Skip to main content

Are you FAST enough for SAST & DAST?


Banking and Financial Sector companies have come a long way from the conventional banking system to modern means of providing various services to the customers at their finger trips. Long days of wait for cheque clearances, long queues at tellers and the rate of which each transaction used to occur is long gone. Now you have Internet Banking System, Mobile Banking System, and Interactive Video Customer Services. Opening of bank accounts through tablets right from the customer’s home, online transactions through NEFT (National Electronic Fund Transfer), RTGS (Real Time Gross Settlement), IMPS (Immediate Payment Service), payment wallets and several such new features have modernized and simplified banking activities. Technology brings fantastic benefits.
However, the IT teams of these financial sector organizations who are into modernization face tremendous challenges. On the customer front, they need to ensure intuitive, colourful and easy to use customer interfaces that ensure their customers do not have to be computer savvy to use their applications. But on the back-end, it all ends-up with millions of lines of coding, software development and integration to multi-channel interfaces.
Not all off-the-shelf applications can be utilized in all banking environment. Bespoke development is required to meet the specific needs of the local regulations, target customer base and modes of interaction.
Secure coding practices are now incorporated as a first lesson in programming. Any ‘bug’ unintentional or intentional brings risk and exposure that may result in downtime, data loss and financial implications. Constantly evolving threats mean the development team can never conclude ‘Our product is ready to be launched’!
Scanning of source code, identifying vulnerabilities of the code and remediating the gaps are important factors of source code analysis. Prevention of application layer vulnerabilities and Web security breaches mean half-the-battle won.
Banks have realized the need to ensure highest security to the customer data and transactions while adopting the modern technologies. Security begins right from the first step of development of the software application. Therefore, Static Code analysis becomes the first step in Application Security. Similarly, once the application goes online, the behaviour of the application in various scenarios (the running state) need to be tested for any vulnerabilities as well. Together, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools are key in the Bank’s IT Security armoury. And both these tools should be tightly integrated throughout the Software Development Life Cycle (SDLC).
Here is a simple checklist: Are you launching custom developed web and mobile applications for your customers? Are you handling critical data? Are you fast enough to adopt SAST and DAST?
~ M.K. Mohan

Comments

Popular posts from this blog

New Stock Market Fraud Alert!

  Let me share the latest stock market fraud going around the country. The terms you will be hearing are: Institutional Trading Block Deals AI Algorithms, and Confirmed IPO allocations Modus Operandi You will be searching for some Stock Market resources on the Social Media Websites Advertisement lures you with 10x to 30x returns Invitation comes to join a WhatsApp or Telegram Group You will find several people posting their trade screenshots Each one of these screenshots shows 30%-50% gains An 'expert' will help you with formalities to open an account You have to invest anything from 1 - 10 lakhs (1 million) You will deposit the money into various bank accounts (why?) as advised by the expert You will get an advice to ' buy ' a stock when they say You will get an advice to ' sell ' a stock when they say You can't sell a stock whenever you want. The sell button is disabled. First few days, you will be getting 20-30% returns You are then pushed by the a...

Make way for SDP

My grandfather often used to recollect his father’s advice: Never buy lands beyond what your eyes can see! Obviously, beyond your direct vision of your lands, nobody knows who is utilizing them, and how. Drawing the analogy to the modern-day Network Managers, you can’t manage the network you can’t see. Modern day networks are large and complex with disparate systems, security and monitoring tools. Often, these tools are purchased and deployed to address one immediate requirement with no deep-down thinking or long term thought process. Network managers are left with so many stove-pipe solutions and many places to look at when it comes to troubleshooting. Compliance to various security agencies and government requirements mean more and more security tools. Put together can these tools are able to still leave them with a good night’s sleep is still a question. Network Visibility is becoming a key discussion point in all IT discussions. How much you know about your network and how...