Whitepapers & Datasheets

Whitepapers

Serious About Protecting Vendor Intellectual Property

Organizations of all types depend on Veracode to confidentially analyze third-party applications. Veracode is serious about protecting the vendor’s intellectual property embedded in an application’s binary. 

Download Now

Shining a Light on the False Security of 1000s of Mobile Apps

Enterprises are still experiencing the paradigm shift towards mobile computing and still struggling to implement both their mobility strategies and Bring-Your-Own-Device (BYOD) programs. While IT understands the enterprise benefits of this shift, there is a gap between mobility eagerness and its readiness to deal with the new types of application security risks inherent with all mobile platforms.  

Download Now

Understanding NIST 800-37 FISMA Requirements

As part of its FISMA responsibility to develop standards and guidance for federal agencies, NIST created Special Publication (SP) 800-37 “Guide for the Security Certification and Accreditation of Federal Information Systems.” This whitepaper helps readers understand the relationship between NIST 800-37, FISMA and application security testing.

Download now

PCI Guide for Payment Vendors

This whitepaper explains how Payment Vendors can meet Visa PABP requirements and prepare for PCI PA-DSS compliance.

Download now

Automating Code Reviews

On-demand application security testing offered as an outsourced service – based on binary analysis and multiple scanning technologies – is a major step toward reducing risk in applications developed in house as well as applications purchased from third party vendors. Learn how moving to a SaaS model for application security can automate your code reviews.

Download now

PCI Guide for Merchants and Service Providers

This whitepaper helps Merchants and Service Providers understand and meet PCI DSS requirements.

Download now

Guide to Software Risk Assessments

This whitepaper outlines how new application security technologies enable organizations to meet the growing threat posed by software and provides risk management best practices which enterprises can use to secure their application inventory.

Download now

Eradicate Cross-site Scripting

The Web’s most prevalent application vulnerability remains an open door to attack on your business and your customers. It doesn’t have to be. Eradicate Cross-site Scripting is a whitepaper written to empower organizations to expand their web security programs. This whitepaper provides an introduction to Cross-site Scripting (XSS) and details of Veracode's Free Service that empowers you to begin a campaign to eradicate XSS vulnerabilities in corporate applications.

Download now

Successful Application Security Testing for Agile Development

It is an imperative to include security testing in application development. Yet, with Agile’s fast pace, and lean concepts, it easy to see how many organizations would simply consider testing for application security defects to be too costly in terms of both time and resources. The reasons behind these beliefs are concerns over the cost of the tooling versus the benefit, the cost of deployment and training of the tools, the inability for these tools to fit into Agile development processes, and the objections of developers who must become proficient in the use of the tools. This paper addresses these concerns and describes methods that utilize Veracode’s Security Review and methodologies for security testing that succeed in the Agile world.

Download now

Understanding The Risks of Mobile Applications

Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system. In this respect many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps. However, mobile devices are not just small computers. Mobile devices are designed around personal and communication functionality which makes the top mobile applications risks different from the top traditional computing risks.

Download now

Datasheets

Veracode Results Review FAQs for Vendors

This document addresses many questions often asked upon results being made available to a vendor in an enterprise-vendor relationship.

Download now

Sample Contract Language

Here is a sample of a contract.

Download Now

Cross-site Scripting Cheat Sheet

As companies are trying to adapt to the fast changing threat landscape today, web applications are becoming increasingly vulnerable to attacks because of vulnerabilities like Cross-site Scripting (XSS).

Download now

SQL Injection Cheat Sheet

Find out how attackers exploit SQL flaws and how to fix and prevent SQL Injection vulnerabilities.

Download now

Application Perimeter Monitoring Datasheet

The Veracode Application Perimeter Monitoring (APM) solution enables enterprises to reduce the risk of data breaches by providing a rapid and massively scalable approach for gathering vulnerability intelligence across every enterprise web application.

Download now

Veracode Corporate Overview

Learn how we help the world's largest enterprises reduce global application risk across web, mobile and third-party applications.

Download now

Veracode Plugins and APIs

Whether you are developing code in a two-week Scrum Sprint, using continuous integration or a more traditional development model, your security tools should support the model and developer tools that make your team most productive.

Download now

VerAfied by Veracode

Veracode VerAfied enables organizations to quickly provide details about the security of their applications.

Download now

Program Management Services - Customer Implementation Datasheet

Veracode’s program management services are designed to ensure successful adoption of an application security program for each of our customers. This datasheet shows how a Veracode customer was able to leverage Veracode's expertise to design and implement a successful application security program within their organization.

Download now

Veracode SOX Compliance Solution

Veracode's SOX Compliance Solution helps public companies protect the integrity of their financial data to comply with the Sarbanes-Oxley Act of 2002.

Download now