Veracode Introduces IAST for Enhanced Risk Reduction in DevOps and Agile Environments

Continues Strategy of Incorporating Complementary Technologies via Open and Extensible Platform

BURLINGTON, Mass. — May 22, 2015 — Veracode, a leader in protecting enterprises from today’s pervasive Web and mobile application threats, today announced that it is partnering with Contrast Security to deliver IAST (Interactive Application Security Testing) as an automated cloud-based service.  By dynamically instrumenting application behavior in real-time, from within the running application, IAST is designed to give enterprises an additional way to rapidly and accurately reduce risk earlier in the software development lifecycle (SDLC), especially in DevOps and Agile environments. 

Veracode’s new IAST offering, built on core technology developed by Contrast Security, is complementary to its existing static analysis, dynamic analysis, software composition analysis, mobile behavioral analysis and web perimeter monitoring technologies.  By delivering a broad range of technologies on a single cloud-based platform with centralized policies, metrics and analytics, Veracode’s unified approach reduces complexity and provides a more scalable solution for reducing application-layer risk across global software infrastructures.

Veracode is continuously broadening its end-to-end platform by integrating innovative technologies developed in-house as well as by its technology partners.  IAST enables security and development teams to better understand vulnerability context and risk by observing simulated attacks in real-time, including OWASP Top 10 threats such as SQL Injection and Cross-Site Scripting.  Veracode’s dynamic analysis can also be used in conjunction with IAST to automate attack scenarios, thereby reducing time and cost compared to manual QA testing.  Veracode’s IAST offering currently supports applications written in Java and .NET.

“In 2014, we helped our customers remediate over 4.7 million vulnerabilities, significantly reducing application-layer risk,” said Sam King, EVP strategy and corporate development for Veracode. “By providing a holistic solution on an extensible cloud-based platform — backed by on-demand remediation coaching services from world-class security experts — we’re transforming the way global enterprises address the vital challenge of securing their critical software infrastructures.”

"We’re delighted to be partnering with Veracode to tackle the global challenge of securing applications, one of the primary targets of successful cyber breaches,” said Jeff Williams, co-founder and CTO of Contrast Security. “Contrast Security’s powerful deep security instrumentation technology, combined with Veracode’s open platform and market reach, will help more developers innovate faster without sacrificing security.”

As a further step in extending the capabilities of its platform, Veracode also now supports COBOL via a technology partnership with Optimyth Software. This complements Veracode’s existing native support for static analysis across all major languages such as Java, .NET, C/C++, Classic ASP, ColdFusion, HTML5, JavaScript, Objective C, PHP, Ruby, Visual Basic and VBScript.

Veracode currently provides open APIs and plug-ins enabling tight integration with automated toolchains for Agile and DevOps environments, including Eclipse, Jenkins, JIRA, Microsoft Visual Studio and Team Foundation Server, IBM Rational Team Concert, HP Quality Center and others.  Veracode APIs also enable integration with IT operations systems such as WAFs, MDMs, GRC systems such as RSA Archer, and SIEMs such as Splunk.