Select Page

CYBERSECURITY

DevSecOps

We offer a security guarantee for the software produced or in operation of our clients, providing a differential value in Software Quality Assurance (SQA) and Secure Software Development (DevSecOps).

OUR APPROACH TO THE MARKET

THE BEST PLATFORM ON THE MARKET

Our solution is based on the experience, knowledge and tools of the world's largest provider of application security testing (AST) solutions, Veracode Inc., with whom we maintain a close collaboration as a technological and business partner.

Thanks to its scalable platform, we can integrate application analysis into development processes, automate security tests and allow development teams to verify the degree of compliance with security policies that are established, very easily and so many times as you need.

Additionally, the platform empowers developers with the knowledge and skills to create secure code, and provides security professionals with analysis and monitoring tools with key metrics.

OUR VALUE

Why Panel?

We help our clients to find and fix security flaws quickly in their environments, taking advantage of Veracode analysis tools and the training of our developers.

SUSTAINABLE SECURITY

Oriented to development teams

}

Quick start

0

Scalability and High Availability

Always updated

R

Easy to use

COLLECTIVE LEARNING

Lowest False Positive Rate in the Industry

a

Instant precision without manual adjustments, based on the analysis of more than 14 billion European lines of code.

More efficient collaboration through centralization of workflows and analytics.

AUTOMATED APPLICATION ANALYSIS

Coverage of all types of applications.

Web, mobile and microservices in more than 25 languages ​​and more than 100 supported frameworks

Consolidation of APPSec solutions and optimization of analytics.

It simplifies supplier management and reporting, combining five types of analysis in a single solution.

Integration of security in the pipeline.

Automatic scanning through integrations with the most popular systems, APIs and code models.

DEVELOPMENT TEAM TRAINING

Put the focus on fixing, not just finding.

With automated, peer and expert advice, which will reduce correction time from 2,5 hours to 15 minutes.

Reduce the introduction of new security flaws.

Providing immediate feedback on security while coding, and personalized training through analytics.  

Provide hands-on training.

Engaging developers with security training that allows them to exploit and correct security flaws in real applications.

INTEGRATION OF SECURITY REQUIREMENTS INTO THE SOFTWARE LIFE CYCLE

Establishment of security requirements.

In accordance with the security policies that the client wishes to implement / ensure. Either for new developments, to incorporate new functionalities to an application in production or for existing applications.

Team alignment.

All the people involved in the Software Creation process must be aligned with the identified security requirements. The PANEL Team will actively participate in internal communication strategies to achieve this objective. 

Security level management.

SW Creation Teams can manage the security level of their applications by interacting directly with the Automatic Security Testing Platform or with the PANEL Security Testing Team.

CAPABILITIES AND SERVICES

WHAT DO WE DO?

 

We carry out security certifications at any point in the software life cycle, adapting to the rhythm of our clients in a flexible and agile way.

The scope ranges from prototypes, components or third-party libraries, to complete systems in production, and the results generate immediate confidence.

    STATIC ANALYSIS SECURITY TESTING

    Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a static point of view. 

    These activities include:

    • Static Analysis Activities.
    • Access to Pipeline Analysis results.
    • Access to IDE Scan results.

    DYNAMIC ANALYSIS SECURITY TESTING

    Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a dynamic point of view.

    These activities include:

    • Unlimited dynamic analysis with vulnerability verification for an Application.
    • Dynamic Analysis includes login scripts, trace script assistance, and false positive removal service.

    SOFTWARE COMPOSITION ANALYSIS

    Set of automated test activities on the Veracode platform that ensure the behavior of third-party libraries included in the application.

    These activities include:

    • Impact of open source library vulnerabilities on the comprehensive security of the application.
    • Analysis and detail of recommendations to mitigate or resolve them.
    • Assurance of the level of security achieved, against new versions of the libraries.

    GREENLIGHT

    Integration of security results in the environment of Development Teams.

    With this functionality, developers will have at their disposal:

    • A CI / CD environment to visualize the level of security of commits in GIT for scannable Java and Javascrpit components.
    • A tool that can be integrated with IntelliJ IDEA, Visual Studio and Android Studio, among others, that will facilitate the absorption of a Security-oriented Development Culture.

    MANUAL PENETRATION TESTING (MPT)

    Set of manual pentesting tests, carried out by a Team of Panel and Veracode Experts, who will analyze in detail the security level of the client's applications.

    It is highly recommended to carry out these evaluation works based on the conclusions generated by the automated tests on the Veracode Platform.

    The information generated in this phase will help to configure the manual service that is required, paying special attention to the points that have not been fully identified, or that cannot be addressed automatically.

    The Team of Experts will assist throughout the verification process, with communication, planning, execution, verification and reporting activities.

    SUPPORT AND RESOLUTION SERVICES

    Service provided by the team of Panel and Veracode Experts, to ensure maximum use of security testing activities, and their correct application to the scope of each project, using the information generated to improve the Software Creation life cycle.

    The service may include work sessions with this Team of Experts to develop the following activities in any combination:

     

    • Internal Presentations
    • Optimization Analysis
    • Integration Support
    • API support
    • Resolution coaching
    • Plug-in support
    • Communication activities
    • Monitoring of planned activities
    • Service satisfaction reports

    STATIC ANALYSIS SECURITY TESTING

    Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a static point of view.

    These activities include:

    • Static Analysis Activities.
    • Access to Pipeline Analysis results.
    • Access to IDE Scan results.
    DYNAMIC ANALYSIS SECURITY TESTING

    Set of automated test activities on the Veracode platform, which ensure the behavior of the applications from a dynamic point of view.

    These activities include:
    • Unlimited dynamic analysis with vulnerability verification for an Application.
    • Dynamic Analysis includes login scripts, trace script assistance, and false positive removal service.
    SOFTWARE COMPOSITION ANALYSIS

    Set of automated test activities on the Veracode platform that ensure the behavior of third-party libraries included in the application.

    These activities include:

    • Impact of open source library vulnerabilities on the comprehensive security of the application.
    • Analysis and detail of recommendations to mitigate or resolve them.
    • Assurance of the level of security achieved, against new versions of the libraries.
    GREENLIGHT

    Integration of security results in the environment of Development Teams.

    With this functionality, developers will have at their disposal:

    • A CI / CD environment to visualize the level of security of commits in GIT for scannable Java and Javascrpit components.
    • A tool that can be integrated with IntelliJ IDEA, Visual Studio and Android Studio, among others, that will facilitate the absorption of a Security-oriented Development Culture.
    MANUAL PENETRATION TESTING (MPT)

    Set of manual pentesting tests, carried out by a Team of Panel and Veracode Experts, who will analyze in detail the security level of the client's applications.

    It is highly recommended to carry out these evaluation works based on the conclusions generated by the automated tests on the Veracode Platform.

    The information generated in this phase will help to configure the manual service that is required, paying special attention to the points that have not been fully identified, or that cannot be addressed automatically.

    The Team of Experts will assist throughout the verification process, with communication, planning, execution, verification and reporting activities.

    SUPPORT AND RESOLUTION SERVICES

    Service provided by the team of PANEL and VERACODE Experts to guarantee the maximum use of security testing activities, and their correct application to the scope of each project, using the information generated to improve the Software Creation life cycle.

    The service may include work sessions with this Team of Experts to develop the following activities in any combination:

    • Internal Presentations
    • Optimization Analysis
    • Integration Support
    • API support
    • Resolution coaching
    • Plug-in support
    • Communication activities
    • Monitoring of planned activities
    • Service satisfaction reports

    INSIGHTS

    TRENDS AND NEWS

    Can we help you?

    If you are in a project of change or technological transformation, tell us about your challenge.

    The change starts with TI.