Customers: SertSoft Almaty; Information technology Product: Solar appScreener (formerly Solar inCode)Project date: 2021/09 - 2022/03
|
2022: Verify customer software with Solar appScreener
On April 26, 2022, Rostelecom-Solar announced that the Kazakhstan testing laboratory SertSoft uses a static Solar appScreener code analyzer to provide services for checking customers' software for compliance with information security requirements. Developed by Rostelecom-Solar, the scanner allows you to detect vulnerabilities in the code and formulate recommendations for developers to correct errors. The project to implement Solar appScreener in SertSoft was implemented together with the distributor RSsecurity.
According to the order of the Minister defensive space industries of the Republic of Kazakhstan and dated March 28, 2018 No. 53/NҚ "On Approval of the Rules for the Formation and Maintenance of the Register of Trusted Software and Electronic Products, and criteria for the inclusion of software and products of the electronic industry in the register of trusted software and products of the electronic industry "for inclusion ON in this register it is necessary to fulfill information safety requirements in accordance with PT RK ISO/IEC 15408-3 not lower than level 4 or safety the presence of a test report. This includes, among other things, vulnerability source code analysis and undeclared capabilities.
The testing laboratory is SertSoft engaged in testing of informatization objects and information systems, as well as in certification of software. In addition, the company's specialists provide vulnerability analysis services in the software. With the help of the Solar appScreener static code analyzer, 10 information systems of various customers have already been tested in SertSoft.
"The analysis of the source code during the software certification tests is a requirement of the state regulator, therefore this aspect is quite important for our customers. Solar appScreener provides the results of the analysis in the format of specific recommendations for addressing vulnerabilities and undeclared capabilities. And this corresponds to exactly the tasks that the laboratory specialists face. Among other features of the Rostelecom-Solar analyzer, our experts distinguish support for all known programming languages and the ability of the scanner to automatically recognize them, "- says Askhat Tleuberidiev, director of SertSoft. |
"Our scanner in solving such problems is focused on information security specialists. To do this, we implemented an intuitive interface, for which the user does not need development experience. At the same time, inside Solar appScreener - current code analysis technologies and complex threat search algorithms, including those developed and patented by Rostelecom-Solar. Vulnerability detection databases are regularly updated, which allows our customers to monitor application security and quickly enough to eliminate threats, "- says Daniil Chernov, director of the Solar appScreener Center of Rostelecom-Solar. |