Home > Cloud Computing > Cloud Security

Positioning of Security Testing in SDL

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Security Testing is an indispensable part of SDL. As long as the security process is introduced, security testing must be introduced.

The following figure shows the SDL environment in the SDL training of Microsoft. We can see that the security test link corresponds to two phases: security verification and final security review.

In the Microsoft SDL model, we can also clearly see the security assurance measures implemented in each link during product development.

Security testing is not a replacement of code auditing, but an independent protection link.



It can be said that for enterprises that want to implement the SDL process to improve their product security, security testing must be introduced first. At the same time, security testing is also a means of outsourcing third-party development for security acceptance, and is also an important means for the evaluation agency to evaluate the security of a product.

However, this important link has not been fully valued in the real environment. Many of my friends in the security circle feel that users need to improve the security development process, on the other hand, the security testing business is very new and unacceptable to users. In fact, as long as users have the need to improve the security development process, they will certainly have the need for security testing, the positioning of Security Testing is as a check. We try our best to find that the product is the most vulnerable to attack points, and push the security development process up to the Implementation Layer and design layer, down is to reduce the risk of loss caused by security events exposed to products released by enterprises. Without this link, it is just an empty talk about improving the security development process.

In addition, the current product security assessment is limited to ensuring the functional security of the product, rather than ensuring the security of the product itself (Security Quality) this core link is evaluated. To establish an autonomous and controllable information system, it is essential to evaluate the security quality (rather than functions) in the future.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More