Static Binary Analysis

Static binary analysis offers new approach to application testing

With an increasing number of threats today aimed at enterprise applications, companies must implement robust application security review practices. This has traditionally involved some kind of code analysis designed to review software for flaws and malicious code that could give hackers access to privileged information. Static application security testing scans code in applications before they go "live," while dynamic testing evaluates web application security in a running application. But because static code analysis tools have focused on source code, enterprises are left unprotected when source code is unavailable for review. That's why Veracode has introduced the industry's first code review solution that uses static binary analysis.

Veracode: The first on-demand, static binary analysis solution

Veracode SecurityReview® is an automated, on-demand, application security testing solution that uses static binary analysis to scan software for flaws. Static binary analysis enables enterprises to test an entire application. Many applications today use open-source software, commercial off-the-shelf software (COTS), third-party libraries, and code developed by offshore vendors to augment internally developed code—and source code from these other sources is often not accessible for testing. Because Veracode scans software at the binary level—reviewing compiled or "byte" code instead of source code—there are no obstacles to testing an entire application. And Veracode's on-demand service allows companies to avoid big capital investments in hardware and software. Developers and procurement agents can submit code for review through an online platform and get the results back within 24 to 72 hours. Enterprises no longer need to hire experts or dedicate personnel to code review—it can easily become part of the secure development life cycle and the software procurement process.

Combine static binary testing and dynamic analysis for greater security

In addition to a revolutionary static binary analysis technique for testing software, Veracode SecurityReview offers a comprehensive testing solution that also uses dynamic analysis (for web services security) and manual penetration testing to get the most accurate results in the industry. With more accurate results prioritized by level of risk and ease of remediation, developers can find and fix flaws more quickly, speeding time-to-market and optimizing security resources. Because SecurityReview was created on the software-as-a-service (SaaS) model, disbursed development teams can easily communicate and collaborate on security testing using the online analysis platform. There truly is no more effective and cost-efficient method for protecting enterprise applications.

Learn more about static binary analysis with Veracode now