Source code vulnerability diagnosis
Product necessity
Development without considering security
Development environment focused on functional implementation
80% of security vulnerabilities occur after application coding
Dramatic increase in vulnerability removal cost (approximately 10 times)
Difficulty discovering source code security vulnerabilities
Absence of security inspection method after completion of development
Institutionalization of national S/W security reinforcement
CWE/SANS Development Security Standards Guide
Legislation of secure coding for public projects
Ministry of Security and Public Administration to gradually implement mandatory application of development security
E-government project worth more than 4 billion won in 13 years
E-government project worth more than KRW 2 billion in 14 years
(Ministry of Security and Public Administration Notice No. 2013-26)
Information systemization of all work
Application hacking increases
Homepage Development Security Standard Guide
Security check tool required during development
Development without considering security
Development environment focused on functional implementation
80% of security vulnerabilities occur after application coding
Dramatic increase in vulnerability removal cost (approximately 10 times)
Difficulty discovering source code security vulnerabilities
Absence of security inspection method after completion of development
Information systemization of all work
Application hacking increases
Institutionalization of national S/W security reinforcement
CWE/SANS Development Security Standards Guide
Legislation of secure coding for public projects
Ministry of Security and Public Administration to gradually implement mandatory application of development security
E-government project worth more than 4 billion won in 13 years
E-government project worth more than KRW 2 billion in 14 years
(Ministry of Security and Public Administration Notice No. 2013-26)
Homepage Development Security Standard Guide
Security check tool required during development
procedure
1
Service preparation through prior meeting
- Check inspection target
- Check maintenance schedule
- Check how pre-inspection is performed
- Check the environment configured identically to the development environment
- PC setting request
2
Perform inspection
- Perform inspection using HCL AppScan Source, a source code vulnerability inspection solution
3
Check the results by fortune telling
- Vulnerability Analysis
4
Calculate inspection result report
- Producing a report on the results of the vulnerability analysis presented by the inspection tool
5
Re-diagnosis
- Check whether vulnerability measures have been taken through re-inspection
Expected effect
By diagnosing technical vulnerabilities in major information systems operated by customers through Code One source code diagnosis and suggesting protective measures against the identified threats, we lower the risk of infringement incidents and improve the security level.
- Solving immediate security issues within existing software
- Reduce system risk of in-house or outsourced software
- Improved reliability and accuracy of vulnerability analysis results by applying multiple analysis engines
- Securing system stability and flexibility, enabling systematic system development and operation
- Compliance with regulatory requirements according to internal/external security guidelines
- Reduce the time it takes to identify and resolve software vulnerabilities
- Reduce development, modification and compliance costs
- Significantly increase productivity by automating application security procedures
- Accelerate Time to Market (TTM) by minimizing security-related delays
- Provides powerful performance and functionality based on international recommendations