Binary Code Analysis is a Breakthrough in Application Security
As cyber security threats have shifted from the network perimeter to the application layer in recent years, application security assurance has become a priority for the enterprise. To ensure that software is secure, organizations must test it before purchase or deployment and remediate any flaws that may expose the enterprise to threats. Binary code analysis is a new approach for application security testing and is revolutionizing software security. Binary code analysis scans compiled or "byte" code instead of source code, so enterprises can test comprehensively and more accurately. For the world's first binary code analysis solution, enterprises everywhere choose Veracode.
Byte Code Analysis is not the Same as Binary Code Analysis
The three primary ways to perform static analysis are:
- Analysis of the source code.
- Analysis of the byte code of an interpreted language like Java or .NET
- Analysis of the raw binaries of a compiled application (such as a C++ application).
According to Neil MacDonald, Gartner VP & Fellow, analysis of byte code and analysis of a compiled binary are important if you don’t have the source code of the original application to analyze. This is often the case when you want to test a third-party application or when the source code simply isn’t available. Click here to read more about Neil's research on Binary Code Analysis.
Veracode: The world's first binary code analysis solution
Veracode was founded by security experts to make it as easy and cost-effective for organizations to develop and purchase secure applications. Applications today are complex—they're often a "mash-up" of code from various sources. Internally developed applications may be combined with open source code from third-party software, commercial off-the-shelf (COTS) packages, offshore development teams, and other sources. Traditional testing and analysis techniques can't evaluate the entire application because source code may not be available or may be protected. Veracode is an automated binary analysis security solution that uses binary code analysis to solve this problem. Veracode makes it possible to scan an entire application without needing access to source code, so enterprises get a truly comprehensive application security audit. Whether purchasing or developing software, organizations can get a complete review of applications before deploying them, ensuring greater security for the enterprise.
One solution for static binary analysis, dynamic analysis, and manual testing
Veracode offers a number of significant benefits to the enterprise:
- One solution. Veracode combines automated static binary code analysis with dynamic testing (for web application security) and manual penetration testing. This comprehensive approach in a single solution means testing can be more accurate, time-efficient, and cost-effective.
- Quick results. Veracode quickly provides binary analysis test results, making it easier to meet or accelerate development and procurement deadlines. And Veracode can easily be integrated into software purchasing or development timelines, serving as a single point of collaboration for development teams or procurement agents who may be globally dispersed.
Written by: Fergal Glynn