Security Life Cycle Of Software Development In Small And Medium-sized Banks Based On Test Reverse Inferences

With the rapid development of China's Internet finance,the information security has been attached more and more attention.The electronic channel software independent research and development system security risk control of small and medium-sized commercial banks has become a factor that project managers must consider.Generally,the software development life cycle model is adopted for system development.However,the software development life cycle model is difficult to land in this process due to the factors such as high coupling degree of system architecture,personnel technical capability bottleneck,solidification of system development process,etc.In order to solve these problems,most small and medium-sized banks are looking for the management measures of security development process that suit their architecture.Taking Shandong City Commercial Banks Alliance as an example,this thesis optimizes Microsoft's security development lifecycle management model and explores a model that is more suitable for its own situation.The security penetration test is applied to drive the business needs and development&design.The security vulnerabilities generated by the security penetration test shall be analyzed.The analysis results shall be incorporated into the requirements specification and the development design specification which are accumulated in the original security development model.As the software system is iterated,the process system in the development model becomes more and more mature and the specifications are becoming more and more standardized.In the testing phase,the security vulnerabilities are identified and classified to reversely speculate the risk points that need to be cared in the requirements design phase and the development design phase according to different levels of vulnerabilities.When the business volume of the banking system is incrementally iterated,the requirements designer and the developer performer shall extract relevant risk elements from the latest model and design them.According to the research in this thesis,the advantages of the test-driven mode over the traditional development mode are as follows:(1)On the whole,as the software iterations increase,the overall quality of system development has shown a spiral rise trend;(2)The value of safety penetration test has expanded.The penetration test not only produces bugs,but also generates relevant requirements and development&design specifications to continuously improve the process assets in the software research and development system;(3)Comparing with the blindly copying standardized model,the software requirements and developers can participate in the system development process with high quality and the personnel awareness and skills can be effectively improved in the Test-Driven Development mode;(4)The platform tools are introduced in the test phase.The combination of the traditional test mode and IAST product enables the defect escape rate to be effectively controlled.The security risk content of software research and development system is very extensive.The improvement of software development security and quality requires the participation at all stages.Based on the characteristics of "single example and multiple people" of Shandong City Commercial Banks Alliance,this project elaborates on the software testing.Combing with the original development model,the test phase is cut in and the actual data is used to show that the test-driven development mode can achieve the effect of the safety and quality improvement in the whole development process.