IAST在金融业DevOps中的融合应用探索

Exploration of the integration application of IAST in DevOps for the financial industry

DevOps模式的应用强化了金融行业数字化转型中支撑业务高速发展的能力,解决该模式下引申出的各类安全风险问题已成为行业共识。针对传统安全模式工具及能力和DevOps割裂使得安全赋能受限无法发挥其最大效力的问题,提出从模式架构和流程出发,以IAST为契机探索将整体安全能力运用其中的方式,构建安全能力一体化的解决思路,试验结果表明新的融合模式能够帮助提升开发安全能力,达到安全左移目标,体现安全整体能力价值,实现通过融入DevOps贴近业务的目标。

The application of the DevOps model has strengthened the ability to support rapid business development in the digital transformation of the financial industry,and addressing the various security risks arising from this model has become an industry consensus.Considering the challenges posed by the disconnection between traditional security tools and capabilities and DevOps,which limits the maximization of security enablement,this study proposes an integrated approach to address these challenges.By focusing on the model architecture and processes,and leveraging Interactive Application Security Testing(IAST)as an opportunity,the study explores the application of comprehensive security capabilities within the context of DevOps.The construction of an integrated security solution is proposed,and experimental results demonstrate that the new security fusion model can effectively enhance development security capabilities,achieving the goal of security shift-left,reflecting the value of overall security capabilities,and realizing the objective of closely aligning with business operations through integration with DevOps.