Diagnose security flaws in your web and mobile applications with Omnilog
The Maltem Group, a digital transformation consulting firm, presents a major player in the health sector for whom security is at the heart of their business.
Data protection and vulnerability to potential attacks are therefore strategic issues for this client.
DevSecOps in the cybersecurity division
"This is the context in which I started my mission as a DevSecOps within the cyber security division.
This client has no less than 2,500 websites and 300 mobile applications linked to its brand, for which the cyber division must alert and diagnose possible security flaws. This involves analysing the application code through SAST (Static Application Security Testing) and SCA (Software Composition Analysis) scans.
These scans make it possible to identify the different levels of risk (from low to high) on the code itself as well as on the libraries used, and to alert the application managers to the risks involved.
My role as DevSecOps was first to propose and implement a solution for automating these security scans (until then manual), which could be fully integrated into the customer's industrialized ecosystem. We were able to set up pipelines under GitLab CI in delegated or dissociated mode, to be included directly in the CIs of the various projects.
Discover our Maltem Cyber Security offer Cyber Security : protect and manage threats. Our digital transformation consulting firm puts our expert cybersecurity consultants at your disposal.
"The goal is to strengthen the security of applications, but also to prevent and educate the various technical teams on the various risks involved, and their acceptability.
This solution is being developed as GitHub Actions, so that it can be implemented in a new GitHub ecosystem and be implementable on both types of repositories.
Maltem is adigital transformation consulting company with 20 years of experience in the field of it consulting. Discover our clients.
SAST and SCA
SASTs are security tests applied to static applications. These tests are deployed to strengthen the security of the tool by examining the source code for possible vulnerability gaps.
As for the software composition analysis called SCA, this is a rather recent concept which corresponds to a range of tools dedicated to making an inventory of the Open Source integrated into an application.
Raising awareness of cybersecurity among teams
Yes, making employees aware of cybersecurity has become an essential step for any company. The objective is to move more and more towards a culture of IT security within the various departments. Various actions can be taken to achieve this, such as :
- The creation of a computer charter.
- A reminder of the consequences for the company and for individuals of computer attacks.
- Tests on employee reflexes.
- Training in best practices.
- The recruitment of a Cybersecurity referent in the company.