(1Sinolink Securities Co.,Ltd., Shanghai 201204, China; 2School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China; 3Shanghai Pudong Development Bank Co.,Ltd.,Shanghai 200120,China)
Abstract: The application of the DevOps model has strengthened the ability to support rapid business development in the digital transformation of the financial industry, and addressing the various security risks arising from this model has become an industry consensus. Considering the challenges posed by the disconnection between traditional security tools and capabilities and DevOps, which limits the maximization of security enablement, this study proposes an integrated approach to address these challenges. By focusing on the model architecture and processes, and leveraging Interactive Application Security Testing (IAST) as an opportunity, the study explores the application of comprehensive security capabilities within the context of DevOps. The construction of an integrated security solution is proposed, and experimental results demonstrate that the new security fusion model can effectively enhance development security capabilities, achieving the goal of security shiftleft, reflecting the value of overall security capabilities, and realizing the objective of closely aligning with business operations through integration with DevOps.
Key words : Interactive Application Security Testing(IAST); DevOps; software security development; vulnerability detection;vulnerability management;financial industry
