Veracode

Company Overview

Veracode gives companies a comprehensive and accurate view of software security defects so they can create secure software, and ensure the software they are buying or downloading is free of vulnerabilities. As a result, companies using Veracode are free to boldly innovate, explore, discover, and change the world.

With its combination of automation, integrations, process, and speed, Veracode helps companies make security a seamless part of the development process. This allows them to both find and fix security defects so that they can use software to achieve their missions. Veracode serves more than 2,000 customers worldwide across a wide range of industries. The Veracode Platform has assessed more than 8 trillion lines of code and helped companies fix more than 36 million security flaws.

Learn more at www.veracode.com , on the Veracode blog and on Twitter.

 

How Veracode Guides You on Your AppSec Journey

Most companies approach application security with a reactive program –based solely on satisfying regulatory or customer requirements for security. Our goal is to work with your security and development teams to create a sustainable, effective program that can work at whatever scale you need – one that reduces risk across your entire application landscape, and accelerates your business.

Veracode customer successes

  • Helped manufacturer reduce risk across 30,000 domains in eight days.
  • Helped a global manufacturer scan 110 third-party applications and remediate over 10,000 vulnerabilities.
  • Helped a large technology company find and mitigate 65,000 vulnerabilities in partner applications.
  • Helped a financial services firm begin and scale an application security program in 12 months.
  • Worked with a state government to roll out application testing across 14 state agencies, fixing 28,000 flaws in the first year of the program.
  • Helped a global media and technology company gain visibility into its mobile app perimeter, finding it had 100 percent more apps published than the company thought.
  • Helped a global bank scale and automate its AppSec program, ultimately reducing the cost to identify exploitable vulnerabilities from €500 to €7 per vulnerability

 

Veracode Products/Services

 

Veracode Greenlight:

Secure Your Code as you Develop – That’s DevSecOps

Deliver applications faster and meet your development timelines by writing secure code, the first time. Veracode Greenlight, an IDE or CI integrated continuous flaw feedback and secure coding education solution, returns scans in seconds, helping you answer the question “is my code secure?” Maintain your development velocity, reduce the number of flaws introduced into your application, and increase your use of secure coding practices – all with the help of Greenlight.

 

Veracode Static Analysis:

Don’t Just Find Security Defects in Your Code – Fix Them Fast!

Veracode Static Analysis enables you to quickly identify and remediate application security flaws at scale and with efficiency. Our SaaS-based platform integrates with your development and security tools, making security testing a seamless part of your development process. Once flaws are identified, leverage in-line remediation advice and one-to-one coaching to reduce your mean time to resolve. Veracode Static Analysis is the competitive advantage you need to securely bring your applications to market at the speed of DevOps.

 

Veracode Software Composition Analysis:

Identify Risk From Open Source Libraries Early

Veracode Software Composition Analysis (SCA) identifies risks from open source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieve regulatory compliance, and the Business make smart decisions.

Veracode SCA protects your applications from open source risk by identifying known vulnerabilities in open source libraries used by your applications. In addition to providing a list of vulnerabilities when your application is scanned, Veracode SCA can also alert you when new vulnerabilities are discovered after your application has been scanned or when existing known vulnerabilities have had their severity level upgraded. Integrated with CI systems, you can fail your build based on vulnerabilities discovered as well as any components that your security team has blacklisted. As part of the Veracode Platform, Veracode SCA provides a unified experience to display all of your security testing results in one place. Additionally, the platform provides unified management of users, policies, mitigations, and integrations.

 

Veracode Dynamic Analysis:

Find and Fix Vulnerabilities Across All of Your Web Applications

Veracode Dynamic Analysis gives you a unified Dynamic Application Security Testing (DAST) solution that combines depth of coverage with unmatched scalability, scanning speed, and accuracy. The built-in automation and ease-of-use features help you quickly set up and configure single or recurring scans that run when it works best for your organization. And Veracode Dynamic Analysis delivers vulnerability results with a less-than 1 percent false-positive rate, ensuring that your teams are not wasting time sorting through results and are instead able to remediate your vulnerabilities as soon as they receive their reports.

 

Service Offering Summaries

Veracode helps you start and scale your security program, integrate with your SDLC, and coach your developers on fixing security vulnerabilities.

You don’t buy Veracode; you hire Veracode. We’re here to help you lead your application security program to success. Our program managers help you scope, start, and scale your security program, and provide metrics that you can report back to your managers on a regular basis. And we don’t just focus on finding vulnerabilities, we also help you fix them. Our application security consultants work with you to understand the vulnerabilities you find and how to fix them. Our data shows that this service increases our customers’ fix rates by 2.5x. Some vulnerability categories, such as authorization issues and business logic flaws, cannot be found with automated scans and will always require a skilled penetration tester. Our penetration testers can assess your applications for these flaws, so you get automated and manual assessment results in a single report.