Why did Gartner place Veracode as a Leader in the 2015 Magic Quadrant for Application Security Testing1 (AST) for the third year in a row? In Gartner’s own words, leaders are chosen based on their completeness of vision and ability to execute. That’s borne out by the fact that in 2014 alone, we helped our customers identify and remediate 4.7 million vulnerabilities – significantly reducing application-layer risk.
Gartner also states that, “Highly publicized breaches in the past 12 months have raised awareness of the need to identify and remediate vulnerabilities at the application layer. Enterprise application security testing solutions for web, cloud and mobile applications are key to this strategy.”
Once again Gartner validated that we are the best pure-play provider of application security – and by a wide margin. This is a reflection of the fact that our automated cloud-based service is more effective and scalable for global enterprises because it:
- Was built from the ground-up for the cloud, with centralized policies and metrics enabling a consistent governance model across diverse development teams (no matter where they’re located).
- Offers the broadest set of technologies on a single platform (SAST, DAST, IAST, mobile behavioral & reputation analysis, software composition analysis/SCA, web perimeter monitoring) – backed by remediation coaching from the world’s foremost experts in application security.
- Enables Agile and DevOps teams to ship secure code faster by embedding automated assessments into existing workflows via rich APIs..
We thought Gartner summed up our strengths nicely:
- Veracode offers scalable AST as a service and tests tens of thousands of applications per year.
- Veracode’s AST services will meet the requirements of organizations looking for a broad set of AST services that want to delegate their AST and SCA to a third-party expert with a strong reputation for the quality of its services and demonstrated innovation in application security.
- Veracode offers an innovative web application perimeter monitoring service that discovers and tests web applications on the public Internet.
- Veracode’s mobile AST as a cloud service includes static byte and binary code analysis, as well as behavioral analysis in the mobile device emulator or in a physical device. It also offers a reputation service for commercial application risk/security ratings for the most frequently downloaded apps from app stores with EMM integration for MobileIron, IBM (Fiberlink) and AirWatch.
- Veracode offers APIs for integrating its cloud-based services with multiple IDEs, code management and bug-tracking tools, and build servers, thus making AST more seamless, expedient and better integrated with agile SLC processes.
- Veracode is widely recognized as a pioneer in the analysis of binary code. The testing of binary or byte code is a differentiator when testing third-party libraries and executables, where access to the source code is not possible.
You can download the entire MQ here:https://info.veracode.com/analyst-report-gartner-application-security-testing-magic-quadrant-2015.html
1 Gartner, Inc. 2015 “Magic Quadrant for Application Security Testing” by Neil MacDonald, Joseph Feiman, 6 August, 2015.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.