GB/T 37931-2019在商业银行安全防控场景研发阶段的应用实践
Application of GB/T 37931-2019 for Commercial Bank Web Application Security Control in R&D Phase
奚杰 1王雨琪 1王晶1
作者信息
摘要
为提高商业银行在研发阶段的安全漏洞防控能力,将新型安全技术与创新管理思维相结合,以"安全左移"为核心理念,依据GB/T 37931-2019《信息安全技术 Web应用安全检测系统安全技术要求和测试评价方法》,开展标准的解读、设计及验证活动,打造研发阶段应用安全防控平台,实现运行时防护、交互式检测、DevSecOps安全门禁等功能.该平台能准确掌握应用内部漏洞信息、主动发现、高效预警、紧急阻断,显著提高金融系统应用安全漏洞的检测效率、精度和效益,助力企业构建灵活高效的纵深防护体系.
Abstract
In order to improve the security vulnerability prevention and control capabilities of commercial banks in the R&D phase,it combines new security technologies with innovative management thinking,with a focus on the core concept of'security shift left'.Following GB/T 37931-2019"Information security technology-Security technology requirements and testing and evaluation approaches for Web application security detection system",interpretation,design and verification activities were carried out to create an application security prevention and control platform for the R&D phase,implementing functions such as runtime application self-protection(RASP),interactive application security testing(IAST),and DevSecOps security gates.The platform can accurately identify the internal vulnerability information in applications,proactively detect,efficiently warn and urgently block them.This significantly enhances the efficiency,accuracy,and cost-effectiveness of detecting application security vulnerabilities in financial systems.It helps to establish a more flexible and efficient defense-in-depth strategy.
关键词
信息安全/安全左移/GB/T/37931-2019/金融系统/运行时防护/交互式检测Key words
information security/security left shift/GB/T 37931-2019/financial system/runtime application self-protection/interactive application security testing引用本文复制引用
出版年
2024
NETL
NSTL
万方数据