRIDE methodology, attack trees, DREAD scoring, DFD creation
cryptography-implementation.mdAES-GCM, RSA, Ed25519, password hashing, key management
文档内容
security-architecture-patterns.md零信任、纵深防御、身份认证模式、API安全
threat-modeling-guide.mdSTRIDE方法论、攻击树、DREAD评分、DFD创建
cryptography-implementation.mdAES-GCM、RSA、Ed25519、密码哈希、密钥管理

Security Standards Reference

安全标准参考

Compliance Frameworks

合规框架

FrameworkFocusApplicable To
OWASP ASVSApplication securityWeb applications
CIS BenchmarksSystem hardeningServers, containers, cloud
NIST CSFRisk managementEnterprise security programs
PCI-DSSPayment card dataPayment processing
HIPAAHealthcare dataHealthcare applications
SOC 2Service organization controlsSaaS providers
框架重点适用对象
OWASP ASVS应用安全Web应用
CIS基准系统加固服务器、容器、云环境
NIST CSF风险管理企业安全项目
PCI-DSS支付卡数据支付处理系统
HIPAA医疗数据医疗应用
SOC 2服务组织控制SaaS提供商

Security Headers Checklist

安全头检查清单

HeaderRecommended Value
Content-Security-Policydefault-src self; script-src self
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Strict-Transport-Securitymax-age=31536000; includeSubDomains
Referrer-Policystrict-origin-when-cross-origin
Permissions-Policygeolocation=(), microphone=(), camera=()
头字段推荐值
Content-Security-Policydefault-src self; script-src self
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Strict-Transport-Securitymax-age=31536000; includeSubDomains
Referrer-Policystrict-origin-when-cross-origin
Permissions-Policygeolocation=(), microphone=(), camera=()

Related Skills

相关技能

SkillIntegration Point
senior-devopsCI/CD security, infrastructure hardening
senior-secopsSecurity monitoring, incident response
senior-backendSecure API development
senior-architectSecurity architecture decisions
技能集成点
senior-devopsCI/CD安全、基础设施加固
senior-secops安全监控、事件响应
senior-backend安全API开发
senior-architect安全架构决策