Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Eliminating Vulnerabilities Early in the SDLC
for Société Française du Radiotelephone

The challenge: Putting code security at the center of development

With more than 23 million customers, the business-to-consumer (B2C) IT division of SFR deploys dozens of major projects each year, including web, front-end, and office applications. The B2C IT Division wanted to increase its cyber security strategy and to complete its tools with a dynamic scanner capable of dealing with security in a dynamic mode, meaning within the framework of code execution and dialogue between several applications or between a front- or back-end, in order to ensure code security at the early stage of development.

Specifically, SFR wanted a solution that would:

Enable developers to get involved and updated on cyber security issues.
Reduce the volume of vulnerabilities during the production stage of projects.
Reduce potential impacts on customers as well as risks of financial penalties from legal authorities.
Enable developers/testers to fix bugs early in the SDLC.
Enable automated security testing and instant vulnerability detection as part of the CI/CD workflow.
Get contextual information to easily reproduce and fix vulnerabilities in real time.
Obtain instant results for quick remediation.
Improve accuracy of findings compared to SAST scanners.
Improve cross-functional collaboration.

SFR chose Seeker to help prevent code vulnerabilities of web applications and obtain real-time results for quick remediation."

Robert Cohen

Validation & Security Director at SFR

The solution: Enterprise-scale IAST to identify vulnerabilities early in the SDLC

Synopsys’ Seeker IAST solution is designed to help find high-risk security weaknesses while fostering collaboration between development and security teams. Seeker detects web application vulnerabilities and ties them directly to business impact, providing a clear explanation of risks. Seeker’s seamless integration into CI/CD workflows enables automated application security testing without slowing down the release cycle.

Seeker saves valuable time, resources, and costs by enabling developers to fix critical security flaws early in the SDLC. Seeker reduces risk by securing apps before they go to production.

By automatically verifying findings in real time, Seeker helps reduce false positives that are common in other application security testing tools, making it easy to triage and prioritize on critical vulnerabilities that matter most.

Seeker also provides developers with the exact location of vulnerabilities in the code, remediation suggestions, and code execution flow to help them quickly remediate vulnerabilities.

The results: Putting developers at the heart of security testing

SFR is at the implementation stage with Seeker, but eventually the IAST solution will be used daily for every code review. The B2C IT Division is currently testing approximately a dozen of on-premises applications daily, and eventually will increase that number to several dozen applications. Less false-positive results and a substantial increase in productivity is expected when the solution is fully deployed.

Even at this early stage, SFR has already seen benefits from Seeker, including:

Improvement of detection compared to other software like classic SAST.
The ability to put back developers at the heart of security challenges and empower them on security norms conformity while they work on deliverables.

Seeker’s ability to identify vulnerabilities during code execution; its informative reports; its ability to identify code lines to ease the correction process for the development teams; and its remedial suggestions are cited by Zine-Eddine Yahoui, Senior Manager of Cyber Security for the business-to-consumer (B2C) IT division of SFR, as three of the solution’s features they like the most.

Download the PDF

Company Overview

Altice Europe is a leading player in the convergence between telecom and media in France, serving 23 million customers through its SFR division—Société française du radiotelephone—providing voice, video, data, internet telecommunications and professional services to consumers and businesses.

Automate Security Testing of Web-based Applications with Seeker

Get a demo