With more than 23 million customers, the business-to-consumer (B2C) IT division of SFR deploys dozens of major projects each year, including web, front-end, and office applications. The B2C IT Division wanted to increase its cyber security strategy and to complete its tools with a dynamic scanner capable of dealing with security in a dynamic mode, meaning within the framework of code execution and dialogue between several applications or between a front- or back-end, in order to ensure code security at the early stage of development.
Specifically, SFR wanted a solution that would:
SFR chose Seeker to help prevent code vulnerabilities of web applications and obtain real-time results for quick remediation."
Validation & Security Director at SFR
Synopsys’ Seeker IAST solution is designed to help find high-risk security weaknesses while fostering collaboration between development and security teams. Seeker detects web application vulnerabilities and ties them directly to business impact, providing a clear explanation of risks. Seeker’s seamless integration into CI/CD workflows enables automated application security testing without slowing down the release cycle.
Seeker saves valuable time, resources, and costs by enabling developers to fix critical security flaws early in the SDLC. Seeker reduces risk by securing apps before they go to production.
By automatically verifying findings in real time, Seeker helps reduce false positives that are common in other application security testing tools, making it easy to triage and prioritize on critical vulnerabilities that matter most.
Seeker also provides developers with the exact location of vulnerabilities in the code, remediation suggestions, and code execution flow to help them quickly remediate vulnerabilities.
SFR is at the implementation stage with Seeker, but eventually the IAST solution will be used daily for every code review. The B2C IT Division is currently testing approximately a dozen of on-premises applications daily, and eventually will increase that number to several dozen applications. Less false-positive results and a substantial increase in productivity is expected when the solution is fully deployed.
Even at this early stage, SFR has already seen benefits from Seeker, including:
Seeker’s ability to identify vulnerabilities during code execution; its informative reports; its ability to identify code lines to ease the correction process for the development teams; and its remedial suggestions are cited by Zine-Eddine Yahoui, Senior Manager of Cyber Security for the business-to-consumer (B2C) IT division of SFR, as three of the solution’s features they like the most.
Altice Europe is a leading player in the convergence between telecom and media in France, serving 23 million customers through its SFR division—Société française du radiotelephone—providing voice, video, data, internet telecommunications and professional services to consumers and businesses.