Veracode for Mobile ApplicationsAs mobile applications move from delivering content and entertainment to consumers to providing critical business functionality that transacts sensitive information they will increasingly become the target of hacking activity. Enterprises recognize the need to enable a mobile workforce with meaningful applications that allow them to be productive while maintaining the security of sensitive data on the device and internal networks. Veracode offers customers the opportunity to perform static analysis on mobile applications for security flaws before they become the target of attack. Below are some of the key features made available as part of this service: Application Portfolio Dashboard:Leverage a centralized view of risk and security information to manage, set policy, track and report on all your mobile applications. Automated Code Review (Binary Static Analysis):Veracode’s patented automated static binary analysis reviews the final integrated mobile application, including libraries and 3rd party components. This approach allows for the most accurate detection of commonly occurring security vulnerabilities including backdoors and malicious code. Open Source Ratings Database:Access to Veracode’s database of security scores for enterprise-class open source projects enabling you to gain an understanding of the risk/benefit trade-off of integrating open source versus commercially developed software. Executive, Security and Developer Reports:Veracode’s services platform offers summary and detailed reports to support the activities of CISOs, engineering managers and developers. CISOs can gain a centralized view of regulatory and corporate security policy compliance across the organization. Engineering managers can gain an understanding of the most prominent sources of risk in their internal application portfolio and developers can get detailed remediation advice on how to address application vulnerabilities in a prioritized manner to most efficiently comply with corporate security policies. Extensible, Open Platform:Veracode’s application risk management platform has been designed as an open and extensible platform that allows for easy integration with other technology platforms, IDEs and bug tracking systems that form the fabric of the software development infrastructure. For security and compliance personnel we offer automated integration with Archer’s GRC Framework product. For developers we offer xml exports and a results api that can be used to integrate our findings with tools that typically form part of the SDLC such as bug and defect tracking systems. |