Appsec Knowledge Base

SECURITY ATTESTATION

The challenges of producing a security attestation.

A security attestation is a critical component of third party risk management. For enterprises, a security attestation can help to ensure that a piece of third-party software is secure. For vendors, a security attestation can prove to potential customers that your applications comply with security standards.

The challenge comes in producing a reliable security attestation easily and affordably. Vendors typically don’t want to share source code that they view as intellectual property, which makes testing web applications more time-consuming and expensive.

Veracode provides a suite of automated web testing solutions that can test third-party software without requiring access to source code – giving both enterprises and vendors a simple way to produce a trusted security attestation.

Security attestation solutions from Veracode.

Veracode provides application security and software testing services for enterprises worldwide. Veracode’s SaaS-based solutions enable organizations to implement web and mobile app testing services quickly and easily without capital expense for hardware or software. With a comprehensive suite of testing services – including static analysis, dynamic analysis, software composition analysis and more – Veracode lets organizations test for flaws and vulnerability in applications at any point in the software development lifecycle.

Veracode’s independent software audit service manages third-party security attestation as a cloud-based service, working directly with vendors in the software supply chain to ensure they are compliant with corporate security policies. Because Veracode scans compiled binaries rather than source code, vendors are not required to reveal proprietary intellectual property when submitting software for testing.

Veracode’s Vendor Application Security Testing service enables enterprises and vendors to upload software to the Veracode cloud platform, where it is tested for flaws and vulnerabilities against corporate security policy. Veracode then issues a pass or fail grade for each application, along with a report that details weaknesses and ways to remediate them.

How Veracode’s security attestation process works.

To develop a security attestation for third-party software, Veracode works with organizations to:

  • Define third-party compliance policies, assemble lists of vendors and applications for your security attestation program and communicate with vendors about assessment requirements.
  • Test applications uploaded to the Veracode security platform, analyzing each application for vulnerabilities and publishing a report for all stakeholders.
  • Manage compliance as software providers remediate vulnerabilities with assistance from Veracode security experts.
  • Retest applications to ensure they meet corporate security policies.

Learn more about security attestation with Veracode, and about Veracode’s security testing tools for mobile applications.

 

 

contact menu