Shift from SDLC to DevSecOps

News 2023-04-17 14:21:13 views: null

insert image description here

OSSTMM

According to OSSTMM (Open Source Security Testing Methodology Manual), security testing includes but not limited to the following methods: vulnerability scanning, security scanning, penetration testing, risk assessment, security audit, 'ethical' hacking, the following Introduce concepts to several common methods:

  • 1 Vulnerability scanning: Vulnerability scanning refers to a security detection behavior that detects the security vulnerabilities of a specified remote or local computer system through scanning and other means based on the vulnerability database, and finds exploitable vulnerabilities.
  • 2 Security scanning: Security scanning technology refers to manual or using a specific automatic software tool - security scanner, to evaluate system risks and find security issues that may cause damage to the system. Scanning mainly involves two aspects of system and network. System scanning focuses on the platform security of a single user system and the security of application systems based on this platform, while network scanning focuses on network applications and services provided by the system and related protocol analysis.
  • 3 Penetration testing: conduct a comprehensive inspection of the application through manual or automatic penetration testing, and dig out possible security risks and loopholes in the application source code. Penetration testing can help business parties intuitively know the problems faced by their applications, help business parties understand and improve the security of their application development programs, and effectively prevent possible security risks.
  • 4 Risk assessment: From the perspective of information security, risk assessment is the threat to information assets (that is, the information set of an event or thing), the existing weaknesses, the impact, and the comprehensive effects of the three. Assessment of the likelihood of risk.
  • 5 Security review: Content security review has become the highest priority operational demand for platforms such as short videos, news information, and live broadcasts. Whether it is through manual review or systematic machine review, it is the safest and most suitable product.

Guess you like

Origin blog.csdn.net/chenlei_525/article/details/128091248
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com