Skip to content

SDL/DevSecOps #15

New issue
New issue
Open
Open
SDL/DevSecOps#15
Labels
SDL&DevSecOps
@AI0TSec

Description

@AI0TSec
AI0TSec
opened on Jul 1, 2019

https://www.microsoft.com/en-us/securityengineering/sdl
https://www.microsoft.com/en-us/securityengineering/devsecops

SDL流程图
过程图示
image
image

安全产品/服务
RASP(软件运行时安全)、黑盒扫描(DAST:动态应用安全测试)、灰盒扫描(IAST:交互式应用安全测试)、白盒扫描(SAST:静态应用安全测试+SCA:软件成分分析/供应链安全)、威胁建模,以及全流程的开发安全培训

IAST 接入模式:
代理模式、流量镜像模式、插桩模式、日志平台模式、VPN、流量信使
SAST 部署模式:
IDE插件、代码仓库集成

https://blog.csdn.net/qq_29277155/article/details/92411079

Metadata

Metadata

Assignees

No one assigned

    Labels

    SDL&DevSecOps

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions