InterComputer uses Solar appScreen to identify software vulnerabilities during certification tests

2023: Solar appScreener Implementation

The International Center for Informatics and Electronics InterComputer has implemented a comprehensive Solar appScreener solution in the development of secure code. In the testing laboratory, the scanner automated the process of identifying vulnerabilities and defects in the software. Solar (formerly Rostelecom-Solar) announced this on January 18, 2024.

InterComputer is accredited by the Ministry of Defense of Russia and the FSB of Russia as a testing laboratory for conducting certification tests and case studies of information protection tools, for example, firewalls, attack detection systems, as well as telecommunications equipment. A security code compliance audit helps identify and prevent potential consequences associated with the use of vulnerable software components. To automate and increase the efficiency of code verification, InterComputer uses the Solar appScreener solution.

Among the advantages of the Solar appScreen scanner in InterComputer, they noted the ease of use, an informative and friendly interface, as well as the ability to analyze binary code. In addition, the laboratory specialists appreciated the product's support for 36 programming languages ​ ​ at once, because earlier they had to use several tools to conduct research on software developed in different programming languages.

Our long-term expertise in building secure development processes and introducing software security analysis tools into the DevOps cycle allows us to create a functional product that is trusted by licensees accredited by the Russian Ministry of Defense and the Russian FSB. Solar appScreen is a technology platform for comprehensive code security analysis, in which all key types of analysis are available in a single interface, "said Vladimir Vysotsky, Head of the Solar appScreen Business Development Group of Solar Group.

During the use of Solar appScreener, during certification tests and case studies conducted by InterComputers, software vulnerabilities were identified that were not detected by other tools used in the laboratory. The high efficiency of the product made it possible to significantly reduce the time of inspections, as well as improve the quality of evidence and visibility of the results obtained.

Certification in the testing laboratory of products used in the processing of confidential information is an important step in the software life cycle, therefore, when conducting tests to identify vulnerabilities and undocumented capabilities, an effective tool is to apply an integrated approach. By combining the advantages of static (SAST), dynamic code analysis (DAST), software composition analysis (SCA) and supply chain security (SCS) in a single Solar appScreener interface, full application security control is provided without the introduction of disparate third-party code analysis tools.