/jul 5, 2018

Announcing New Veracode Dynamic Analysis

By Bhavna Sarathy

Effective application security assesses applications across the entire software lifecycle – beyond the development phase and into production. Why is this necessary? If you’ve shifted security left, into the development process, why do you need to shift it right into production? To put it bluntly: Because people aren’t perfect, and bad guys never sleep. With the speed of today’s development processes, it would be foolish to assume that every defect has been found and fixed when an app hits production, and likewise, it would be foolish to assume that cyberattackers are done inventing new ways to access your code. In addition, scanning an app dynamically at runtime will find issues and vulnerabilities you simply can’t identify looking at the app statically. The bottom line is that scanning apps in production with dynamic analysis is a critical piece of an effective application security program. However, dynamic analysis solutions have to work with DevOps processes and keep software secure without slowing or stopping releases.

To help you meet this need to dynamically scan apps in production, while ensuring you keep pace in a DevOps world, we’re launching a new and improved DAST solution, Veracode Dynamic Analysis. With its automation, depth of coverage, and unmatched scalability, Veracode Dynamic Analysis helps you:

Save time and effort on production scanning

With Veracode Dynamic Analysis’ recurring scheduling feature, you don’t have to remember to kick off scans. You can easily set up scans on a schedule that you do not have to continuously monitor. In addition, with the automated pause & resume feature, you don’t have to worry about disrupting IT maintenance windows because Dynamic Analysis will automatically pause at maintenance windows and resume where it left off.

Dynamically scan all your apps quickly and accurately

Veracode Dynamic Analysis covers all your applications, even difficult-to-scan web apps, such as single page and large web apps. And we will keep your development teams moving both with the speed at which our solution crawls and audits pages, and with our low false-positive rate (<1%), which keeps your developers from spinning their wheels chasing down non-existent threats.

Easily onboard apps and scale to cover your entire application landscape

You can set up a Veracode Dynamic Analysis scan with just the URL; you don’t need to coordinate with the development team to hunt down code or binaries. And when you need to scan multiple applications, you don’t have to upload them one at a time. You simply upload a .csv document to Dynamic Analysis with all of the URLs. In addition, you can schedule a group of applications into a batch scan and assess multiple applications concurrently. No matter the size of your organization, concurrent scanning means you don’t have to wait for a scan to complete before starting the next one.

Get all your testing results in one place

With Veracode, you’ll find results from all your AppSec tests – static, dynamic, SCA, pen testing – in one central location. This single view of test results makes it easy to coordinate remediation between multiple teams and track your progress.

Learn more

Keep your code secure across the software lifecycle, without slowing development cycles; get more details on the new Veracode Dynamic Analysis.

Related Posts

By Bhavna Sarathy

Bhavna Sarathy is a Principal Product Manager for the Veracode Web Application Scanning product line. Bhavna was instrumental in building the new Veracode Dynamic Analysis as the lead Product Manager, translating vision to execution. Bhavna enjoys building new products that delight security-conscious customers, and is adept at driving cross-functional teams toward common product portfolio goals. Bhavna has 20+ years experience in IT commercial software and 8+ years in product management and strategy. Bhavna holds masters' degrees in Computer Science and Electrical Engineering from The Ohio State University.