NSTU, with the support of Solar, is preparing DevOps and DevSecOps engineers for IT development centers

2024: Using Solar appScreener

In 2024, Solar GC "" became a technological partner. Novosibirsk State Technical University (NSTU NETI) The company provides educational license Solar appScreener with a comprehensive platform. Solutions of this class are a key element of the secure development cycle of all categories. ON More than 300 students studying the Safe Software Development and Operation Methodology discipline gain the skills necessary to work in the field and, DevOps and DevSecOps experience in static, dynamic analysis of code and software components, including the safety of third-party components. open source

In 2024, students of NSTU NETI at the optional classes of the Youth Laboratory for Code Security Research of Domestic Software and Computer Forensics developed their own IT projects.

As part of practical exercises on DevSecOps and application security analysis, students identified an average of 13 vulnerabilities per 500 lines of code, at least one of which was critical.

In the process of learning, students in practice see how many vulnerabilities can be accidentally introduced into the application at the stage of writing code or copying ready-made components, including from unverified open source libraries. Having mastered the practice of DevSecOps, graduates on defense can responsibly and provably present higher-level work demonstrating a more holistic approach to software development, "added Ivan Nikroshkin, lecturer at the Department of Information Protection and head of the Youth Laboratory for Code Security Research of Domestic Software and Computer Forensics.

Using Solar appScreener, students develop practical skills in analyzing the code of web and mobile applications, components of internal software and improve the quality of university IT development. So, using the static analysis module (SAST), they identify vulnerabilities and undeclared capabilities in the source code of mobile and web applications at an early stage of development. Executable analysis technologies allow you to use SAST even if the development is completed and it is not possible to analyze the source code of the project. Dynamic Analysis Module (DAST) allows you to analyze web applications by sending deliberately incorrect data and checking the application's response to them. The Third Party Component Analysis (OSA) module includes Software Composition Analysis (SCA), Software Supply Chain Analysis (SCS), License Risk Analysis, and other capabilities for the safe use of third party components.

According to a number of studies, about 80% of the code is borrowed from source code repositories, which require careful verification for vulnerabilities and transitive dependencies. With the reduction of the time-to-market for software and applications, the culture of secure development and the skills of working with solutions for comprehensive security checks of source code become extremely relevant for the software industry.