Veracode Upgrades Cloud-Based Application Security Testing  

Veracode Inc. is making it even easier for devs to bring cloud-based security testing into their software development lifecycle.  The company is integrating its SecurityReview application security testing SaaS service directly into Java, .Net, C/C++, ColdFusion and PHP dev environments.  

Tags: Cloud, SaaS, Veracode, testing, dev-and-test, security, Java, .Net, C/C++, ColdFusion, PHP,

Veracode Inc. is making it even easier to let devs bring cloud-based security testing into their software development lifecycle.  The company is integrating its SecurityReview application security testing SaaS service directly into Java, .Net, C/C++, ColdFusion and PHP dev environments.   

Further, Veracode is adding a new set of APIs for custom integration with other tools and utilities.

The results are often 100% lower in false positives than other on-premise source code tools, said Jon Stevenson, senior vice president of engineering, Veracode, in a statement.  With the new option, devs can automatically upload applications and even download  vulnerability identification and remediation instructions directly into defect tracking systems and popular IDEs, he added. 

stevenson_veracode“Until now, developers responsible for incorporating security testing into their development lifecycles have had two options – on-premise tools with high false positive rates, or manual third-party penetration testing that can be time consuming and costly,” Stevenson said Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive.”

SecurityReview’s approach integrates security practices more directly into the software development lifecycle, enabling devs to verify an application’s security before deployment in a simple and cost-effective way.  The service offers unlimited scans on any number of internal applications, lowering cost and complexity and expanding reach of security.

SecurityReview is available as a subscription service from the cloud, and offers these features: 

Application Portfolio Dashboard Provides a centralized view of risk and security information to better manage the overall security review and testing process, including setting  policies to test, track results and deliver reports across all teams and geographies.

 

"Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive.”


Jon Stevenson
Senior VP Engineering
Veracode

Automated Code Review (Binary Static Analysis) Reviews the final integrated application, including libraries and 3rd party components for the most accurate detection of commonly occurring security vulnerabilities, including backdoors and malicious code. The unlimited subscription allows customers to perform any number of static scans of any number of internal applications.

Automated Web Vulnerability Scanning (Dynamic Analysis) Dynamic analysis, also known as black-box testing, lets dev teams identify and remediate security issues in live web applications before hackers can exploit them.

Access to Open Source Ratings Database Dev receive access to Veracode’s database of security scores for enterprise-class open source projects, providing dev teams a rapid and efficient way to research risk/benefit trade-offs of integrating open source with current projects or commercially developed code.

Executive, Security and Developer Reports  Provides summaries and detailed reports to support the activities of security offices, engineering managers and developers. Also offers a centralized view of regulatory and corporate security policy compliance across the organization. Devs can get detailed remediation advice on how to address application vulnerabilities in a prioritized manner to most efficiently comply with corporate security policies.

 




back