Case Studies /

DevSecOps transition for Asia's largest bank

The largest bank in Asia was looking to make the transition to DevSecOps in an attempt to embrace the latest development workflow for fast-paced and secure development. Scantist helped them gain a high level of visibility into their software supply chain while highlighting security and licensing risks to increase productivity of the development team.

Background

In large organizations like our client "BigTelco", there are large amounts of server-like programs which have the following features that render existing fuzzing solutions infeasible:

Key Challenges

1. No Exit Condition: The target program works like a server and will generally not have an exit condition by default. This means that traditional fuzzing workflow, which assumes when the target program starts and ends, cannot be applied directly to test these targets.

2. Source Code Accessibility: The source code of the target program may not always be accessible for a variety of reasons like outsourced development to unavailable legacy code.

3. Selective Testing: Only certain specific parts of the target program need to be analyzed as testing the entirety of the program would add to computational and complexity overheads.

4. Platform Limitations: The target program might be built to run on multiple platforms crossing multiple CPU architectures leading to platform and architecture specific limitations for the fuzzing engine.

Scantist's Smart Fuzzer Solution

These challenges were addressed by Scantist's Smart Fuzzer with the following unique capabilities:

Binary-only

Scantist's proprietary binary instrumentation platform gives our fuzzer the ability to conduct coverage-guided greybox fuzz testing without requiring the target program's source code.

Segment Fuzz

Smart Fuzzer has the ability to customize the start and end of one round of fuzz testing anywhere within the target program. This allows Smart Fuzzer to be configured to only fuzz a piece of code area of the target program.

Cross CPU Architecture

For generality, Smart Fuzzer has well supported four CPU architectures – Intel X86, Intel X86-64, ARM32, and ARM64. Limited support is also offered for PPC and MIPS architectures.

New Fuzzing Workflow

Scantist redesigned the fuzzing workflow, enabling the Smart Fuzzer to handle server-like programs (i.e. http2 (apache), DB daemons etc.)

Results

BigTelco ran 10 instances of the Scantist Smart Fuzzer across 25 internal programs and found thousands of crashes, with 100+ unique crashes.

These crashes were further investigated to yield an undisclosed number of exploitable vulnerabilities – offering greater security assurance for the business line of routers and networking equipment sold by BigTelco.

Start Securing with Scantist

Protect yourself from widely known open-source vulnerabilities in 90% of all your code with an automated solution to detect and remedy vulnerabilities, all while increasing the productivity of your valuable developers with no security expertise required.

Solutions
Secure Supply Chain ManagementGovern Open Source ChoicesStreamline DevSecOps IntegrationAI Agentic Security
TrustX App Defender
Software Composition AnalysisStatic Application Security TestingInfrastructure as Code ScanningApplication Fuzzing TestCode Snippets TraceabilitySBOM Center
TrustX AI Defender
AI Defender
AgentX & ResearchX
Compliance EnablerDeep License VerifierBlogsResearchCustomer StoriesNTU DevSecOps Course
Company
About UsCareersContact UsFree TrialBook a DemoTerms & ConditionsPrivacy
More
PricingDocs
© Copyright 2025, All Rights Reserved by Scantist Pte. Ltd.
Address
contact@scantist.com
71 Ayer Rajah Crescent, #04-01
Singapore 139951