Solutions

Rather than trying to change processes within both the bank and our vendors, Veracode’s software-as-a-service model gave us rapid execution and results with minimal resources.
– Rhonda MacLean, CISO of Barclays

Ensuring your purchased software is secure

Veracode provides enterprises with an independent security assessment of purchased commercial off-the-shelf software – stopping security risk before it enters the organization.

Datasheets
Case Study
- Barclays Secures COTS Software
View Demos
- On-Line Product Demo
- Live Weekly Demo Signup
Whitepapers
- Protecting Against Malicious Code & Backdoors

COTS SecurityReview: How it Works

COTS SecurityReview is designed for companies that need to verify the code of third-party applications. Veracode’s Rating System is a simple four-step program- the 4-S Program: Start, Scan, Score and Secure. All the enterprise needs to provide is contact information for the vendors they would like to have assessed and Veracode will complete the process. Here is how it works:

1. Start

Enterprise sends contact information to Veracode regarding vendors and applications they would like to have assessed. Vendor uploads the binary executables (no source code required) and/or provides a URL for web scanning.

2. Scan

Veracode conducts vulnerability testing which is completed within 24 to 72 hours depending on the size and complexity of the application.

3. Score

Veracode creates a rating for each application based on industry-standard benchmarks from NIST, CVSS and CWE which is provided to both the enterprise and the vendor. As an independent trusted advisor, Veracode sends the full disclosure of all detailed information only to the vendor.

4. Secure (Your Enterprise)

With the security rating in hand, the enterprise determines which vendor applications pass a pre-defined security threshold (e.g. "A"-Rating as a minimum threshold) as part of the secure procurement process.

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Enterprises today have a lot riding on secure application development. Veracode SecurityReview is the world's first automated, on-demand, application security testing solution that uses binary analysis and web application security testing to provide code security analysis. And with no costs for hardware or software or the personnel to manage it, enterprises can achieve software security assessment more cost-effectively.

Veracode SecurityReview® solution delivers static, dynamic, and manual penetration testing in a single service. Instead of purchasing separate dynamic and static application security assessment software and having to install it, train employees on it, maintain, and upgrade it, Veracode offers a testing solution that is built on the software-as-a-service (SaaS) model.

PCI compliance requires companies to meet application development security standards to protect customer credit card data and account information from hackers or malicious system intrusion. To achieve PCI compliance, businesses must certify that they can develop and deploy secure software applications by ensuring Web applications are not susceptible to common vulnerabilities and that custom application code has been reviewed by independent application security audit experts. For many businesses and merchants around the world, PCI DSS compliance is most effectively and cost-efficiently achieved with Veracode.

As a growing number of cyber security threats are directed at the application layer, software procurement and risk management has become a more difficult task. Veracode has developed a first in the software security testing industry—an automated, on-demand, application security testing solution that offers comprehensive acceptance testing with higher accuracy, lower cost, and faster results.

Please access other pages on the Solutions section of our site to learn more about Veracode's approach to code review, security assessment, static analysis, vulnerability scanning, and web security.