Otan-Security uses Solar appScreener to test software for compliance with information security requirements

2022: Solar appScreener Implementation

One of the certification bodies in the Republic of Kazakhstan, Otan-Security, introduced Solar appScreener to check the software for compliance with information security requirements. This was announced on April 14, 2022 by Rostelecom-Solar. The Code Analyzer enables your organization to identify vulnerabilities in the software being tested and make recommendations for correcting them. The partner of the project was the integrator AST Cyber Lab.

Using Solar appScreener, OTAN-SECURITI checks for vulnerabilities of client server and web applications that are subject to certification. In Kazakhstan, in a number of industries, confirmation of source code security is one of the conditions for obtaining a certificate of conformity. In particular, this applies to information systems and Internet resources of state bodies.

Using Solar appScreener allowed us to optimize the process of certifying the software of our customers, "said Vladimir Tonkikh, chief specialist of the OTAN-SECURITI testing laboratory. - This was achieved thanks to the automated analysis of application code available in Rostelecom-Solar's product, detailed descriptions of detected threats and recommendations for eliminating vulnerabilities for developers of tested applications. Our testing team also evaluated Solar appScreener 's easy-to-use interface and the ability to automatically generate detailed analysis reports.

OTAN-SECURITI noted that compared to the previous analyzer used in the certification body, Solar appScreener supports many more programming languages ​ ​ - as of April 2022 there are 36. At the same time, the analyzer automatically recognizes in which language the code is written, and can also check programs that are written in several languages.

Software vulnerabilities are one of the main vectors of modern cyber attacks. Therefore, it is very important that the process of certifying applications and confirming their compliance with information security requirements is accompanied by code analysis based on advanced tools. Solar appScreener uses complex algorithms for finding vulnerabilities and undeclared capabilities for this, "said Daniil Chernov, director of the Solar appScreener center of Rostelecom-Solar.