Solutions

Joseph Feiman, an analyst at the Gartner Group, the market research firm, says a service to test binary code is a breakthrough...
–Sunday New York Times, 2007

Solutions for developing secure software

Veracode enables security teams to conduct security assessments on mission-critical internally developed applications before they ship.

Datasheets
- SDLC SecurityReview
- Veracode Ratings System
View Demos
- On-Line Product Demo
- Live Weekly Demo Signup
Whitepapers
- Protecting Against Malicious Code & Backdoors

How it Works: SDLC SecurityReview

Veracode’s SDLC Security Review is a simple four-step program- the 4-S Program: Start, Scan, Score and Secure. Here is how it works:

1. Start

Enterprise logs into Veracode’s secure portal and uploads the binary executables (no source code required) and/or provides a URL for web scanning.

2. Scan

Veracode conducts vulnerability testing which is completed within 24 to 72 hours depending on the size and complexity of the application.

3. Score

Veracode creates a rating for each application based on industry-standard benchmarks from NIST, CVSS and CWE.

4. Secure

The enterprise now has insight into the security of their applications and ways in which it could be improved. Additionally, applications which achieve a “Verified by Veracode - A” rating can be promoted externally to customers to demonstrate that your application has been tested and independently verified against rigorous industry standards.

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Enterprises today have a lot riding on secure application development. Veracode SecurityReview is the world's first automated, on-demand, application security testing solution that uses binary analysis and web application security testing to provide code security analysis. And with no costs for hardware or software or the personnel to manage it, enterprises can achieve software security assessment more cost-effectively.

Veracode SecurityReview® solution delivers static, dynamic, and manual penetration testing in a single service. Instead of purchasing separate dynamic and static application security assessment software and having to install it, train employees on it, maintain, and upgrade it, Veracode offers a testing solution that is built on the software-as-a-service (SaaS) model.

PCI compliance requires companies to meet application development security standards to protect customer credit card data and account information from hackers or malicious system intrusion. To achieve PCI compliance, businesses must certify that they can develop and deploy secure software applications by ensuring Web applications are not susceptible to common vulnerabilities and that custom application code has been reviewed by independent application security audit experts. For many businesses and merchants around the world, PCI DSS compliance is most effectively and cost-efficiently achieved with Veracode.

As a growing number of cyber security threats are directed at the application layer, software procurement and risk management has become a more difficult task. Veracode has developed a first in the software security testing industry—an automated, on-demand, application security testing solution that offers comprehensive acceptance testing with higher accuracy, lower cost, and faster results.

Please access other pages on the Solutions section of our site to learn more about Veracode's approach to code review, security assessment, static analysis, vulnerability scanning, and web security.