We offer a security guarantee for the software produced or in operation of our clients, providing a differential value in Software Quality Assurance (SQA) and Secure Software Development (DevSecOps).
With our DevSecOps services, we help our customers to prevent, find and fix security flaws quickly in their environments, thanks to the training of our developers and the best security analysis tools on the market.
INTEGRATION OF SECURITY REQUIREMENTS IN THE SOFTWARE LIFE CYCLE - DEVSECOPS
Establishment of security requirements.
In accordance with the security policies that the client wishes to implement / ensure. Either for new developments, to incorporate new functionalities to an application in production or for existing applications.
All people involved in the Software Creation process must be aligned with the identified security requirements. The Panel Team will actively participate in internal communication strategies on the benefits of applying DevSecOps to achieve this goal.
Security level management.
Software Build Teams can manage the security level of their applications by interacting directly with the Automated Security Testing Platform or the Dashboard Security Testing Team.
TRAINING DEVELOPMENT TEAMS IN DEVSECOPS
Put the focus on fixing, not just finding.
With automated, peer and expert advice, which will reduce correction time from 2,5 hours to 15 minutes.
Reduce the introduction of new security flaws.
Providing immediate feedback on security while coding, and personalized training through analytics.
Provide hands-on training.
Engaging developers with security training that allows them to exploit and correct security flaws in real applications.
AUTOMATED ANALYSIS OF APPLICATION SECURITY
We offer the best Application Security Testing solutions and platforms:
Coverage of all types of applications.
Web, mobile and microservices in more than 25 languages and more than 100 supported frameworks
Consolidation of APPSec solutions and optimization of analytics.
Simplification of supplier management and reporting, combining different types of analysis.
Integration of security in the pipeline.
Automatic scanning through integrations with the most popular systems, APIs and code models.
Solutions oriented to development teams, with scalability and high availability, always updated and easy to use.
OUR APPROACH TO THE MARKET
EVOLTRUE is our platform DevSecOps to integrate software security from the beginning of development.
EVOLTRUE born from the alliance between Panel and the company Atalanta, a specialist in cybersecurity and ethical hacking, combining the best of both to make an effective DevSecOps platform that integrates software security from the ground up.
The result is a team specialized in all technological areas of the DevSecOps model, from which we help organizations to integrate security from the beginning of application development, allowing the delivery of vulnerability-free software and early detection of possible failures.
Learn more about EVOLTRUE services at www.evolttrue.com
We are a technological and business partner of Veracode Inc., one of the world leaders in Application Security Testing (AST) solutions.
Thanks to its scalable platform, we can integrate application analysis into development processes, automate security tests and allow development teams to verify the degree of compliance with security policies that are established, very easily and so many times as you need.
Additionally, the platform empowers developers with the knowledge and skills to create secure code, and provides security professionals with analysis and monitoring tools with key metrics.
We maintain a close collaboration with Checkmarx, another world leader in application security testing solutions.
As one of the pioneering innovators in the application security testing market, Checkmarx has been relentless in its mission to continually innovate and lead the industry with solutions that improve software security while meeting the changing needs of the application development landscape. modern apps.
Checkmarx's software security platform integrates seamlessly into an automated DevOps environment providing seamless security from the start and throughout the SDLC, enabling faster delivery of secure software.
CAPABILITIES AND SERVICES
WHAT DO WE DO?
We carry out security certifications at any point in the software life cycle, adapting to the rhythm of our clients in a flexible and agile way.
The scope ranges from prototypes, components or third-party libraries, to complete systems in production, and the results generate immediate confidence.
STATIC ANALYSIS SECURITY TESTING
Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a static point of view.
These activities include:
- Static Analysis Activities.
- Access to Pipeline Analysis results.
- Access to IDE Scan results.
DYNAMIC ANALYSIS SECURITY TESTING
Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a dynamic point of view.
These activities include:
- Unlimited dynamic analysis with vulnerability verification for an Application.
- Dynamic Analysis includes login scripts, trace script assistance, and false positive removal service.
SOFTWARE COMPOSITION ANALYSIS
Set of automated test activities on the Veracode platform that ensure the behavior of third-party libraries included in the application.
These activities include:
- Impact of open source library vulnerabilities on the comprehensive security of the application.
- Analysis and detail of recommendations to mitigate or resolve them.
- Assurance of the level of security achieved, against new versions of the libraries.
Integration of security results in the environment of Development Teams.
With this functionality, developers will have at their disposal:
- A CI / CD environment to visualize the level of security of commits in GIT for scannable Java and Javascrpit components.
- A tool that can be integrated with IntelliJ IDEA, Visual Studio and Android Studio, among others, that will facilitate the absorption of a Security-oriented Development Culture.
MANUAL PENETRATION TESTING (MPT)
Set of manual pentesting tests, carried out by a Team of Panel and Veracode Experts, who will analyze in detail the security level of the client's applications.
It is highly recommended to carry out these evaluation works based on the conclusions generated by the automated tests on the Veracode Platform.
The information generated in this phase will help to configure the manual service that is required, paying special attention to the points that have not been fully identified, or that cannot be addressed automatically.
The Team of Experts will assist throughout the verification process, with communication, planning, execution, verification and reporting activities.
SUPPORT AND RESOLUTION SERVICES
Service provided by the team of PANEL and VERACODE Experts to guarantee the maximum use of security testing activities, and their correct application to the scope of each project, using the information generated to improve the Software Creation life cycle.
The service may include work sessions with this Team of Experts to develop the following activities in any combination:
- Internal Presentations
- Optimization Analysis
- Integration Support
- API support
- Resolution coaching
- Plug-in support
- Communication activities
- Monitoring of planned activities
- Service satisfaction reports
TRENDS AND RELATED CURRENTNESS
"There is no point in making investments in security infrastructure, if the application is developed without cybersecurity criteria," comments Javier López Camacho in the interview conducted by the AEC Quality Magazine after the FFUTURO Award for our cybersecurity initiative EVOLTRUE.
LEARN WITH OUR TALKS AND WEBINARS
In this conference you will learn about all the possibilities that Veracode solutions offer to automate #DevSecOps processes with two different tracks: commercial and technical.
Presentation of Evoltrue and its commitment to integrate security from the start of application development, thanks to effective DevSecOps.
Can we help you?
If you are in a project of change or technological transformation, tell us about your challenge.
The change starts with TI.