Singapore cybersecurity startup Scantist, a winner in the Huawei Spark competition last year, shares its experience.

In the lead-up to the Spark Founders Summit 2021 in August and Spark Ignite 2021 startup competition in November, DigiconAsia caught up with one of last year’s winners of the Huawei Spark programme, launched last year in August 2020 in collaboration with Slingshot.

Huawei Spark is a hybrid global startup accelerator program that aims to incubate and accelerate startup growth and build an ecosystem for startups in the Asia Pacific region.

Scantist, a cybersecurity service spin-off from Nanyang Technological University (NTU), creates vulnerability management solutions, leveraging its deep expertise and extensive research-base to help organizations better navigate the ever-changing cyber-threat landscape.

Professor Liu Yang, Co-Founder, Scantist, shares with DigiconAsia his journey during the competition, including key challenges the company faced and strong partnerships it formed.

Professor Liu Yang, Co-Founder, Scantist

What does Scantist do, and what is unique about your solution?

Prof Liu: Scantist builds vulnerability management solutions leveraging its deep expertise and extensive research-base to help organisations better navigate the ever-changing cyber-security landscape. We are passionate about application security and work with our customers every step of the way to help them minimise security and compliance risks without the need for security expertise.

Our company is a computer cybersecurity service spin-off from Nanyang Technological University (NTU) in Singapore. Our developer-first tools can be seamlessly integrated at any point of an organisation’s software development cycle, to help organizations identify, manage, and remediate open source risks and vulnerabilities.

We aspire to be the one-stop shop for application security, and our team of 26 members is constantly innovating and building new capabilities to enhance our application security tools for users.

We understand your cybersecurity solution has been deployed in the region, including at a major telco. What were the issues the telco needed to address, and how did Scantist help?

Prof Liu: Scantist used our Smart Fuzzer tool to help the telco find unknown vulnerabilities and their root cause in a platform-agnostic manner customized to their operating environment, with the added advantage of not requiring source-code access to carry out the vulnerability analysis.

There are large amounts of server-like programs with some features that rendered existing fuzzing solutions infeasible.

Firstly, the target program works like a server and will generally not have an ‘exit’ condition by default. This means that traditional fuzzing workflow, which assumes when the target program starts and ends, cannot be applied directly to test these targets.

Next, only certain specific parts of the target program need to be analysed as testing the entirety of the program would add to computational and complexity overheads. Thirdly, the source code of the target program may not always be accessible for a variety of reasons like outsourced development to unavailable legacy code.

Lastly, the target program might be built to run on multiple platforms crossing multiple CPU architectures leading to platform and architecture specific limitations for the fuzzing engine.

The telco ran 10 instances of the Scantist SmartFuzzer across 25 internal programs and found thousands of crashes, with 100+ unique crashes. These crashes were further investigated to yield an undisclosed number of exploitable vulnerabilities – offering greater security assurance for the business line of routers and networking equipment they were selling.

As a winner in Huawei Spark 2020, how has the competition contributed to your organization’s development and growth?

Prof Liu: Huawei Spark, in partnership with Enterprise Singapore and Startup SG, is a global tech accelerator programme that aims to incubate and accelerate startup growth, and build an inclusive and sustainable ecosystem for startups in the APAC region.

Huawei Spark provided us with access to the company’s unique ecosystem of resources through a three-tiered ‘sell-to, sell-with, and sell-through’ model named Spark Fire. We received a lot of valuable feedback, training and go-to-market support from the Huawei sales teams.

With the training provided by Huawei, we were able to set a well-defined strategy for our core sales and marketing team to execute – how to go-to-market with our products, the positioning of our solutions against competitors and how to build awareness on the increasing shift to devsecops with our tools as a solution. We had increased market exposure which enabled us to acquire user adoption of our freemium tool through events like the Huawei Developer Conference.

Having the opportunity to speak at the Spark Founder Summit also gave us exposure to a network of audience to speak to, such as VCs, C-suite executives ranging from large organisations to start-ups, and even thousands of developers to educate them about our solutions as a mean to tackle their application security concerns.

Our achievement in the Huawei Spark 2020 program also helped us garner awareness and visibility through increased exposure in the media and this in turn helped boost our investor relations, in particular, our most recent milestone of attaining our Series A funding.

Lastly, the technical support Scantist received in terms of optimizing its cloud services and infrastructure cannot be overstated. We achieved significant improvements in performance – sometimes as much as 3x – while simultaneously reducing costs by as much as 15%.

We are grateful to have participated in Huawei Spark 2020 and believe its strong network of resources provides the boost startups need to realize ideas, test strategies, and grow in the market.

Moving forward, what is your strategy for the company, and what does Scantist aim to achieve?

Prof Liu: At Scantist, we believe that security is a critical enabler for organizational success. We are driven by our passion to help business – large or small – build applications free from vulnerabilities without compromising on development speed and security expertise.

We want to help developers stay productive and build applications the way they were intended to be – safe and secure to use. And we want to do this without disrupting their existing workflows and by enabling developers, rather than penalizing them for security.