DevSecOps如何提高應用程序安全性?

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"什麼是DevSecOps","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 在軟件行業,DevSecOps是一種文化轉變,它將安全實踐集成到DevOps過程中。DevSecOps需要在開發團隊和安全團隊之間建立一種“安全即代碼”的文化。然後,安全過程由開發團隊自己進行處理和自動化。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"DevSecOps如何提高應用程序安全性?","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 在傳統的軟件開發中,開發人員每隔幾個月或幾年發佈一個新版本的應用程序,以提高軟件質量和進行安全測試。然而,公有云、容器和微服務架構的興起對軟件開發產生了直接影響,新特性和新代碼快速地不斷引入到產品中。這些過程大多都是自動化的,這樣公司就能夠更快地創新,和在競爭中保持領先地位。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"DevOps文化代表了開發團隊、測試團隊和運維團隊之間的共同身份,以及對共同目標的認可。這允許大量的軟件開發,但安全往往落後,並且無法跟上新的代碼更新速度。DevSecOps試圖成爲一種解決方案,它可以將安全測試集成到持續集成和持續交付管道中,並使開發團隊能夠在開發過程中進行測試和修復。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"在DevSecOps中,開發團隊正在進行安全測試。因此,在測試期間發現的任何問題都由同一個開發團隊管理和修復。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 在DevSecOps中,開發和安全沒有分離。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 集成測試可能是一個挑戰,因爲開發人員必須學會自己修復與安全相關的缺陷,這可能需要時間。一種方法是在開發團隊中找到應用程序安全方面的專家,儘管目標是讓整個團隊都瞭解安全編程實踐。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"但是,開發團隊仍然可以聯繫安全測試人員以獲得專家意見,因爲有些任務可能需要安全專業人員手動測試。但這應該是一個特殊的情況,而不是有一個完全不同的團隊專注於安全。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"開發和安全之間的這種集成也需要在管理層進行,這樣才能完全成功。否則,從上到下沒有對齊,可能會導致管理層衝突。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 爲此,開發人員爲開發人員創建了一些新的工具,並將其集成到開發環境和CI/CD工作流中。多年來,傳統的應用程序安全供應商已經改變了他們的產品,以適應CISO和開發人員。某些爲開發人員設計的基於雲的服務提供商(例如GitHub)開始將安全測試直接包含到他們的服務中。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 越來越多的公司開始在CI/CD管道中集成自動化安全測試,儘管這可能是一個緩慢的過程。 ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 最終,DevSecOps應該能夠減少代碼中存在的嚴重漏洞的數量。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文:","attrs":{}},{"type":"link","attrs":{"href":"https://www.devopsonline.co.uk/how-can-devsecops-improve-application-security/","title":null},"content":[{"type":"text","text":"https://www.devopsonline.co.uk/how-can-devsecops-improve-application-security/","attrs":{}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章