A private bank in Southwest China is one of the early private banks approved to open in the central and western regions. It has always adhered to the concept of "innovating with technology", continuously increased investment in financial technology innovation, fully promoted the empowerment of financial technology, and improved the quality and efficiency of financial services. It is aimed at a variety of characteristic digital financial services such as small and micro enterprise credit, rural household credit, and digital payment.
Insufficient capabilities of traditional detection tools
DevOps pipeline to be upgraded
During years of digital construction, the bank has built a relatively complete DevOps pipeline, helping the bank speed up application delivery through automated tools and processes. As the financial system has higher and higher requirements for digital business security, the bank DevOps pipeline faces some security capability issues:
1. False positives and negative negatives of vulnerabilities, the application is easy to "go online with a disease". In the original DevOps pipeline, although traditional application security detection tools are used, their rule sets are limited and complex logic and code context information cannot be fully understood, resulting in false or missed detection of vulnerabilities, making applications easy to "go online with a disease" .
2. The detection speed is slow, which seriously affects the research and development efficiency. Based on the SAST security detection tool, the source code is scanned and analyzed. Although the detection coverage is high, it takes a lot of time from detection to feedback to problem repair, which seriously affects the efficiency of research and development.
3. Integration is difficult, and agile delivery cannot be truly realized. The original SAST tool is used in the code writing stage, and the DAST tool is used in the security testing stage, but limited to the working principles of the two, it cannot meet the requirements of efficient and agile delivery in the automated process, which prolongs the product development cycle.
VulHunter deeply integrates DevOps pipeline
Improve the quality and efficiency of the R&D system
The bank uses the open source network security gray box security testing platform (VulHunter) to deeply integrate with the DevOps pipeline to promote the improvement of application security detection efficiency, so that the DevOps pipeline can not only improve security capabilities, but also meet the requirements of agile delivery.
1. High precision and high coverage, "sweeping all loopholes". The open source network security gray box security testing platform can automatically detect real vulnerabilities in applications at runtime, and scan and detect them based on the execution effect of the application. With the context analysis of real-time fragments, it avoids false positives and false positives of vulnerabilities due to lack of context information. The phenomenon of underreporting.
2. The detection speed is fast, and the results are fed back in real time . The open source network security gray box security testing platform continuously conducts security testing during the running of the application, and at the same time can provide real-time feedback of detection, allowing developers to find and fix problems early.
3. Easy to integrate with DevOps to achieve agile delivery. The open source network security gray box security testing platform can be seamlessly integrated into the DevOps pipeline. According to the configuration, security detection can be automatically performed during the application construction process, which improves the development efficiency and ensures the continuity of the DevOps pipeline.
The bank uses VulHunter to find security issues early in the application development stage, reduce potential security risks, and perform quick repairs before the application is deployed to the production environment. The ultra-high degree of automation can be deeply integrated and adapted to the DevOps pipeline, improving the security detection efficiency. Efficiency shortens the application development cycle and greatly improves the quality and efficiency of the bank's research and development, thereby further promoting the high-quality development of its digital financial business.
In recent years, the bank has actively built an enterprise-level digital platform in its operation management and business development, and constantly explored the empowerment and innovation of financial technology. Similarly, Kaiyuan Network Security will continue to provide financial customers with research and development security solutions to help financial customers innovate and develop more efficiently and safely on the road of "digitalization + intelligence".
