基于DevSecOps的安全测试管道的设计与实现

Xiaohan Sun, YunChang Cheng, Xiaojie Qu, Hang Li
{"title":"基于DevSecOps的安全测试管道的设计与实现","authors":"Xiaohan Sun, YunChang Cheng, Xiaojie Qu, Hang Li","doi":"10.1109/IMCEC51613.2021.9482270","DOIUrl":null,"url":null,"abstract":"In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.","PeriodicalId":240400,"journal":{"name":"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Design and Implementation of Security Test Pipeline based on DevSecOps\",\"authors\":\"Xiaohan Sun, YunChang Cheng, Xiaojie Qu, Hang Li\",\"doi\":\"10.1109/IMCEC51613.2021.9482270\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.\",\"PeriodicalId\":240400,\"journal\":{\"name\":\"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMCEC51613.2021.9482270\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCEC51613.2021.9482270","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

摘要

近年来,各种信息安全事件层出不穷,类型各异。安全漏洞是导致信息系统安全风险的重要因素,是信息系统中最常见、最紧迫的安全风险。本文的研究目标是将安全测试过程与软件构建、部署、运维的集成过程无缝集成。通过管理平台对安全测试结果进行统一管理和报表显示,引入项目管理系统对闭环安全漏洞进行开发、回归和管理。在安全漏洞对信息系统造成不可弥补的损害之前,发现并分析安全漏洞,形成安全漏洞解决方案,最大限度地降低安全漏洞对信息系统的威胁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Design and Implementation of Security Test Pipeline based on DevSecOps
In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The HT-TBD Algorithm for Large Maneuvering Targets with Fewer Beats and More Groups Key Technologies of Heterogeneous System General Data Service based on Virtual Table Research on Plant Disease Detection Technology Based on Wireless Sensor Network Leaf Segmentation Algorithm Based on Improved U-shaped Network under Complex Background Research on Anti-jamming Simulation based on Circular Array Antenna
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1