Case Study
A Case Against an On-Prem Tool in Finance
Case Study SUMMARY OF OUTCOMES
The customer implemented Qwiet’s NextGen Static Analysis (NG SAST), which is purpose-built for modern developer workflows and easily integrates into Continuous Integration / Continuous Deployment (CI/CD) tools, which enabled the company to find and fix vulnerabilities much more quickly and efficiently–markedly so over the company’s incumbent solution.
● Application scans now take 3 to 10 minutes, versus 1 hour to 1 day.
● Eliminated false positives and uncovered true positives that the incumbent did not.
● Automatically builds the project (if needed) and uploads the CPG (Code Property Graph) … versus building, bundling, and shipping the project to the vendor.
● Each finding message and type can be configured. Can customize engine logic for finding vulnerabilities, whereas the old solution was uncustomizable–and provided static finding types and re-prioritization had to be done on an issue-by-issue basis.
Customers Background
A large financial institution based in North America, the customer had been using an incumbent on-prem tool for multiple years. The customer has hundreds of developers working on an equivalent number of applications.
However, this tool was scanning only a portion of their applications, leaving a huge gap in their application security coverage. Additionally, the customer had plans to hire more developers and increase the velocity of software development.
The customer decided not to expand this tool’s footprint since it didn’t meet their existing or future application security demands.
About
Qwiet AI
Qwiet ai empowers developers and appsec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk, industry-leading accuracy allows developers to focus on security fixes THAT MATTER AND IMPROVE CODE Velocity WHILE ENABLING APPSEC Engineers to shift security left. a unified code security platform, qwiet prezero scans for attack context across apis , OSS, INTERNAL MICROSERVICES, AND FIRST-PARTY BUSINESS LOGIC BY COMBINING RESULTS OF THE COMPANY’S NEXTGEN STATIC ANALYSIS (NG SAST) and intelligent software composition analysis (sca). using its unique graph databasis that combines code attributes and analyzes acrual attack paths based on real application archeticture, qwiet ai then provides detailed guidance on risk remediation within existing development workflows and tooling.