10.4.07 - Veracode Founder and CTO Chris Wysopal Examines How to Prioritize Security Testing at STPC

News & Events

Veracode Founder and CTO Chris Wysopal Examines How to Prioritize Security Testing at STPCon 2007

WHO:      Chris Wysopal, Founder and CTO, Veracode, Inc.

WHAT:     Software Test & Performance Conference

WHEN: Thursday, October 4, 3:00 pm - 4:00 pm EDT

WHERE:   Hyatt Regency Cambridge
                  575 Memorial Drive
                  Cambridge, Mass.

For more information, visit: http://www.stpcon.com

DESCRIPTION:

Many people don’t know where to start when it comes to testing software for security. It’s important to use a risk-based approach while leveraging knowledge about the software to get the most effective security testing. To be successful at security testing, one must prioritize.

In this class, Chris Wysopal will discuss how to use white-box and black-box analysis techniques, coupled with threat modeling, to discover the highest risk threats to a program. Attendees will learn how to focus testing on areas where difficulty of attack is least and the impact is highest.

ABOUT VERACODE
Veracode is the industry’s first provider of automated, on-demand application security solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode’s core service, SecurityReview® uses patented binary code analysis and dynamic web analysis that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode’s SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Based in Burlington, Mass., Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com

Media Contact:
Jim Crook
Lois Paul & Partners
781-782-5734
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

PRESS RELEASE ARCHIVE

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Veracode offers the first on-demand, application security solution that provides automated application security testing through an easy-to-use, software-as-a-service delivery model. By providing code analysis and web application security testing as a service, organizations have no software or hardware to purchase, install, maintain or upgrade.

With Veracode, enterprises can use application security assessment to achieve code security and implement testing into their secure software development life cycle at key development milestones. For enterprises that want to improve SDLC security without sacrificing profitability or competitiveness, Veracode offers SecurityReview®. SecurityReview combines static, dynamic, and manual testing capabilities and scans code after it has been compiled—at the binary level or "byte" code level rather than the source level, as other solutions do. This offers two distinct advantages: One, binary code analysis is more efficient, so vulnerabilities can be found more quickly and with fewer false positives. And two, binary code analysis is the most complete application security testing method because all code can be scanned regardless of origin.

Information on other topics related to application security assurance, dynamic application security testing, XSS, SQL Injection, IT risk management, static code analysis, and offshore development are also available on this site.