IAST在金融业DevOps中的融合应用探索  被引量:2

Exploration of the integration application of IAST in DevOps for the financial industry

在线阅读下载全文

作  者:朱嶷东 黄施宇 薛质[2] 王洪涛 刘宏 李文清 Zhu Yidong;Huang Shiyu;Xue Zhi;Wang Hongtao;Liu Hong;Li Wenqing(Sinolink Securities Co.,Ltd.,Shanghai 201204,China;School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;Shanghai Pudong Development Bank Co.,Ltd.,Shanghai 200120,China)

机构地区:[1]国金证券股份有限公司,上海201204 [2]上海交通大学网络空间安全学院,上海200240 [3]上海浦东发展银行,上海200120

出  处:《网络安全与数据治理》2023年第6期60-65,共6页CYBER SECURITY AND DATA GOVERNANCE

基  金:智慧广电网络安全生态创新研究国家广播电视总局实验室项目(TXX20200001ZSB001)。

摘  要:DevOps模式的应用强化了金融行业数字化转型中支撑业务高速发展的能力,解决该模式下引申出的各类安全风险问题已成为行业共识。针对传统安全模式工具及能力和DevOps割裂使得安全赋能受限无法发挥其最大效力的问题,提出从模式架构和流程出发,以IAST为契机探索将整体安全能力运用其中的方式,构建安全能力一体化的解决思路,试验结果表明新的融合模式能够帮助提升开发安全能力,达到安全左移目标,体现安全整体能力价值,实现通过融入DevOps贴近业务的目标。The application of the DevOps model has strengthened the ability to support rapid business development in the digital transformation of the financial industry,and addressing the various security risks arising from this model has become an industry consensus.Considering the challenges posed by the disconnection between traditional security tools and capabilities and DevOps,which limits the maximization of security enablement,this study proposes an integrated approach to address these challenges.By focusing on the model architecture and processes,and leveraging Interactive Application Security Testing(IAST)as an opportunity,the study explores the application of comprehensive security capabilities within the context of DevOps.The construction of an integrated security solution is proposed,and experimental results demonstrate that the new security fusion model can effectively enhance development security capabilities,achieving the goal of security shift-left,reflecting the value of overall security capabilities,and realizing the objective of closely aligning with business operations through integration with DevOps.

关 键 词:交互式应用安全检测 DevOps 软件安全开发 漏洞检测 漏洞管理 金融业 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象