Application of GB/T 37931-2019 for Commercial Bank Web Application Security Control in R&D Phase
In order to improve the security vulnerability prevention and control capabilities of commercial banks in the R&D phase,it combines new security technologies with innovative management thinking,with a focus on the core concept of'security shift left'.Following GB/T 37931-2019"Information security technology-Security technology requirements and testing and evaluation approaches for Web application security detection system",interpretation,design and verification activities were carried out to create an application security prevention and control platform for the R&D phase,implementing functions such as runtime application self-protection(RASP),interactive application security testing(IAST),and DevSecOps security gates.The platform can accurately identify the internal vulnerability information in applications,proactively detect,efficiently warn and urgently block them.This significantly enhances the efficiency,accuracy,and cost-effectiveness of detecting application security vulnerabilities in financial systems.It helps to establish a more flexible and efficient defense-in-depth strategy.
information securitysecurity left shiftGB/T 37931-2019financial systemruntime application self-protectioninteractive application security testing
NETL
NSTL
万方数据
