The solution: Enterprise-scale IAST to identify vulnerabilities early in the SDLC
Synopsys’ Seeker IAST solution is designed to help find high-risk security weaknesses while fostering collaboration between development and security teams. Seeker detects web application vulnerabilities and ties them directly to business impact, providing a clear explanation of risks. Seeker’s seamless integration into CI/CD workflows enables automated application security testing without slowing down the release cycle.
Seeker saves valuable time, resources, and costs by enabling developers to fix critical security flaws early in the SDLC. Seeker reduces risk by securing apps before they go to production.
By automatically verifying findings in real time, Seeker helps reduce false positives that are common in other application security testing tools, making it easy to triage and prioritize on critical vulnerabilities that matter most.
Seeker also provides developers with the exact location of vulnerabilities in the code, remediation suggestions, and code execution flow to help them quickly remediate vulnerabilities.
The results: Putting developers at the heart of security testing
SFR is at the implementation stage with Seeker, but eventually the IAST solution will be used daily for every code review. The B2C IT Division is currently testing approximately a dozen of on-premises applications daily, and eventually will increase that number to several dozen applications. Less false-positive results and a substantial increase in productivity is expected when the solution is fully deployed.
Even at this early stage, SFR has already seen benefits from Seeker, including:
- Improvement of detection compared to other software like classic SAST.
- The ability to put back developers at the heart of security challenges and empower them on security norms conformity while they work on deliverables.
Seeker’s ability to identify vulnerabilities during code execution; its informative reports; its ability to identify code lines to ease the correction process for the development teams; and its remedial suggestions are cited by Zine-Eddine Yahoui, Senior Manager of Cyber Security for the business-to-consumer (B2C) IT division of SFR, as three of the solution’s features they like the most.