Serious About Security

Security is our top priority

All Veracode customers benefit from:



Encryption on Transfer Data encryption on transfer
Data is encrypted using SSL on transfer.
Encryption at Rest Data encryption at rest
Data is encrypted on servers using AES 128 bit.
Administrative auditingAdministrative auditing
Manage users, groups and access permissions.
Passwords Sophisticated user password policy enforcement
Enforced complexity requirements, Two-factor authentication, IP address restrictions and forced resets.
PrivacyProtection of your privacy
We take your privacy very seriously. More
RolesRole-based access controls
Choose viewing, access & uploading permissions.
Download the Serious About Security whitepaper


Comprehensive security at every level

Veracode commits extensive resources to the design, implementation, monitoring and maintenance of our security infrastructure. This includes:

SysTrust
  • Systrust/SAS 70 certified. Audit by an outside, independent auditor to ensure we have appropriate internal controls in place for security and confidentiality of our environment. Click here for Veracode's SysTrust report.
    Click here to learn more about Systrust. Click here to learn more about SAS 70.
  • Highly scalable and redundant online infrastructures
  • Constant monitoring of production systems
  • Ongoing threat assessments
  • Rapid deployment of industry-standard security technologies
  • Veracode perform dynamic and static scans on any code changes we make to our software.
    Want to understand the security of your application? Signup today for a Free Trial!


Protection at the application level

Application Level Protection
  • Your Applications uploaded to the Veracode Platform are private to your Account
  • Uploaded Applications are purged from the Veracode Platform once the analysis is complete.
  • Scan results are treated just as securely as your uploads, you own them and control them. Results are deleted once the application profile is deleted by a customer from their account.


Protection at the network level

Network Level Protection
  • Servers reside behind sophisticated firewall that selectively grants access to network resources
  • External penetration testing performed for system security and validation
  • Multiple internet backbone connections provide routing redundancy and high performance connectivity
  • Intrusion Detection System (IDS) continuously monitors network traffic


Protection at the facilities level

Network Level Protection
  • Servers hosted in redundant facilities, which are automatically backed up to a geographically-separated site
  • Data centers implement ongoing audits, 24/7/365 monitoring and surveillance, on-site security staff, mantraps and strict access controls
  • Power systems feature multiple power feeds, UPS devices and backup generators ensure continuous operation


Application Security without Source Code

No Source Code Needed
  • The primary inhibitor to organizations being able to identify software vulnerabilities is the availability of source code
  • Veracode’s patented static binary analysis enables enterprises to conduct application security audits through an easy to use platform, as part of an organization’s formal software release, compliance or acceptance process, without the need for source code or other intellectual property
  • Learn more about Application Security without Source Code