/dec 12, 2022

Veracode Adds Advanced Dynamic Analysis Capability With Acquisition of Crashtest Security Solution

Acquisition Provides Enhanced Offering for Customers Looking to Secure their Web Application Attack Surface


BURLINGTON, Mass. – December 12, 2022 – Veracode, a leading global provider of modern application security testing solutions, today announced it has acquired Germany-based software security tool, Crashtest Security, a rising developer-oriented dynamic application security testing (DAST) product. The investment will enhance the existing DAST capabilities available as part of Veracode’s Continuous Software Security Platform and broaden customer access globally.

Web applications are fast becoming the most exploited attack vector for cyber threat actors looking to infiltrate enterprises and critical infrastructure. In fact, web apps now account for 40 percent of breaches*. The Crashtest Security product makes it even easier to get started with web application scanning in runtime environments to find vulnerabilities that static analysis is not best suited for. This developer-friendly solution complements Veracode’s platform capabilities as part of a complete modern application security program that secures the entire software development life cycle (SDLC).

Brian Roche, Chief Product Officer at Veracode, said, “Our customers have never been under greater pressure to secure their web applications in response to heightened risk. They seek simple-to-use products that can be onboarded quickly and seamlessly. The Crashtest Security product offers just the solution—it is a highly innovative DAST tool and already has deep roots in the European market. This acquisition supports the growing demand for run-time scanning and allows customers to quickly and easily experience the latest developments in DAST.”

Crashtest Security Dynamic Analysis

Crashtest Security, based in Munich, Germany, was founded in 2017. The solution can be used to analyze JavaScript-based apps, REST (Representational state transfer) APIs, and traditional web apps, and automate security testing via integration in the software development pipeline.

Veracode will incorporate the Crashtest tool into its existing portfolio, allowing customers to use the same login credentials across both products. Users will be able to leverage the most powerful aspects of the integrated technology for a 360-degree view of scanning and reporting architecture across all applications utilizing a DAST product. 

Felix Brombacher, CEO and Co-founder of Crashtest Security, said, “We are thrilled to extend advanced DAST capability to a broader market. We have invested heavily in our plug-and-play solution to meet the demands of customers in Europe and enable continuous testing throughout the development process. The acquisition of our dynamic analysis technology and resources by Veracode will enable us to deliver the next generation of DAST to customers globally.”

To learn more about the dynamic analysis solution and how to take software security to the next level, click here.


* 2022 Verizon Data Breach Investigations Report, May 2022

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


Press and Media Contacts

Katy Gwilliam,
Head of Global Communications, Veracode
[email protected]
Related Links


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image


  • resource image

    and Tricks

  • resource image

    & Podcasts

  • resource image

    and eBooks