Skip to main content

Are you FAST enough for SAST & DAST?


Banking and Financial Sector companies have come a long way from the conventional banking system to modern means of providing various services to the customers at their finger trips. Long days of wait for cheque clearances, long queues at tellers and the rate of which each transaction used to occur is long gone. Now you have Internet Banking System, Mobile Banking System, and Interactive Video Customer Services. Opening of bank accounts through tablets right from the customer’s home, online transactions through NEFT (National Electronic Fund Transfer), RTGS (Real Time Gross Settlement), IMPS (Immediate Payment Service), payment wallets and several such new features have modernized and simplified banking activities. Technology brings fantastic benefits.
However, the IT teams of these financial sector organizations who are into modernization face tremendous challenges. On the customer front, they need to ensure intuitive, colourful and easy to use customer interfaces that ensure their customers do not have to be computer savvy to use their applications. But on the back-end, it all ends-up with millions of lines of coding, software development and integration to multi-channel interfaces.
Not all off-the-shelf applications can be utilized in all banking environment. Bespoke development is required to meet the specific needs of the local regulations, target customer base and modes of interaction.
Secure coding practices are now incorporated as a first lesson in programming. Any ‘bug’ unintentional or intentional brings risk and exposure that may result in downtime, data loss and financial implications. Constantly evolving threats mean the development team can never conclude ‘Our product is ready to be launched’!
Scanning of source code, identifying vulnerabilities of the code and remediating the gaps are important factors of source code analysis. Prevention of application layer vulnerabilities and Web security breaches mean half-the-battle won.
Banks have realized the need to ensure highest security to the customer data and transactions while adopting the modern technologies. Security begins right from the first step of development of the software application. Therefore, Static Code analysis becomes the first step in Application Security. Similarly, once the application goes online, the behaviour of the application in various scenarios (the running state) need to be tested for any vulnerabilities as well. Together, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools are key in the Bank’s IT Security armoury. And both these tools should be tightly integrated throughout the Software Development Life Cycle (SDLC).
Here is a simple checklist: Are you launching custom developed web and mobile applications for your customers? Are you handling critical data? Are you fast enough to adopt SAST and DAST?
~ M.K. Mohan

Comments

Popular posts from this blog

Security and password protection

"They got someone's password, and sent an email to our CFO, who sent the $40,000 wire transfer."

ISODA announces new management committee for 2018-2019

The tenth AGM of ISODA (Infotech Software Dealers Association) announced N K Mehta as its Chairman and Gunasegharan Krishnan as the association’s President for this year.  The Infotech Software Dealers Association (ISODA) concluded its Annual General meeting last week in Mahabalipuram.  It was 10th year of the formation of ISODA incepted in 2008 by a handful of channel companies and its owners primarily to fight the taxation structure for software industry at that time.  ISODA has now grown into a full-fledged and active IT association encompassing over 180 members including channel companies, tech OEMs and others.    Prashant Jain of JNR Management Resources and ISODA member presided over the election of new management committee (MC) at 10th AGM  My immediate priority as the chairperson of one of India’s Premium IT Associations ISODA is to create a five year leadership plan, for a better focus on long term vision and thus make a visible difference for ISODA and i