Security Leaders 2018

The objective of the Security Leaders Congress is to bring together C-Leves, specialists and executives from the main public and private institutions in the country for an extremely deep National Debate on the current cybersecurity challenges.

This year, also with highlights of successful cases, stories that worked in the fight against cybercrime!

And Nalbatech and bugScout will be present at the event, we will be at the TECHNOLOGY FAIR, a space where we will have the presence of the main providers of Information Security solutions.

Innovative technologies, trends and market news you can find here, come and visit us.

And our participation includes a lecture by our CEO, Francisco Bernabeu with the theme: “Global Application Security as a Managed Service”, which will be held on the 30th at 9:30 am.

come visit us:

Learn more about Nalbatech and the bugScout:

PAGE commoditi

ShareSAN Mobile – Mobility arrived in Business Maintenance


Nalbatech and bugScout present at Perú Service Summit 2018

The specialized event that brings together the best content and business solutions in the service sector, becoming the main business platform for commerce in the Latin American region, which takes place in Lima, on the 27th, 28th and 29th of August. Nalbatech and bugScout international confirm their presence through our CEO,Francisco Bernabeu. There will be 02 days of meetings where we will have the opportunity to: Do more competitive and attractive business for the international market. Establish commercial contact with importers from 19 countries. Explore business opportunities in sectors with high growth projection. Know the trends of the international market. Integrate with a commercial platform for generating new business. Make strategic alliances with competitive Peruvian companies. Find Peruvian companies with extensive experience on a regional and global level, where we will have the opportunity to meet the most recognized service companies in their internationalization process. For more information visit:

BugScout International at Security Congress Latin America 2018 (ISC) ² in Chile

Event will bring together Information Security leaders in the region and Bugscout will deliver a lecture on Software Assurance & Application Security with managed services.

BugScout International will have a prominent participation in the Security Congress Latin America 2018, which will take place between the 25th and 26th of July, in Santiago (Chile), an event organized by ISC) ², the main institute in the world focused on education and professional certifications in Security Information and cyber security. The event will bring together leading professionals in the sector to discuss their challenges in cloud security, cyber crime, governance, compliance, business application security, Internet of Things (IoT) and digital threats projects.

The participation of BugScout International aims to collaborate with the development of cyber security professionals, providing knowledge, tools, guidelines and skills to protect their organizations. Francisco Bernabeu, CEO of Grupo Nalbatech, will give a lecture on the 26th on Software Assurance & Application Security with managed services and Sabesp case.

Francisco Bernabeu has extensive experience in the area of Projects analysis and development and in the business areas and currently CEO of Nalbatech, integrator of IT solutions focused on static analysis and dynamic analysis of the source code, which in 2017 acquired the Spanish platform Bugscout for analysis of source code for mobile apps and other software.

The complete schedule of the Security Congress Latin America 2018 and details on registration visit

Security Congress Latin America 2018

Nalbatech & BugScout International will be present at the Security Congress Latin America 2018 event, which will be held on the 25th and 26th of July, in Santiago, Chile.

Our participation is confirmed through our CEO, Francisco Bernabeu, on July 26th, which will address Software Assurance & Application Security, Security and software quality with managed services, results from Sabesp / Brazil

PAPOFÁCIL: Nalbatech BugScout Identifying and correcting insecure code

And this week we had the participation of our CEO Francisco Bernabeu in Flavio Xandó’s easy chat channel, where he reported that the rule is to find applications containing many security holes. To resolve this, bugScout can evaluate source code in a static or dynamic way (with the application running) to eliminate the vulnerabilities. It tells the case of a company that was going to put into production a system with more than 1700 risk areas.



Nalbatech - bugScout

Application Protection and Quality – Cyber Security 2018

  • Cyber Security, a corporate meeting aimed at Network Security leaders, had intense discussions during the two days of the event. There were numerous provocations on the topic and the concerns in the country are numerous. That is why it is important to bring together leaders concerned with cybersecurity issues in the country. And Nalbatech, through our CEO, Francisco Bernabeu, participated, and helped the participants to seek the development of the country and the security of corporate information. BUGSCOUT platform presented at the event had a very positive impact because it is a complete platform, which addresses vulnerabilities and QA.
  • Learn more about the platform:
  • And for more information about the content presented during the event, below are the access links:

Cyber Security 2018

Cyber Security, a corporate meeting aimed at Network Security leaders, took place on April 18th and 19th and had intense discussions during the two days. There were numerous provocations on the topic and the concerns in the country are numerous. That is why it is important to bring together leaders concerned with cybersecurity issues in the country.

And Nalbatech, through our CEO, Francisco Bernabeu, participated, and helped the participants to seek the development of the country and the security of corporate information.

To better take advantage of technology, managed services

In an Ping-Pong interview for IT Portal, our CEO Francisco Bernabeu, spoke about managed services.

With 35 years in the technology market, Francisco Bernabeu leads NalbaTech, a company that was born 5 years ago to offer technological solutions with high added value. The company’s focus is on offering managed services, which, in the executive’s evaluation, facilitates the implementation, execution, support and updating of versions, freeing the teams of the user companies for their final activities.

“All technologies, as long as they are in creative business models, such as managed services, are much more likely to succeed,” he says. “Today, companies have lean teams and little capacity to manage a multitude of services and technologies. Our idea is to be the support point for organizations to overcome this challenge ”.

The company recently acquired the bugScout platform, created by the Spanish company Buguroo Offensive Security, of which it has been a partner for more than 4 years to offer, implement and support the security risk detection solution throughout the life cycle of software applications. With this deal, the company strengthened its offer of managed services, a portfolio that includes other products: Innoware (which allows execution and integration of processes in SAP), Zadara Storage (data storage) and Tibero (database manager) . All solutions provided as a service and managed.

The company’s expectation is to earn R $ 20 million in the next 3 years. To this end, it is investing EUR 1.5 million in improving services and training technical and sales teams.

IT Portal – You touched on a key issue for our Ping Pong: staff training. What is your assessment of Brazil in this area?

Francisco Bernabeu – Companies are looking for ready professionals. This does not actually work. Regardless of the training of professionals, you need to adapt and train according to the company’s profile. There are no ready professionals, regardless of the person’s country of origin or the country where he graduated.

IT Portal – How does NalbaTech promote the training of its teams?

Francisco Bernabeu – Our employees constantly perform their tasks internally, for example, before installing a bugscout appliance, our technicians are guided to test at home, that is, here at Nalbatech. This causes errors to be minimized at the end customer. Another important point is to bring software engineers from the manufacturer itself to Brazil, to work together with our employees and thus absorb their knowledge.

IT Portal – The IT market demands a lot from people. How is Francisco Bernabeu out of the workplace?

Francisco Bernabeu – I’m in love with Harley Davidson. I bought my first motorcycle at the age of 50 and it was simply a lifestyle and not the acquisition of a product. I realized a dream that was to buy a Harley to travel and live with great friends. I am currently part of the H.O.G. from Harley Davidson.

IT Portal – If you could change the world, what would you change?

Francisco Bernabeu – A world made by friendships and without interests. Free from violence.

IT Portal – mounted on a Harley Davidson, I imagine.

Francisco Bernabeu – definitely yes

Brazilian Nalbatech buys bugScout solution

Brazilian Nalbatech, a company in the Nfq group, bought bugScout, a Spanish platform for analyzing source code of mobile apps and other software. The solution can analyze and identify in a few minutes if there are vulnerabilities in the source code of 34 different programming languages. Sabesp and El Corte Inglés are among bugScout’s customers. The purchase price was not disclosed, but NalbaTech informs that it will invest 1.5 million euros in three years to reinforce the operation of bugScout, whose development team will continue in Spain. A curious fact about the business: NalbaTech was, until then, a sales channel for bugScout. It is, therefore, a rare case in the business world where the sales channel buys the manufacturer.

BugScout performs two types of source code analysis: static and dynamic. In the static, it is verified if the programming met all the different international security standards and protocols. The dynamics, in turn, consists of “stressing” the software in an attempt to reveal some vulnerability that has not been pointed out by static analysis. On average, 94% of the vulnerabilities are pointed out in the static analysis.

“The vulnerabilities are global. When a new one is identified, we update the platform. It is a living world that evolves every day. Our update is constant, done daily. We have engineers dedicated solely to this ”, reports Francisco Bernabeu, director of Nalbatech. “Data exposure is the main vulnerability that has the greatest impact on mobile apps and applications in general,” he comments.

Each vulnerability found is classified according to its severity: high, medium, low or merely informative. Each vulnerability found is classified according to its severity: high, medium, low or merely informative. The bugScout report estimates how many hours of work it will take for each fix.

The analyzes are made through a virtual application with access controlled by the client, for the protection of its source code. The process is quick and takes just a few minutes. Bernabeu cites a recent example of a 1.8 million line source code that was analyzed in 20 minutes.

Billing is done by application, as a managed service. It is worth remembering that apps and other software from large companies usually undergo frequent updates, which requires new tests to analyze parts of their source code.

Sabesp advances in Security through Managed Services

Applied solution submits own and third party systems to source code analysis for vulnerability detection; teams gained productivity after applications passed targeted corrections

Comprised of a wide variety of systems to serve various internal and external processes, Sabesp currently serves 367 municipalities in the State of São Paulo, benefits more than 27.7 million people with water supply and more than 21.4 million users with sewage collection. To protect the system from vulnerabilities and security flaws in software applications, the company announces the contracting of managed services from Nalbatech. The project is supported in the use of the bugScout platform.

“With managed services for application security, we increase the efficiency of our work, allowing us to comply with the company’s Information Security Master Plan,” says Daniel Bocalão, manager of the Information Security and Connectivity Department – (CIC) at Sabesp. The executive is responsible for the security of the corporate network, systems and services and information vital to the company’s business processes.

In internal systems development, NalbaTech monitors and supports the use of the bugScout solution, which detects security risks during the life cycle of software applications. When third parties, the company performs the analysis of source code to detect possible flaws and subsequent correction by the manufacturer. “The work is done by sampling, to reduce time and investment, and later on throughout the application. Suppliers are informed about the tests even before hiring and are then instructed to make the necessary corrections. The analysis of the entire source code of the application follows the pattern of use of these systems within the company ”, explains Bocalão.

In the field, the Internet of Things is already applied in devices and systems that collect in real time the data on water and sewage services delivered to the population, and which involves the identification of consumption, changes or deviations in the consumption pattern, potential for leakage , among many other variants, producing a large amount of data that needs to be protected. This account also includes administrative management, billing, CRM, asset control, supplies, HR and other systems, which pass the vulnerability tests required by the company.

The most found vulnerabilities

More than a thousand applications have already been analyzed, and the most common flaws in third-party applications are related to the exposure of sensitive information, weak encryption, violation of trust limits, basic errors in the source code, among others. “There is rarely any application on the market without finding a fault,” says Bocalão.

Increased user productivity

Security vulnerabilities are not the only ones identified. With errors in the source code, many systems become slow, significantly impacting the productivity of networks and teams. “We noticed a very big increase in productivity after the applications went through the corrections guided by bugScout”, says Bocalão. “With the maturity in the use of the solution, we also improved our internal processes and procedures”.