Static Analysis

Static analysis delivers software security

Enterprise security is highly focused on the application layer today, and for good reason. Because the network perimeter has been successfully secured to a great degree, most malicious attacks are now directed at applications. To address this threat, enterprises must test applications for flaws or threats before procuring or implementing them. Static analysis is one of the leading testing techniques. Static analysis reviews program code, searching for application coding flaws, backdoors, or other malicious code that could give hackers access to critical company data or customer information. But most static analysis tools only can scan source code, which is problematic. Many applications integrate code from third-party libraries, offshore software, and commercial off-the-shelf (COTS) applications—and source code for these applications are often unavailable for scanning. To solve this problem and deliver more effective method of static analysis, Veracode has introduced SecurityReview®.

Veracode provides superior static analysis solution

Veracode SecurityReview is the first automated, on-demand, application security testing solution that uses static binary analysis. Where other products scan source code, SecurityReview scans binary code—compiled or "byte" code—allowing enterprises to scan 100 percent of an application, even when source is not available for practical or proprietary considerations. SecurityReview is built on the software-as-a-service model, allowing organizations to access and scale security testing without the need for capital expense or investment. There is no vulnerability assessment software or hardware to purchase and no security personnel to train. Developers or software procurement personnel submit code through an online platform, and results are returned within 24 to 72 hours. SecurityReview's automated format greatly reduces the amount of effort and resources needed to perform static analysis, while greatly increasing the accuracy of test results.

Combine static, dynamic, and manual penetration analysis in one solution

Veracode SecurityReview is a comprehensive testing solution. In addition to binary static analysis, SecurityReview includes dynamic analysis for Web security testing, and manual penetration testing. In the past, this level of testing meant purchasing multiple on-premises tools. Veracode's on-demand platform instead makes application testing simple and cost-effective to use and to deploy rapidly and globally. Geographically diverse teams of developers and purchasers can work in a single collaborative environment to get automated analysis of both static binaries and running Web applications, with results prioritized for seriousness of threat and ease of remediation. There simply is no more effective way to protect enterprise applications from threats.

Learn more about static analysis with Veracode now, as well as SOA security, application development security, and more