Self-service code vulnerability scan: A mission-critical security approach for enterprises

The emergence of the COVID-19 pandemic has dramatically altered the way products and services are consumed over the last one and a half years. During periods of national lockdowns, levels of digital inclusion have increased with connectivity and content providers acting as a critical platform for continued socio-economic interaction.

Simultaneously, the growing reliance on digital platforms has also inevitably opened the floodgates to more cyberattacks and privacy breaches. For context, according to data by MSSP Alert, cyberattacks have spiked up to 400% since the pandemic. To top it off, Google said it has been blocking an average of 18 million phishing and malware emails related to Covid-19, according to a report by BBC.

Cyberattacks

Growing reliance on digital platforms has inevitably opened the floodgates to more cyberattacks and privacy breaches

In Malaysia up till August this year, an average of 31 cases of cybersecurity incidents such as fraud, hacking and data breaches have taken place. To be precise, between January and August this year, 7,495 cases were reported. Overall, data from CyberSecurity Malaysia showed that the number of cybersecurity incidents have been steadily rising.

The alarming situation indicates that cybercriminals are becoming more skilled and the threat of digital attacks will continue to rise. In an attempt to keep their data safe there has also been an uptick in cyber security expenditure by organisations worldwide.

What can be done to ensure the security of mobile and web applications?

In this day and age, web and mobile applications are the gateways to connect us to the digital world. These applications drive just about everything we do online, from login pages to digital shopping carts, from webmail to content management systems, and more. Statista data shows that there were more than 218 billion mobile app downloads worldwide in 2020.

That is also why it comes to no surprise that attacks on web applications represented 39 percent of all breaches in 2020 and more than 30,000 websites are hacked daily. The statistics are clear – despite the increasing maturity of security controls, external web applications continue to be a lucrative route of exploit for attackers.

Security scanning – A critical measure

Security scanning, or code vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Indeed, there is no better and more pressing time to highlight the importance of a regular code vulnerability scanning and why it remains a powerful tool in an organisation or even an individual’s cyber security arsenal. In fact, periodic automated vulnerability testing will allow the repairing of security weaknesses before cyber attackers get the chance to exploit them.

Regular_Vulnerability

Regular vulnerability scanning is important and remains a powerful tool in an organisation

While there are many applications that can handle basic security scanning operations, security should never be skimped on. Additionally, the complex work of identifying and coming up with solutions to security breaches should be left to the professionals.

Centurion: A self-service security scan automation

In software development and operations (DevOps), developers often automate the process to build, test, and release software quickly and reliably without considering the importance of conducting a security scan. This would eventually jeopardise the application security exposing the product to data breaches and hackers.

To tackle this, we’ve introduced a self-service security automation system known as Centurion, which was developed to provide code check-ups against vulnerabilities and a myriad of other threats.

Made for developers to scan their code for both Mobile (Android/iOS) or web applications, Centurion uses advanced checking mechanisms coupled with a simple user interface for a seamless experience. Results are also fast and can be produced within a few hours. In addition, given the comprehensive machine learning engine for security advisory and recommender, Centurion can also automate the vulnerability triage process based on the identified flaws.

Why was Centurion developed?

On average, organisations usually take one week to complete the scanning cycle and to make matters worse, companies have been facing a shortage of security experts to review their usual vulnerability assessment activities. Given how only a dedicated security team can manage the tools needed to perform source code and application scanning, code-level scanning solutions like Centurion can bridge that gap.

Security_1

Centurion is a self-service security automation system to provide code check-ups against vulnerabilities and a myriad of other threats.

With Centurion, a significant loss due to a security breach can be prevented in addition to other features and benefits that come in handy. Among these are, a vulnerability report of your source code, curated recommendations from Centurion’s security experts, and it can even identify security risks of open source. Accuracy with Centurion is a given since the scan can be continuous and the steps are easy.

TM R&D successfully achieved ISO 27001:2013 conferred by the International Organization for

Standardization for Centurion. Recognised globally, ISO 27001:2013 is an international standard that sets out requirements and provides guidance on information security management systems (ISMS) to manage the security of information.

Security: Critical ingredient to innovation

Truth be told, vulnerability management is an ongoing and never-ending process. Most organisations don’t have the resources to focus on vulnerability management on a continuous basis. For this, automation is a key function. Therefore, it is ideal to implement a vulnerability system or program to proactively address vulnerabilities before they are utilised in a cyberattack.

Achieving visibility into all vulnerabilities across all ecosystems is undeniably challenging, which is something cybercriminals are capitalising on by exploiting weaknesses in systems, applications, and users. On that account, with a solid vulnerability management like Centurion, you can simplify the process of identifying, categorising, prioritising, and remediating vulnerabilities in all types of ecosystems.

About TM R&D

Established in 2001, TM R&D is the innovation arm for TM Group focusing on creating smarter ecosystems to make business and life easier for a better Malaysia. TM R&D’s solutions are clustered around four (4) pillars namely Intelligent Platforms, Data Brokerage, Connectivity/Tools and IR4.0/Digital Solutions. Growing from strength to strength since 2016, TM R&D has won multiple global awards and generated more than 2,800 Intellectual Property Rights (IPRs) and 1,400 digital assets to date. TM R&D’s innovations are all developed in-house and cut across multiple verticals such as Utilities, Retail, Agriculture, Healthcare and Education with safety and productivity as the top priority.

For more information about TM R&D and its innovations, visit www.tmrnd.com.my  or email your inquiry to business@tmrnd.com.my. Follow us on LinkedIn (TM Research & Development) for the latest news and updates.

Scroll to Top
Scroll to Top