Skip to main content
August 28, 2012

Using Veracode’s SaaS Engine to Quickly Roll Out Scanning Programs

By Dan Cornell, CTO of the Denim Group ( Group - Application Security ConsultantsAt Denim Group, we help clients build secure software and secure the software they have built. We have a long-standing partnership with Veracode because their SaaS scanning engine provides us with the vulnerability information we need to help make our customer’s applications more secure. Our goals when we work with clients rolling out software security testing programs are the following:

  • Coverage: What percentage of the application portfolio is covered?
  • Frequency: How frequently is testing being performed?
  • Depth: How thorough is the testing that is being performed?

However despite the fact that we work with a large variety of clients from a variety of vertical markets, we find that most organizations don’t scan all of their applications and more importantly, aren’t scanning their applications frequently enough. We’ve had a lot of success using Veracode to help overcome this problem. The SaaS scanning engine helps us get large numbers of applications into the testing program in a minimum amount of calendar time. Scripting application submissions also makes it easy to get applications on regular testing schedules. This has a couple of advantages:

  • Quicker scanner rollouts (calendar-wise) means less time elapses before we have a feel for the level of exposure the client has to deal with
  • Scheduled re-scans mean that the information about vulnerabilities stays “fresh”
  • Easier scanner rollouts (level-of-effort-wise) means there is more time in the budget to focus on manual testing activities as well as vulnerability resolution and remediation

Having access to the data via their API is also really useful because it lets us slice and dice the vulnerability data and integrate the scanning program with other systems and processes to ensure we can produce the best product for our clients – applications that offer cutting-edge functionality and easy to use interfaces that also protect corporate assets consistently. We’re happy to be partnering with Veracode, and especially enjoy working with Veracode customers that come to us to take advantage of our specialized expertise in both software development and software security. We look forward to working with Veracode as long as applications continue to have security defects…so I guess we’ll be at this for a long time. For more details on our partnership, please see the press release we put out this week, and feel free to contact us if you’d like help making sense of your Veracode test results and how to best work with your development teams to get vulnerabilities resolved.

Neil is a Marketing Technologist working on the Content and Corporate teams at Veracode. He currently focuses on Developer Awareness through strategic content creation. In his spare time you'll find him doting over his lovely wife and daughter. He is a Co-Owner of CrossFit Amoskeag in Bedford NH, his favorite topic is artificial intelligence, and his favorite food is pepperoni pizza.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.