Veracode Static Binary Analysis

Static analysis, also commonly called ”white-box” testing, looks at applications in non-runtime environment. This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and through advanced modeling, can detect flaws in the software’s inputs and outputs that cannot be seen through dynamic web scanning alone. In the past this technique required source code which is not only unpractical as source code often is unavailable but also insufficient.

Veracode offers a fundamentally better approach to application security testing through our patented automated static binary analysis, which has been called a “breakthrough” by industry analysts such as Gartner. By looking at the code in its “final” compiled version Veracode can evaluate vulnerabilities introduced by linked libraries, APIs, compiler optimizations and third party components which source code testing cannot identify. This approach results in the most accurate and complete security testing available in the industry.

Application Security On-Demand without Source Code

The primary inhibitor to organizations being able to identify software vulnerabilities is the availability of source code. Veracode’s patented static binary analysis enables enterprises to conduct application security audits through an easy to use on-demand platform, as part of an organization’s formal software release, compliance or acceptance process, without the need for source code or other intellectual property.

Superior Accuracy and Coverage through Binary Analysis

Binary analysis creates a behavioral model by analyzing an application’s control and data flow through executable machine code – the way an attacker sees it. Unlike source code tools, this approach accurately detects issues in the core application and extends coverage to vulnerabilities found in 3rd party libraries, pre-packaged components, and code introduced by compiler or platform specific interpretations.

Detect Hidden Backdoors and Malicious Code

Software development is a multi-tier process where growing types of threats – such as those coming from malicious code and backdoors – are impossible to spot with traditional tools because they are not visible in source code. For the first time, organizations can now detect these threats by using static binary analysis on the application in its final form.