Developers: | Appercut Security, InfoWatch, Attack Killer (Attacks Killer) |
Last Release Date: | 2018/12/21 |
Technology: | SaaS - The software as service, cybersecurity - Antiviruses |
Content |
The cloud service of Appercut Custom Code Scanner (ACCS) allows users of almost any business application independently and almost instantly to analyze its source code and to detect vulnerabilities, violations of the IB corporate standards and requirements of regulators. At the same time service is capable to reveal gaps which can use both malefactors from the outside, and insiders.
2019: Methodology of Security development lifecycle using Appercut
The Attack Killer company provided on February 19, 2019 methodology of embedding of scanners of the code to development process of the software.
According to representatives of the company, the methodology of embedding of security in development process of software offered by Attack Killer company differs from customary practice when identification and fault recovery is selected in a separate stage and increases term to an output of a new product to the market. The offered methodology of SDL (Security development lifecycle) assumes use of the scanner of the Appercut code and tools of complex security Attack Killer at 7 main development stages: training, formation of requirements, design, implementation, verification, release and reaction. The offered method will allow to protect reliably products, irrespective of used by the developer of the SDLC model (Software Development Life Cycle), claim in Attack Killer.
Within our methodology we recognize the principle that in development process the application should be protected from disclosure of information, change and destruction; correct authentication and management of user rights and also configurations, sessions and errors should be provided — the development director of the products Attack Killer Mikhail Bubnov emphasized. |
The vice president of InfoWatch Group Rustem Hayretdinov told about approach of Attack Killer company to security management of web resources which consists in embedding of the systems of protection in a cycle of creation and use of the software. The expert noted that during creation of methodology it is necessary to consider the analysis of the platform of development, organizational measures, version control, instruments of security in different points of development and use of IT systems.
2018: Obtaining FSTEC certificate of Russia
On December 21, 2018 the company Attack Killer announced obtaining the certificate FSTEC Russia InfoWatch of Appercut Custom Code Scanner 4.0 — the systems of the automated control source code to business applications requirements for safe development on compliance software. According to the company, this certificate confirms that the InfoWatch Appercut Custom Code Scanner complex conforms to the regulating documentation and the regulating software requirements, used for protection against unauthorized access to information.
For December, 2018 mass digitalization became the reason of emergence of a large number of custom software developments which need to be checked for security and quality of the code. Obtaining the FSTEC certificate of Russia guarantees the level of security and allows to use InfoWatch Appercut in the state, financial, industrial and other institutions. CEO of Attack Killer company, vice president of InfoWatch Group Rustem Hayretdinov |
InfoWatch Appercut conforms to requirements of the regulating document of FSTEC of Russia "Protection against unauthorized access to information. Part 1. Information security software. Classification by the level of absence control of not declared opportunities" for the 4th level of control.
The analysis result of an application code or its fragment represents the report with recommendations about error correction. For December, 2018 InfoWatch Appercut is integrated into any stage of lifecycle of development between programming and acceptance by the customer, supports more than 20 programming languages, and the license allows to investigate any number of applications infinite number of times.
For December, 2018, the solution supports requirements of the international standards PCI DSS, practice of CERT, OWASP and CWE, the recommendation of SDLC, producers of the 1C Platforms, SAP, Oracle, Microsoft. Users of InfoWatch Appercut can add own templates reflecting specifics of business processes of the organization to the database of incorrect program constructions.
2012: Support of 20 programming languages
For October, 2012 service supports more than 20 programming languages, including the main languages of business applications. Among them: ABAP/4 of the platform SAP R/3, PeopleCode of systems Oracle CRM/HRMS, VBScript companies Microsoft, LotusScript platforms IBM Lotus Notes and also internal language "1C: Enterprise". Thanks to architecture of the scanner (existence of the built-in normalizer translating the analyzed program from source language in the unified internal representation) adding of modern languages is rather simple task and happens quarterly.
It is not less important that the ACCS scanner reveals vulnerabilities, verifying the analyzed code with the templates which are stored in the database. The Appercut Security company locates one of the most complete collections of vulnerabilities in the industry and cooperates with the leading world laboratories booking audit of software that allows to add to this list of the description of new threats most quickly. Besides, users of the commercial version of the scanner can enter own templates of the fragments of the source code interesting them to the database, thinly configuring ACCS and adapting it to the IB corporate standards and requirements of regulators. And the special version of the scanner which can be set in the "private cloud" which is in security perimeter is developed for big corporate customers and the organizations with special requirements to cybersecurity.
Cyber crime scales – and in our country, and abroad are known to all. But, strangely enough, many underestimate the risks connected with it. The same who already understands what threats proceed from modern business software, – do not see a practical method of counteraction. Some methods are too slow, others reveal only a small part of gaps, the third – yield results which, actually, belong to the distant past. And all methods are too expensive to most the Russian enterprises, – Rustem Hayretdinov, the CEO of Appercut Security company says. – We understood it and created our service, having supported the customer, having regarded his interests as of paramount importance. Also decided that it is more correct to give to the market the tool allowing to reveal literally in a minute about 70% of vulnerabilities, than to fight for each percent, losing simplicity, efficiency, availability. It is sure that Appercut Custom Code Scanner is that instrument of protection which so lacked the Russian business. |
In Russia and neighboring countries Appercut Security services will move ahead under the name of InfoWatch Appercut Security – within the affiliate program with system integrators. Its start is planned for October, 2012.