摘要
随着信息化技术的不断发展,现有的信息系统在架构和用户体验上得到不断提升,软件开发的模式也通过敏捷,SaaS等方式得到不断的发展。但与此同时伴随着用户量的增长和用户对信息的敏感,安全问题长期困扰各类软件和互联网公司,软件的安全开发和测试不得不成为的信息系统在新环境下所面临的考验和待解决的关键问题之一。从分析新环境下信息系统研发安全需求入手,着重讨论了在软件生命周期中如何利用微软SDL来进行安全开发,并结合作者提出的安全测试方法来有效提高信息系统的安全性和解决敏感信息泄露等问题。
With the advance of information technology,information systems have gotten great improvement from framework,UE(User Experience) and other aspects,and also make tremendous progress in development with Agile Modeling,SaaS and other methodology.Meanwhile,some security problems such as the increasing users and their sensitive private message exposure bedeviled many software and Internet companies.The software security development and testing have to be one of the most important problems for information system in the current environment.In this article,we start with analysis of information system development security requirement,and mainly discuss how to improve develop security with Microsoft SDL.Finally we try to solve related sensitive message disclosure vulnerability by security testing which was suggested by the author.
出处
《计算机安全》
2012年第10期63-65,共3页
Network & Computer Security