Diagnose security flaws in your web and mobile applications with Omnilog
Our client is a major player in the health sector for whom security is at the heart of their business.
Data protection and vulnerability to potential attacks are therefore strategic issues for this client.
DevSecOps in the cybersecurity division
"This is the context in which I started my mission as a DevSecOps within the cyber security division.
This client has no less than 2,500 websites and 300 mobile applications linked to its brand, for which the cyber division must alert and diagnose possible security flaws. This involves analysing the application code through SAST (Static Application Security Testing) and SCA (Software Composition Analysis) scans.
These scans make it possible to identify the different levels of risk (from low to high) on the code itself as well as on the libraries used, and to alert the application managers to the risks involved.
My role as DevSecOps was first of all to propose and implement a solution for automating these security scans (until then manual), which could be fully integrated into the client's industrialised eco-system. We were able to set up pipelines under GitLab CI in delegated or dissociated mode, to be included directly in the CIs of the various projects.
It is a tailor-made solution that allows for the analysis and automatic reporting of alerts in the form of GitLab or GitHub issues.
Discover our Maltem Cyber Security offer Cyber Security : protect and manage threats. Our expert cybersecurity consultants are at your disposal.
"The aim is to reinforce the security of applications but also to prevent and raise awareness among the various technical teams of the various risks involved, and their acceptability.
This solution is being developed as GitHub Actions, so that it can be implemented in a new GitHub ecosystem and be implementable on both types of repositories.
Maltem is adigital transformation consulting company with 20 years of experience in the field of it consulting. Discover our clients.
SAST and SCA
SASTs are security tests applied to static applications. These tests are deployed to strengthen the security of the tool by examining the source code for possible vulnerability gaps.
As for the software composition analysis called SCA, this is a rather recent concept which corresponds to a range of tools dedicated to making an inventory of the Open Source integrated into an application.
Raising awareness of cybersecurity among teams
Yes, making employees aware of cybersecurity has become an indispensable step for any company. The aim is to move more and more towards a culture of IT security within the various departments. Various actions can be taken to achieve this, such as: the creation of an IT charter, a reminder of the consequences of IT attacks for the company and for individuals, testing employees' reflexes, training in good practices and, of course, ideally, appointing or recruiting a person responsible for cybersecurity within the company.