Veracode Technology

Veracode Technolgy

Veracode in the only solutions provider to combine static binary analysis and dynamic analysis to provide organizations with the most accurate and complete security testing available.

Veracode Web Application Security
(Dynamic Testing)

Web application security has risen to the top of the agenda for security professionals striving to control their company’s overall risk profile. Recent statistics reveal that as many as 70% of websites have vulnerabilities and according to Gartner and the U.S. Computer Emergency Response Team (U.S. CERT), 75% of new attacks specifically target the application layer in order to exploit these weaknesses and steal critical financial and customer data.

Veracode’s automated web application vulnerability scanning, also known as dynamic analysis or black-box testing empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. By dynamically testing web applications in a run-time environment, Veracode inspects applications the same way a hacker would attack them – providing the most accurate and actionable vulnerability detection available.

Behavioral Modeling for Accurate Results

Legacy web scanners simply launch a long list of signature-based attacks without regard for the structure of the underlying application resulting in poor coverage and inaccurate results. Veracode’s scanning technology uses dynamic crawling to build a model based on the behavior of the application, determines vulnerability attack vectors, and then conducts relevant analysis to ensure the highest level of coverage with the most accurate results.

Advanced Data Analysis to Find Hidden Issues

Veracode’s breakthrough web scanning analyzes the data and content of information presented by the application in order to find hidden security issues that are missed by other products. Veracode looks “inside” of directories, debug code, leftover source code, and resource files to find hidden username/passwords, SQL strings, ODBC connectors, and other sensitive information which hackers can exploit to gain unauthorized access to your application.

Complete Automation

Veracode’s dynamic scanning is the only on-demand solution which is completely automated. Other tools, even if “hosted” by a 3rd party, require human assistance to train the tool to handle complex forms, authentication, and navigation of custom error pages in order to operate properly. Users simply provide a URL and Veracode’s advanced scanning technology performs the analysis and provides the most accurate and actionable results within 24-72 hours.

Full integration with Static Analysis

Unlike “stand-alone” web scanners, Veracode is the only solutions provider to incorporate both static and dynamic testing as a single offering. Veracode’s dynamic web application security is integrated with our patented static binary analysis which enables enterprises to fully test their applications using multiple assessment methods to provide a single set of convergent results, ratings and reports.