Unified Savings Pension Fund uses Solar appScreener to increase the security of digital services

2021: Using Solar appScreener to improve the security of digital services

Established by the Government of the Republic of Kazakhstan "Unified Savings Pension Fund" (ENPF) uses the Solar appScreener code analyzer to improve the security of customer service in a digital environment. This was announced on June 10, 2021 by Rostelecom-Solar.

In particular, UENF uses Solar appScreener to detect vulnerabilities and undeclared capabilities in software code of mobile and web applications in a timely manner.

"One of the principles of the Fund is responsibility to depositors and recipients of pension savings. We strive to provide not only high-quality, but also safe online service to our customers. Therefore, after conducting a preliminary study of the code analyzers market and interviewing current -Solar customers, Rostelecom we chose Solar appScreener as the most elaborate and convenient solution presented on the market, "said Marat Artykbayev, Director of the Security Department of Unified Savings Pension Fund JSC.

The product checks the security of mobile applications and electronic web services to serve depositors, which are developed by the Fund and commissioned by external organizations. Experts have successfully implemented the solution in a secure development process, in which it interacts with systems such as SonarQube and Gitlab. The company analyzes the source code of systems written in 1C, PL/SQL, Delphi, Java, etc.

As of June 2021, the information assets of the Unified Savings Pension Fund joint-stock company include 11 digital services that process huge amounts of sensitive user data. Among them are full name, TIN, contact numbers of phones, dates of birth, credentials for entering a personal account, information about seniority, wages, amount of savings, etc. This entire list of data requires a high level of protection. Solar appScreener helps reduce the likelihood of personal data leaks and illegitimate access to the personal account of users.

Among the features of Solar appScreener, the Fund's specialists highlight the possibility of integration with other solutions to create a secure development process, an indefinite licensing system, and a simple and accessible interface.

"Modern companies are interested in a rapid development process. Thanks to this, they can quickly offer consumers digital services, as well as automate their own processes, flexibly adapting the business. However, accelerated development usually involves the use of third-party components in the code that may contain vulnerabilities. It is difficult to check them for security by conventional means, since it is not possible to get their source code. The Solar appScreener product is successful thanks to binary analysis technology, which allows you to identify vulnerabilities using the analysis of executable files, "said Daniil Chernov, director of the Solar appScreener Center of Rostelecom-Solar.