Customers: M.Video Contractors: Positive Technologies Product: PT Application Inspector (PT AI)Project date: 2017/10 - 2018/01
|
The M.Video network entering into the SAFMAR Group of Mikhail Gutseriev, retail network selling electronics and home appliances in Russia, selected PT Application Inspector for the analysis of the source code of web applications. The solution of the Positive Technologies company specializing in production of the software in the field of cyber security automated verification of the code. PT Application Inspector was built in process of continuous updating of online store of the retailer that helped to increase significantly quality and reliability of the software according to requirements of information security and also to accelerate release and updating of M.Video web services.
For clients and partners the M.Video company develops a set of web services, basic of which — online store of the equipment and electronics with monthly attendance more than 11,000,000 users. In 2017 the share of online sales in turnover of the company reached 20%, and in a month about 300,000 transactions were on average made. Within the project on building of process of safe software development before specialists of the company there was a problem of automation of verification of the code. The manual analysis at the accruing code amounts became impossible: several development teams quarterly make about 140 changes to developed by software. At such volume there was an emergence probability in the code of errors which could result in vulnerabilities of web resources. The company tested several solutions, and only PT Application Inspector conformed to the imposed requirements for depth of the analysis, reliability of results and support of a product by vendor.
PT Application Inspector allows to analyze security of software of M.Video at all stages of its lifecycle, including to hold testing at the earliest development stage. It became possible thanks to a combination in a product of three methods of the analysis — static, dynamic and interactive. For check of the found vulnerabilities of PT Application Inspector automatically determines conditions of accomplishment of the possible attack that helps to confirm danger of these vulnerabilities.
Existence in the analyzer of a large number of filters using which it is possible to classify the found vulnerabilities became additional benefit of PT Application Inspector. Thanks to it information security specialists and M.Video developers can work only with relevant threats, effectively planning process of audit and correction of vulnerabilities.
"The choice of the buyer for benefit of this or that shop is dictated not only by the prices, but also convenience – whether it is easy to select goods, to issue the order, to keep track of the status. Leadership of M.Video in the market of consumer electronics is caused, including, continuous improvement of IT systems and online store of the company. We needed the automated solution which would report the most exact results of check and on which it would be possible to rely completely within the process of continuous updating of the website which is already adjusted at us. Evident visualization of analysis results of PT Application Inspector allows us to define quickly risks and to take the necessary measures within information security support. Implementation also accelerated release and updating of web services. Together it affected convenience and reliability of online store of the company — a significant element of omnichannel model of network" — the Head of Department of information security of M.Video Krolikov Artem told.