Read this report to learn about Forrester's 5-step plan for seizing control of your destiny as a CISO – and why the top 3 skills required to succeed are leadership, strategic thinking, and business knowledge.
Learn how a G2000 financial services company secured its critical outsourced and internally-developed applications with Veracode’s cloud-based service – and generated a 3-year ROI of 192 percent.
Released on 1 July 2014
Veracode is a Leader in the Magic Quadrant
Read the "Magic Quadrant for Application Security Testing" (July 2014) to find out why there is a critical need to reduce risk in Web, cloud and mobile applications.
Gartner, Inc. 2014 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman. July 1, 2014
A global media and technology company had little control over the quality or security of the apps published to iTunes or Playstore. Using Veracode’s cloud-based service, the company gained visibility into its mobile app perimeter, finding it had 100% more apps published than originally thought. Through finding these apps and assessing their behavior, the company ensured all published apps adhere to its app policies for security and privacy and gain tighter control of its mobile footprint.
Learn how Veracode’s cloud-based service and policy-based approach helped a large financial services firm not only pass its PCI audit in the short term -- but also continuously reduce its enterprise risk in the long term.
Most security assessment programs were built to meet a particular compliance standard, and don’t scale beyond these requirements. This results in process mismatches, lack of agility, and incentive misalignment, which means that security ends up getting de-prioritized. It's time to move beyond a “check-box” approach, and embed security testing into the entire application lifecycle.
High-profile breaches and exposure to the risk they represent give CISOs increased visibility at the senior executive level. But with this new visibility come changes to the CISO role. Only those who embrace these changes will become the CISOs of the future.
Join Joseph Feiman, co-author of the "Magic Quadrant for Application Security Testing," to learn best practices for securing web and mobile applications with SAST, DAST and behavioral analysis technologies.
This report examines application security quality, remediation and policy compliance statistics and trends. Our analysis of tens of thousands of applications with Veracode's cloud-based platform found that 87% of web applications are not compliant with the OWASP Top 10, while 69% of non-web applications are not compliant with the CWE/SANS Top 25.
The data analyzed represents multiple security testing methodologies (including static binary, dynamic and manual pen testingl) on a wide range of application types (web, mobile and legacy/non-web) and programming languages (including Java, C/C++, .NET, PHP and ColdFusion). We also expanded our analysis of the mobile vulnerability landscape with sections on Android, iOS and Blackberry applications. The resulting intelligence is unique in the breadth and depth it offers.
Volume 5 (40 Pages)
April 8th, 2013
Veracode has been publishing a semi-annual State of Software Security (SOSS) report since 2010. Over time we have received significant interest in our findings and numerous requests to investigate the dataset from many different perspectives that may not be routinely covered in our semi-annual reports. To satisfy the curiosity of our readers and to allow us to extend our investigation to topical areas, we are moving to a new reporting format in 2012. This year we are publishing shorter feature supplements that are designed to address a particular, focused topic, and only release the full SOSS report once a year. This report is the first feature supplement for 2012.
This featured supplement focuses on the state of enterprise programs that assess the security of software purchased from vendors. Veracode can uniquely report on how program practices evolve because our analysis is based on data aggregated from companies as they test real applications. The data represents intelligence gleaned from over 900 application builds submitted by software vendors to Veracode's cloud-based platform in an 18 month time-frame.
Written by a former CISO, this white paper describes strategies for effectively articulating your risk posture and security strategy to business executives.
Every enterprise is now a digital business. This whitepaper provides a detailed overview of Veracode's cloud-based service for protecting against application-layer threats and addressing compliance requirements.
Developing secure products in an agile environment can be challenging. Application vulnerabilities and coding issues are typically time-consuming to find, document, and fix with traditional testing tools. Short agile sprints don’t lend themselves to these long processes; however, there are ways to effectively integrate secure development with agile methods.
Learn how we help the world's largest enterprises reduce global application risk across web, mobile and third-party applications.
Learn how Veracode’s binary static technology identifies security issues without actually executing the application, while it minimizes false positives. With this datasheet you'll learn how Veracode empowers customers to identify and fix security issues earlier in the software development lifecycle with detailed, actionable, and accurate information.
Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of antidebugging in a fashion that is easy to implement for a developer of moderate expertise.
Backdoors and malicious code pose significant operational risk to software that is too significant for organizations to ignore. This whitepaper discusses how binary (compiled code) analysis is the ideal platform for detecting backdoors and conducting the most complete independent security test, validation and verification of applications.
This technical whitepaper describes a new way to classify backdoor vulnerabilities in applications and discusses static detection of backdoors.
View the demo of Veracode's Platform. Learn how to create an Application Profile and Submit your application for analysis.
View the demo of Veracode's Platform. Learn how to access and understand your results once the scan has completed. You will see how to access the summary and detailed results and also how to use Veracode's developer tools.