Binary Code Analysis Is a Powerful Tool in Application Security
As cybersecurity threats have shifted from the network perimeter to the application layer in recent years, application security assurance has become a priority for the enterprise. To ensure that software is secure, organizations must test it before purchase or deployment and remediate any flaws that may expose the enterprise to threats. Binary code analysis is a new approach for application security testing and is transforming software security. Unique in the industry, Veracode's patented binary SAST technology analyzes all code -- including third-party components and libraries -- without requiring access to source code. This solution gives enterprises more comprehensive and accurate assessments.
Byte Code Analysis Is Not the Same as Binary Code Analysis
The three primary ways to perform static analysis are:
- Analysis of the source code.
- Analysis of the byte code of an interpreted language like Java or .NET.
- Analysis of the raw binaries of a compiled application (such as a C++ application).
According to Neil MacDonald, Gartner VP & Fellow, analysis of byte code and analysis of a compiled binary are important if you don’t have the source code of the original application to analyze. This is often the case when you want to test a third-party application or when the source code simply isn’t available. Click here to read more about Neil's research on Binary Code Analysis.
Veracode: A Binary Code Analysis Solution Unique in the Industry
Veracode was founded by security experts to make it easy and cost-effective for organizations to develop and purchase secure applications. Applications today are complex — they're often a "mash-up" of code from various sources. Internally developed applications may be combined with open source code from third-party software, commercial off-the-shelf (COTS) packages, offshore development teams and other sources. Traditional testing and analysis techniques can't evaluate the entire application because source code may not be available or may be protected. Veracode is an automated binary analysis security solution that uses binary code analysis to solve this problem. Veracode makes it possible to assess an entire application without needing access to source code, so enterprises get a truly comprehensive application security audit. Whether purchasing or developing software, organizations can get a complete review of applications before deploying them, ensuring greater security for the enterprise.
One Solution for Static Binary Analysis, Dynamic Analysis and Manual Testing
Veracode offers a number of significant benefits to the enterprise:
- A single solution. Veracode combines automated static binary code analysis with dynamic testing (for web application security) and manual penetration testing. This comprehensive approach in a single solution means testing can be more accurate, time-efficient and cost-effective.
- Quick results. Veracode quickly provides binary analysis test results, making it easier to meet or accelerate development deadlines. And Veracode can easily be integrated into development timelines, serving as a single point of collaboration for development teams who may be globally dispersed.