Web applications of NPF Sberbank — under protection of the solutions Positive Technologies

On October 17, 2017 the Positive Technologies company announced that NPF Sberbank selected solutions of the company for ensuring continuous protection of the services as developed, and already operating.

Project Tasks

For the clients the fund constantly develops a line of services in the field of provision of pensions, actively using applications and web tools.

Project objective — to accelerate release of applications and implementation of additional functions taking into account modern requirements to cyber security.

Protection of the web applications and the accompanying components used by fund using the complete solution based on PT Application Firewall and PT Application Inspector will allow to provide:

• protection against cyberthreats;
• operational carrying out audit of the code during acceptance of applications from contractors, detection of vulnerabilities and verification of a possibility of their operation;
• in case of detection of vulnerabilities — their operational "closing" before receiving corrections;
• development of recommendations about elimination of the revealed vulnerabilities for developers.

Project Progress

As Rami Muleys, the promotions manager of PT Application Inspector of Positive Technologies company told, the implemented integration of the solutions PT Application Firewall and PT Application Inspector allowed NPF Sberbank to build contractor interaction in the course of creation of safe corporate applications, to increase quality of internal development and to provide an operational output to the market of services, having protected fund and its clients from modern cyberthreats.

Project Results

During tests of PT Application Firewall successfully resisted to widespread threats on classification of OWASP and WASC and also the difficult client attacks (DOM-based XSS). Also the solution allowed to accelerate acceptance of the code and to increase quality of audit: on a response of the customer, the complete instrumental analysis of the code of all applications planned in NPF Sberbank to release took only several days together with verification of vulnerabilities.

Besides, private pension fund specialists of Sberbank will be able to block the web attacks now, without waiting for corrections of vulnerabilities in the source code. It became possible due to the built-in import of report files from PT Application Inspector in PT Application Firewall and the system of pro-active patching.

Thanks to the complete solution from Positive Technologies using advanced technologies we could bring services to the market, having built effective process of interaction of development and service cybersecurity, and provided reliable protection of the developed and already functioning applications — Dmitry Kostikov, the head of information security of NPF Sberbank summed up the project results.