Application Security Resources

Sub Text of Application Security Resources

ECI Telecom

May 11, 2013

Tiny Url for this post: http://tinyurl.com/pjteqwg

Synopsis

ECI Telecom, a global telecommunication solutions provider, has chosen Seeker for application security testing throughout the software development lifecycle. Seeker has been chosen over other application security testing tools that have been examined by ECI as it was found to meet their needs in the most optimal way.

Seeker is successfully used by ECI for applications in development as well as third party applications that are deployed in the organization.

Background

ECI Telecom, established in 1961, delivers innovative network solutions to customers worldwide. With R&D offices in Israel, China and India, ECI is committed to delivering cutting edge networking solutions to its customers.

The ECI IT department is responsible for developing web applications which serve customers worldwide as well as over 2000 ECI employees. The applications are based on Microsoft SharePoint and are constantly changing and evolving to respond to strict demands.

The Need

ECI performs periodical penetration tests on their web applications, and was searching for an in-house application security solution which could be used by the development teams themselves without requiring assistance from the security team. A solution that would allow the development teams and security team to ensure application security flaws are identified as soon as they are introduced into the code, and fixed immediately. ECI also wanted to know that all changes that are made to existing applications undergo immediate security testing, without waiting for the periodical penetration test and security reviews.

ECI needed a solution that could be used independently by the developers and the other solutions they have researched, including static analysis and application scanning tools, were not adequate. The reasons were difficulty of use, excessively long execution times, and many false positives.

The solution – Seeker

Seeker has been gradually introduced to the development teams. A joint Proof-of-Concept took place, encompassing over 5 different applications which represented the technologies and development processes in use by ECI.

During the proof-of-concept the development teams had an opportunity to experience for themselves the deployment of Seeker on different platforms. They have been trained on use of the product and were able to execute Seeker themselves on a variety of applications, both in development stages and applications already live.

The results provided by Seeker have been analyzed without the assistance of Seeker personnel, under supervision of the internal ECI security team, to ensure that the process could operate without outside assistance.

Following the proof-of-concept, Seeker has been fully introduced into the ECI IT department. Seeker is now the solution used by ECI for ongoing testing of all applications, including intranet applications, customer facing portals, interfaces of products purchased for internal use and more. The development teams are in charge of executing tests and addressing identified vulnerabilities, while the security team oversees the process.

Bottom line

Yuval Illuz, Head of Global Information Security, Infrastructure and IT Innovation at ECI Telecom – “Integrating Seeker into the development processes allows ECI to easily perform ongoing security tests during development and pre-production. Usage of Seeker allows ECI to save costs for both the development and the security departments, while delivering applications with the highest level of security.”

This post is also available in: Anglais

Learn more about Seeker

More Cas clients