Web application security has risen to the top of the agenda for security professionals striving to control their company’s overall risk profile. Recent statistics reveal that as many as 70% of websites have vulnerabilities and according to Gartner and the U.S. Computer Emergency Response Team (U.S. CERT), 75% of new attacks specifically target the application layer in order to exploit these weaknesses and steal critical financial and customer data.
Veracode’s automated web application vulnerability scanner, also known as dynamic analysis security testing (DAST) or black-box testing empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. By dynamically testing web applications at run-time, Veracode inspects applications the same way a hacker would attack them – providing accurate and actionable vulnerability detection.
Crawl and Audit with a Twist
Veracode's scanning technology uses automated and recorded crawl data to build a map of your web application, determines possible vulnerability attack vectors, and then conducts targeted analysis to ensure the highest level of coverage with the most accurate results. The twist comes from integrating industry standard technology like Selenium and Mozilla Firefox to ensure even the latest web technologies are supported.
Accurate & Always Learning
Veracode's web scanning technology is built on top of the lessons learned through thousands of scans and is constantly evolving to match new technologies and threats. Every new scan becomes an opportunity to improve our scan technology for all of our customers so that when you set out to scan your web applications, it just works.
Veracode's dynamic scanning is completely automated. Other tools, even if "hosted" by a 3rd party, require human assistance to scan and operate properly. Users simply provide a URL and Veracode's advanced scanning technology immediately performs the analysis and provides the most accurate and actionable results. In addition our operations team monitors the performance of every scan and problems detected are resolved in real time with no manual intervention required on your part.
Full Integration with the Veracode Platform
Unlike "stand-alone" web scanners, Veracode is the only solutions provider to incorporate both static (SAST) and dynamic testing (DAST) within a single online platform. For the most complete security coverage it is important to test your software both statically and dynamically. Veracode's dynamic web application security is integrated with the award winning Veracode application risk management platform which enables enterprises to fully test their applications using multiple assessment methods and provide a single set of convergent results, ratings and reports.