Company code: Dbappsecurity Co.Ltd(688023) company abbreviation: Dbappsecurity Co.Ltd(688023) Dbappsecurity Co.Ltd(688023) 2021 annual report summary section 1 Important Tips 1 the summary of this annual report comes from the full text of the annual report. In order to fully understand the company's operating results, financial status and future development planning, investors should go to http://www.sse.com.cn./ The website carefully reads the full text of the annual report. 2 major risk tips during the reporting period, the company's operating revenue maintained rapid growth, but its net profit decreased significantly, mainly because during the reporting period, while continuously improving its core competitiveness in the fields of cloud security, big data security, Internet of things security and security services, the company also increased the technical research and development of relevant products and platforms in new strategic directions such as data security, information and innovation security, terminal security and intelligent security gateway The investment in market development and management optimization led to the rapid growth of the company's R & D expenses, sales expenses and other expenses during the period, and the net profit decreased to a certain extent. In the future, with the continuous maturity of relevant products and technologies of the company and the gradual formation of scale effect, the new direction will continue to create new profit growth points for the company. In "IV. risk factors" of section III "management discussion and analysis" of this report, the company expounds in detail the specific reasons and Countermeasures for the decline of the company's net profit, as well as other risks that the company may face in the process of operation. Please pay attention to the relevant contents. 3 the board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee the authenticity, accuracy and completeness of the contents of the annual report, and there are no false records, misleading statements or major omissions, and bear individual and joint legal liabilities. 4. All directors of the company attended the board meeting. 5 Lixin Certified Public Accountants (special general partnership) issued a standard unqualified audit report for the company. 6 the company was not profitable when it was listed and has not yet achieved profits □ yes √ No 7 the profit distribution plan or the plan of converting public reserve into share capital in the reporting period adopted by the board of directors. The company plans not to pay cash dividends, give bonus shares or convert capital reserve into share capital in 2021. The retained undistributed profits of the company will be mainly used for daily operation to ensure the capital demand and sustainable development of the company, so as to improve the long-term operating performance of the company, Achieve the company's strategic planning objectives and better safeguard the long-term interests of all shareholders of the company. This proposal has been deliberated at the 17th meeting of the second board of directors of the company and needs to be submitted to the 2021 annual general meeting of shareholders of the company for deliberation. 8. Whether there are any important matters such as special arrangements for corporate governance □ applicable √ not applicable section II basic information of the company 1 company profile company stock profile √ applicable □ not applicable company stock profile stock type stock listed on stock exchange and stock abbreviation of board stock before stock code change A-share Shanghai Stock Exchange Kechuang board Dbappsecurity Co.Ltd(688023) Dbappsecurity Co.Ltd(688023) / company depositary receipts profile □ applicable √ not applicable contact person and contact Contact person and contact information secretary of the board of directors (domestic representative of information disclosure) name of securities affairs representative Lou Jingjiang Shujing office address 188 Lianhui street, Xixing street, Binjiang District, Hangzhou, Zhejiang Province Tel 057128898076057128898076 e-mail [email protected]. [email protected] Introduction to the company's main business during the reporting period (I) main business, main products or services since its establishment, the company has been focusing on the field of network information security. Its main business is the R & D, production and sales of network information security products, and provides customers with professional network information security services. The company's products and services involve application security, cloud security, big data security, Internet of things security, smart city security, industrial Internet Security and other fields. With strong R & D strength and continuous product innovation, the company has formed a product system covering the whole life cycle of network information security, including basic products of network information security, network information security platform and network information security services. All product lines have formed strong competitiveness in the industry. The company's main products and services are as follows: classification two-level classification main product introduction network information security basic products network information security protection products web application firewall solves the application layer attack threat that cannot be solved by traditional network layer security protection products, and resists the influence of various common web attacks: SQL injection, cross site script attack, data disclosure, application layer DDoS, 0day vulnerability, etc, Protect the safe and stable operation of various web applications. The comprehensive log audit system detects various security threats and abnormal behavior events by comprehensively standardizing the logs of customer network equipment, security equipment, host and application system, so as to ensure the uninterrupted operation safety of user business. It can analyze the details of the access to the database in detail, and return the details of the main operation of the audit protocol to the database. It can analyze the details of the access to the database in detail, and return the data of the main products in and out of the database. The operation and maintenance audit and risk control system enhances the security access compliance of enterprise operation and maintenance management through account management, identity authentication, synchronous monitoring, audit playback, automatic operation and maintenance and other functions, and provides fine control and full audit of operation process for various misoperations and malicious operations in daily internal operation and maintenance. Apt attack (Network Warfare) early warning platform is a software and hardware integrated product for in-depth analysis of network traffic. It can find network attacks in real time, especially new network attacks, and its detection ability completely covers the whole apt attack chain. The full traffic deep threat detection platform is a software and hardware integrated product that performs in-depth packet analysis and audit, threat monitoring, application identification, behavior traceability, traffic occupancy and trend analysis for the full network traffic. Web application vulnerability scanner, a network information security detection product, uses the principle of vulnerability generation and the method of penetration test to detect the deep vulnerability of web applications, which can help application developers and managers understand the vulnerability of application systems, provide a basis for improving and improving the security of application systems, and help users establish safe and reliable web application services. The information security level protection inspection toolbox is an integrated special portable monitoring equipment for the level protection main unit and the supervision and inspection department to carry out the level protection network information security inspection. It has the functions of standardized inspection, tool call, result display and so on. It is integrated and customized with special security inspection tools. The remote security assessment system provides comprehensive vulnerability scanning functions such as web, database, baseline configuration verification, port and service identification, which can accurately find the network information security vulnerabilities of hosts, devices, applications and databases in the network, and complete the security assessment of the whole system.
The network security incident emergency response toolbox is a set of professional equipment for the emergency response of network information security incidents. It can guide the emergency disposal steps in the whole process, meet the needs of emergency disposal tools and relevant knowledge in different scenarios, help realize the evidence collection and traceability of network information security events and guide rapid recovery. Maze system is a threat detection and defense system that deceives the attacker. By arranging decoy host and network services, it induces the attacker to attack, captures and analyzes the attack behavior, and enhances the security protection ability of the actual system through technical and management means. Network information security platform cloud security Tianchi cloud security management platform (private cloud scenario) helps the industry's private cloud build a cloud security resource pool with unified management, elastic scalability, collaborative defense, intelligent deployment and meeting the security capability requirements of hierarchical protection, and can provide users with a one-stop comprehensive cloud security solution. Based on cloud computing and threat intelligence capabilities, Xuanwu shield cloud protection platform provides hardware equipped security traffic cleaning and protection services for private cloud users. Anheng cloud (multi cloud security management scenario) is a multi cloud security construction platform characterized by SaaS, centralization, intelligence and ecology, which realizes unified multi cloud management, unified portal, unified operation and maintenance and unified operation. By analyzing the situation of cloud security environment and unified planning and management of cloud security capabilities, we can meet the security compliance needs of customers. Big data security ailpha big data intelligent security platform uses big data technology to collect, centrally store and manage users' whole network security data, improve the accuracy of known security threat detection and realize the intelligent discovery of unknown security threats through artificial intelligence technology. The network security situational awareness and early warning platform integrates the needs of Threat Intelligence and management through all elements of data collection, data governance, data analysis and mining for users' important information systems, network key information infrastructure and other IT assets. Build a real-time network threat perception and early warning response classification from passive to active, secondary classification, main product introduction and response ability, and change passive defense into active defense. The platform can report, warn and deal with network security threats, hidden dangers and events. Help users grasp the network security situation in real time, and carry out early warning notification, emergency disposal and management. The financial risk monitoring and early warning platform is a big data analysis platform integrating its own Internet big data, industry supervision data and public security police data. Assist the whole generation of financial intelligence units in monitoring and monitoring the risk through cloud computing and artificial intelligence. Internet of things Security Internet of things security is an embedded Internet of things terminal protection product, which carries out core protection, data encryption and real-time audit on the Internet of things terminal system; At the same time, it can link with the Internet of things security situational awareness and control center to form a cloud + end linkage protection technical scheme to realize the Internet of things terminal security situational awareness and trusted control. The Internet of things security monitoring platform adopts the self-developed sumap super search engine to realize the rapid identification of IOT terminal equipment, vulnerability detection and illegal access monitoring, so as to realize the real-time monitoring of the security status of IOT terminals. It is a one-stop security evaluation platform for IOT terminals. The industrial control vulnerability scanning platform aims at the professional detection equipment of industrial control system vulnerabilities. Through the display of the analysis results of equipment information and vulnerability information, it can enable the industrial control system managers to fully grasp the equipment usage, equipment distribution, vulnerability distribution, vulnerability risk trend and other contents in the current system. Network Information Security Service SaaS cloud security service cloud monitoring service (Prophet) cloud monitoring service focuses on cloud security monitoring. It can monitor millions of business systems in real time to find security events such as dark chain, black page, back door, hanging horse, phishing and information leakage. At the same time, it has the capabilities of asset discovery, vulnerability detection and availability monitoring, combined with 7 24-hour cloud security expert service, Find the security and availability problems of users' online business in real time and accurately. Cloud protection service (xuanwudun) focuses on Cloud Security Traffic cleaning. Based on cloud computing and threat intelligence capabilities, it can provide users with zero deployment, zero operation and maintenance cloud protection services. The anti DDoS cleaning capability can reach 2.5tb/s. At the same time, it has anti black, anti leakage, anti CC and other business security protection capabilities. Relying on the capabilities of SaaS cloud monitoring service, cloud protection service, honeypot network and global asset detection, Threat Intelligence Service (data brain) provides advanced threat intelligence analysis services such as tracking and traceability, hacker portrait and regional situation awareness, which can effectively improve the intelligence of regional security situation awareness, unknown threat detection, threat traceability analysis and active defense. Expert services professional security services professional security services include traditional security detection services, penetration testing services, code audit services, mobile app detection services, risk assessment services, security reinforcement services, on-site security services, etc. by discovering various security risks and vulnerabilities in the information system, put forward rectification plans, assist customers in security reinforcement and reduce security risks as much as possible, Resist internal and external security attacks and intrusions and protect the security of information assets. Trusted public testing service trusted public testing is a safe public testing service launched by Dbappsecurity Co.Ltd(688023) focusing on high-end users such as finance, government and operators. Trusted public testing selects Dbappsecurity Co.Ltd(688023) Certified Security testers to test websites with high risk level. Users can pay according to the test effect, while testers still provide services according to the agreed confidentiality requirements, so as to greatly improve the effect of security testing without increasing the test risk of users, At the same time, reduce the cost of classification and secondary classification of safety testing and product introduction of main products. Security consulting services security consulting services include information system level protection consulting, cloud security consulting, information system security planning and construction consulting, ISO27001 information security management system consulting, data security consulting and security development life cycle consulting. As the information security level protection work enters the era of 2.0, Dbappsecurity Co.Ltd(688023) through professional and systematic security consulting services, combined with the advantages of the company's whole product line, helps customers carry out the planning and construction of information system security guarantee system meeting the requirements of level protection 2.0. The platform operation service provides in-depth security operation services for users of the company's network security situation awareness and early warning platform, ailpha big data intelligent security platform and cloud platform. Through in-depth data analysis