Last year, the CBRC promulgated the Guiding Opinion on the Supervision of the Development Planning of the Information Technology in Banking in China for the Thirteenth Five-year Plan (Draft for Comment), in which Chapter VII on "Steadily Developing Cloud Computing and Implementing Structural Transformation" mentioned and actively carried out Cloud computing architecture planning, development of cloud computing standards, the joint establishment of industry cloud platform, take the initiative to implement the restructuring. Cloud computing has been lively for several years, but traditional industries such as banking are conservative and cautious about the use of cloud computing, with many still focusing on self-built data centers. There is no doubt about the convenience and agility of cloud computing, but the risk of cloud computing will be even greater. Therefore, after many years of cloud computing heat swept the globe, the bank's attitude toward cloud computing has always been positive while ensuring its security. It is not difficult to see that the introduction of this guidance is also striving for safety and setting standards while achieving structural transformation. Similarly, in addition to adjusting the structure, the "Guiding Opinions on the Supervision over the Development Planning of China's Banking IT in the 13th Five-year Plan" (draft for soliciting opinions) refers to various plans for the banking industry, including large data, mobile applications, and security opinion. Bank attitudes toward cloud computing are also banks' attitudes toward information technology. For the banking industry, ensuring information security is more important than using a flexible IT architecture. It is out of security considerations, in the era of Internet finance under pressure. Users often have traditional financial mobile applications are not as fast and flexible as the Internet financial mobile applications. However, in fact, there is a great trend in many Internet finance. The financial industry mobile APP has become the hardest hit by hacking. Although it is hard for us to feel the danger in daily use, the danger is everywhere in the networked world. According to Love Encryption's "Bank APP Security Report" issued by the National Bank of APP for the first quarter of 2017, major risks in mobile applications include source decompilation, server-side control, data storage, insufficient protection at the transport layer, data leakage, End injection, untrusted input security decisions and so on. Dynamic adjustment, decompilation, interface hijacking, code injection, tampering, these risks will lead to malicious transfer, tampering, loss of user name and password and lead to bank transaction security risks. Meanwhile, the three common vulnerabilities disclosed in the "Bank APP Security Report" report include: 1, SQL injection class loopholes accounted for 38.2%, mainly in the code of unfiltered user input, an attacker can submit malicious SQL query to achieve its evil purpose. Although most of the SQL injection vulnerabilities in the low-risk, but can still cause sensitive data, the highest system was stolen and other issues. 2, Webview some of the high-risk vulnerabilities, mainly by the code using addJavaInterface and other dangerous functions, the use of non-verification certificate and other factors. These vulnerabilities can be remote code execution, remote installation of malicious software to users. 3, Https-related high-risk vulnerabilities, mainly by the use of HTTPS parameters such as ALLOW_ALL_HOSTNAME_VERIFIER verify the certificate, there is no host and other information validation led to these vulnerabilities will cause attackers easy to hijack the https session, sniff user passwords and other sensitive information and other issues . Cheng Chih-li, director of love encryption technology, said: "The era of technology development has witnessed the pace of technological development from the early simple paper vouchers to access to information technology. The time has come for not only banks, but also traditional Industries are facing the problem of transformation, cloud computing, the advent of big data is irresistible, but the new technology will certainly bring new risks for the banking, finance, traditional industries that are directly related to personal interests of enterprises will be considered In the process of transformation, the use of new security management ideas and new security products can effectively ensure the security needs of enterprises before the advent of the mobile Internet, the traditional security products Can not guarantee information security, but now both hardware and software have advanced security solutions for mobile phones and smart hardware escort precisely because of the sensitivity of the traditional financial industry risks make this industry a little more special, love encryption has been Continue to focus on the financial sector, for the Bank of China, Ping An Bank, Shanghai Pudong Development Bank of Harbin and many other traditional financial industries have provided security services, love encryption also hope that the detection of the traditional financial industry APP to help companies protect the security, and these data can help companies understand the status quo of corporate products, more targeted Good product protection. " In recent years, more and more exotic technologies have emerged in the banking industry. For example, human-computer interaction has gradually replaced some repetitive workplaces. It is not hard to imagine that in the context of the "Thirteenth Five-Year Plan", more and more new technologies will be rapidly put to ground so that people can feel the new vitality brought by technology to us under the premise of safety.