Design and Implementation of Security Test Pipeline based on DevSecOps

2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC) Pub Date : 2021-06-18 DOI:10.1109/IMCEC51613.2021.9482270

Xiaohan Sun, YunChang Cheng, Xiaojie Qu, Hang Li

{"title":"Design and Implementation of Security Test Pipeline based on DevSecOps","authors":"Xiaohan Sun, YunChang Cheng, Xiaojie Qu, Hang Li","doi":"10.1109/IMCEC51613.2021.9482270","DOIUrl":null,"url":null,"abstract":"In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.","PeriodicalId":240400,"journal":{"name":"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCEC51613.2021.9482270","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于DevSecOps的安全测试管道的设计与实现

近年来，各种信息安全事件层出不穷，类型各异。安全漏洞是导致信息系统安全风险的重要因素，是信息系统中最常见、最紧迫的安全风险。本文的研究目标是将安全测试过程与软件构建、部署、运维的集成过程无缝集成。通过管理平台对安全测试结果进行统一管理和报表显示，引入项目管理系统对闭环安全漏洞进行开发、回归和管理。在安全漏洞对信息系统造成不可弥补的损害之前，发现并分析安全漏洞，形成安全漏洞解决方案，最大限度地降低安全漏洞对信息系统的威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)

自引率

0.00%

发文量