中圖分類號：TP311
文獻標識碼：A
DOI:10.19358/j.issn.2097-1788.2023.06.010
引用格式：朱嶷東，黃施宇，薛質，等.IAST在金融業DevOps中的融合應用探索［J］.網絡安全與數據治理，2023，42（6）：60-65.

Exploration of the integration application of IAST in DevOps for the financial industry

Abstract： The application of the DevOps model has strengthened the ability to support rapid business development in the digital transformation of the financial industry, and addressing the various security risks arising from this model has become an industry consensus. Considering the challenges posed by the disconnection between traditional security tools and capabilities and DevOps, which limits the maximization of security enablement, this study proposes an integrated approach to address these challenges. By focusing on the model architecture and processes, and leveraging Interactive Application Security Testing (IAST) as an opportunity, the study explores the application of comprehensive security capabilities within the context of DevOps. The construction of an integrated security solution is proposed, and experimental results demonstrate that the new security fusion model can effectively enhance development security capabilities, achieving the goal of security shiftleft, reflecting the value of overall security capabilities, and realizing the objective of closely aligning with business operations through integration with DevOps.

Key words : Interactive Application Security Testing(IAST); DevOps; software security development; vulnerability detection;vulnerability management;financial industry