Released on 2 July 2013
Veracode is positioned as a “Leader” in Gartner’s 2013 Application Security Testing Magic Quadrant.
In this report, Gartner examines the application security testing market and evaluates its vendors according to their business and technology vision, as well as their ability to execute against that vision in their products and services.
Released on 30 August 2013
According to Gartner, enterprises that embrace a BYOD strategy are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance. This research explains how to select and implement these new tools and practices.
Released on October 16th, 2012
Former CISO Wendy Nather explains how Veracode's SaaS offering "takes both effort and cost away from the enterprise CISO" and "lowers the barriers to appsec testing."
This independent report details the unique advantages of Veracode's binary static analysis technology for testing third-party applications. It describes how Veracode's cloud-based platform and program management service address the scale and complexity challenges of reducing third-party software risk enterprise-wide, and provides a SWOT analysis of the Veracode VAST Program.
Security testing is essential. But it’s only embraced when it doesn’t slow down your developers. Veracode's software engineers understand the challenge of building security into the Agile SDLC. We live and breathe that challenge. We use our own application security technology to secure our platform so our developers can go further faster. Automation is key to streamlining our end-to-end process — because manual testing can't keep up with our Agile development velocity (and it doesn't scale).
Recent breaches show that “doing just enough to comply with PCI” doesn't address your third-party risks. In this webinar you have a chance to learn from two experts who have helped organizations design and build enterprise-wide programs that address risks from both internal and third-party applications.
To speed time-to-market, most enterprises have adopted agile development in the SDLC. Join Veracode's security and development experts to learn how we've embedded security into our own Agile Scrum processes – to rapidly deliver new applications without exposing them to critical vulnerabilities.
This report examines application security quality, remediation and policy compliance statistics and trends. Our analysis of tens of thousands of applications with Veracode's cloud-based platform found that 87% of web applications are not compliant with the OWASP Top 10, while 69% of non-web applications are not compliant with the CWE/SANS Top 25.
The data analyzed represents multiple security testing methodologies (including static binary, dynamic and manual pen testingl) on a wide range of application types (web, mobile and legacy/non-web) and programming languages (including Java, C/C++, .NET, PHP and ColdFusion). We also expanded our analysis of the mobile vulnerability landscape with sections on Android, iOS and Blackberry applications. The resulting intelligence is unique in the breadth and depth it offers.
Volume 5 (40 Pages)
April 8th, 2013
Veracode has been publishing a semi-annual State of Software Security (SOSS) report since 2010. Over time we have received significant interest in our findings and numerous requests to investigate the dataset from many different perspectives that may not be routinely covered in our semi-annual reports. To satisfy the curiosity of our readers and to allow us to extend our investigation to topical areas, we are moving to a new reporting format in 2012. This year we are publishing shorter feature supplements that are designed to address a particular, focused topic, and only release the full SOSS report once a year. This report is the first feature supplement for 2012.
This featured supplement focuses on the state of enterprise programs that assess the security of software purchased from vendors. Veracode can uniquely report on how program practices evolve because our analysis is based on data aggregated from companies as they test real applications. The data represents intelligence gleaned from over 900 application builds submitted by software vendors to Veracode's cloud-based platform in an 18 month time-frame.
The prerequisite for dealing with cyber-security is knowledge. Download this critical chapter to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.
Download the whitepaper authored by the FS-ISAC Third Party Software Security Working Group to understand the recommended controls for addressing third party software risk.
This independent paper analyzes control options and offers specific recommendations on control types for financial services to add to their vendor governance programs
Enterprises are still experiencing the paradigm shift towards mobile computing and still struggling to implement both their mobility strategies and Bring-Your-Own-Device (BYOD) programs. While IT understands the enterprise benefits of this shift, there is a gap between mobility eagerness and its readiness to deal with the new types of application security risks inherent with all mobile platforms.
Learn how we help the world's largest enterprises reduce global application risk across web, mobile and third-party applications.
The Veracode Application Perimeter Monitoring (APM) solution enables enterprises to reduce the risk of data breaches by providing a rapid and massively scalable approach for gathering vulnerability intelligence across every enterprise web application.
The Veracode Vendor Application Security Testing (VAST) program helps enterprises better understand and reduce the security risks associated with the use of vendor-supplied software, while strengthening vendor compliance with enterprise application security policy.
Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of antidebugging in a fashion that is easy to implement for a developer of moderate expertise.
Backdoors and malicious code pose significant operational risk to software that is too significant for organizations to ignore. This whitepaper discusses how binary (compiled code) analysis is the ideal platform for detecting backdoors and conducting the most complete independent security test, validation and verification of applications.
This technical whitepaper describes a new way to classify backdoor vulnerabilities in applications and discusses static detection of backdoors.
View the demo of Veracode's Platform. Learn how to create an Application Profile and Submit your application for analysis.
View the demo of Veracode's Platform. Learn how to access and understand your results once the scan has completed. You will see how to access the summary and detailed results and also how to use Veracode's developer tools.