Veracode Discovery
Find all your public-facing applications and manage their risk
Veracode Discovery Finds about 30% More Web Applications Than Our Customers Knew They Owned.
Attackers look for the easiest way to breach an organization, which is often through forgotten or badly maintained web applications. Organizations may not know about all of their web applications, either due to M&A activities or because they are created faster than they can track them, leaving them vulnerable to attack. Veracode Discovery quickly scans your entire web application attack surface to identify and inventory all of your web applications, giving you the best visibility into where to target Dynamic Application Security Testing (DAST) scanning with Veracode Dynamic Analysis.
Using Multiple Approaches to Cover All of Your Applications
Veracode Discovery doesn’t simply rely on a provided list of IP ranges, but performs an exhaustive inventory of your web applications by using multiple inputs, including IP ranges, keywords, hostnames, domain names, and individual IP addresses. This ensures that we find every web application associated with your organization, even if you didn’t create it in-house. With this process, you get peace of mind that you know about everything on your attack surface, and can better determine where to perform further DAST testing.
Easy to Use and Scale
Veracode Discovery features an easy-to-understand workflow that allows you to configure and run scans during appropriate time windows. Additionally, Veracode Discovery is a SaaS offering, so it scales with your organization over time.
High Quality, Actionable Results
Veracode Discovery provides high-quality, actionable results. We’ve helped customers find websites with an insufficient level of authentication and legacy sites that were decommissioned as a result. Customers can easily sort and prioritize results on the Veracode Platform.
Prioritize DAST Scanning
Veracode Discovery output can easily be turned into input for Veracode Dynamic Analysis to identify any critical vulnerabilities. All of this happens within the Veracode Platform, providing a single pane of glass for your application security testing.
See A Demo
Cookie Use
We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.