/aug 23, 2017

Top 4 Ways Veracode Integrations Make Security's Job Easier

By Chris Wysopal

The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners.

But what do these integrations mean for a security professional charged with AppSec? How do they affect his or her day-to-day activities? Here are the top ways Veracode’s integrations make the security team’s jobs easier:

1. Get the data you need …

For the security team, AppSec only works if they can get their hands on the right data. An AppSec program could be finding and fixing hundreds of security flaws a day, but security needs solid metrics behind these results in order to improve and expand the program. Without the right data, they won’t be able to see trends, communicate priorities and progress or gain the leverage they need to negotiate for business mindshare and budget.

Veracode gives security quick and easy access to critical information such as:

  • Application security scores
  • Lists of all discovered flaws
  • Flaw status information (new, open, fixed or re-opened)
  • Summary data for third-party assessments, including scores and top-risk categories

2. … the way you need it

But security also can’t spend all their time hunting down AppSec metrics. By integrating with GRC systems, Veracode makes viewing and sharing all the data above easier. Veracode’s integrations feed data directly into the systems security professionals are already using, helping them to seamlessly get the data they need to better manage the AppSec program.

Ultimately, this integration makes it simple for companies to track their application security compliance within the context of their corporate GRC initiative.

3. Simplify blacklist rules

Security professionals also need to maintain web application firewalls (WAFs), and Veracode’s integrations make this task easier as well. Veracode automatically generates blacklist rules for popular WAFs from dynamic scan data. Security can use Veracode dynamic scan findings to automatically generate rules for a web application firewall, so they can target just the areas they know have problems and block identified exploitable vulnerabilities in the application.

4. Work more efficiently with development

Especially with the shift to DevOps and security testing’s shift “left,” working efficiently with development and enabling them to embed security into their processes are now key parts of the security role. Veracode’s integrations help security more easily and effectively enable and guide the development team toward secure coding.

For instance, Veracode’s integrations give security increased visibility into both the status of their AppSec program, but also into what their application teams are struggling with, so that proper training can be provided. With the GRC system integration, an AppSec manager could quickly and easily see that one particular dev team is producing code with more SQL injection flaws than other teams. The AppSec manager can then provide the right type of training to the right people.

For more information

Learn more about how Veracode’s integrations work in our new guide, Veracode Integrations: Streamline Application Security for Both Security and Development Teams.

Related Posts

By Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.