Author: Victor Shadare
The integration of Static Code Analysis into our software development lifecycle will further improve security in digital banking and reduce time to market for our banking clients.
At Intelligent Environments, we understand that we have a duty of care to ensure our software is as secure as we can possibly make it.
Our digital banking platform, Interact, as delivered to our customers, is fully PCI DSS compliant, and is used by some of the largest financial institutions in the world. They trust us, and they trust our software.
One of the reasons they trust us is because we’re always looking for ways to stay one step ahead by making our software and applications more robust, more secure.
Did you know that 86% of cyber-attacks are against applications as opposed to networks) while only 11% of security spending is traditionally geared towards application hardening?
A good security strategy requires several layers of defence which means that applications have to be secure in their own right, regardless of the security that surrounds them.
Working with Checkmarx, we’ve just completed a 5-month long project to put automated code reviews and code security testing right at the heart of our software development lifecycle.
The use of Static Code Analysis (SCA) – a process that examines all code properties and code flows and exposes any flaws almost as soon as they’re created, ensures our developers see and understand any inherent coding flaws and security vulnerabilities during the development lifecycle.
Before SCA, our developers’ peer reviewed code, manually. The expertise of our developers is still an important part of our security process but SCA gives us a step-change in the speed at which we can explore our code.
Static analysis also gives us a complete and unbiased view of our code’s security, and provides immediate feedback to our developers so they can find and identify and close gaps more efficiently than before.
We’ve found SCA to be a great training tool too, with professional pride at stake, we all try hard to submit better and better code each time, hoping to pass those checks first time, every time!
SCA is the only proven method to cover the entire code base and identify all the vulnerable patterns. The Interact digital banking platform is omni-channel, meaning we work across a variety of different platforms and programming languages. We chose this tool in part because it catered so well for the technologies we use.
The benefits to our banking and financial services clients are huge. Often in software development, when striving to complete and deliver software to client timelines, it is possible to inadvertently sacrifice quality and or security. SCA means we’re improving security and reducing the time to market at the same time. There’s no trade-off: by adding Static Code Analysis to our security toolkit, Interact development is both better and quicker.
Image courtesy of Checkmarx