"VTB of Mobile" increases security of applications using Solar appScreener

2020: Solar appScreener use

VTB of Mobile LLC, the cellular operator from VTB Bank (public joint stock company), uses the analyzer of security of the Solar appScreener applications from the protected cloud Rostelecom-Solar. The solution helps developers to reveal and eliminate quickly vulnerabilities in the software which is used by clients of the operator. On August 6, 2020 Rostelecom reported about it.

On the telecom operators founded by banks requirements of regulators not only the telecom sphere, but also the financial industry extend. Operators need to bring the IT systems used by them into accord to a number of provisions of the Bank of Russia, requirements of FSB and FSTEC for the purpose of providing Federal law No. 187-FZ "About security of critical information infrastructure of the Russian Federation". In particular, regulators oblige the organizations of the financial sphere to carry out the analysis of vulnerabilities of the application software which is used in payment and other financial transactions. Proceeding from requirements of these provisions regarding the analysis of the software on vulnerability and NDV, relevant threats and results of researches and also internal regulations of VTB of Mobile and requirements of VTB Bank (public joint stock company) the operator decided to select the system of scanning of the code.

Within pilot projects it was tested several scanners of the code presented at the Russian market. According to the results of the company selected the solution Solar appScreener which is distinguished by support of big set of programming languages, the minimum level of false positive operations and the most informative reports. Besides, this only solution capable to reveal vulnerabilities and NDV not only in the source code, but also in executable files, for example, in the supplements published in App Store and Google Play. Scanning of software on vulnerability using the solution Rostelecom-Solar takes minutes, allows to reveal and eliminate quickly revealed violations before the publication of the program in app stores and requires many times smaller finance costs in comparison with other methods of the analysis.

The business development strategy is cost reduction and transition from capex-costs to operating rooms. Application of cloud computing provides flexibility, efficiency and scalability of business. Development process of software is considerably reduced due to use of open source of libraries, frameworks, cloud environments. At the same time placement by developers mobile and web applications in shops without high-quality examination of security, including the analysis of the source code, leads to operation of vulnerabilities and tabs by malefactors and conducts to financial, regulatory and reputation to risks. Using Solar appScreener we constructed process of identification, autonomous from IT service, and elimination of vulnerabilities, having increased the level of security of ours a web and client applications. And use of the analyzer in cloud model allowed to leave from need of selection of server capacities and from costs for their administration", – Evgeny Vladimirovich Tsirulnikov, the Chief information security officer of VTB of Mobile LLC noted.

The cloud model of use of technologies became the daily phenomenon in the West for a long time. However until recently Russian companies preferred to develop the systems of protection only on own servers. We see gradual change of a trend: advantages of clouds become more and more clear to domestic business, and it begins to make the choice for benefit of the reliable, firmly proved in the market suppliers of cloud cybersecurity services.