Veracode services uniquely suited to rapidly identify OpenSSL vulnerability in both visible and hidden applications
BURLINGTON, MA — April 15, 2014 — Veracode, the application security company, today announced that the company is offering to use its cloud-based platform to analyze all previously scanned customer applications and publicly-facing websites for the Heartbleed vulnerability. Using the software composition analysis functionality and web application perimeter analysis service, Veracode will provide customers with reports detailing all applications that may possess the OpenSSL vulnerability.
When patching applications, businesses focus first on their main, publicly-facing applications. Often, the patching initiatives do not extend beyond these initial applications, as the business may not be aware of all the applications. This leaves thousands of applications vulnerable, and creates a long-term security threat. For one client, Veracode analyzed more than 26,000 websites in less than 2 minutes and found multiple sites still containing the Heartbleed vulnerability.
In addition, development teams embed OpenSSL deeply into their mission-critical client-server applications, making it difficult for traditional security tools to root out and identify the library. Using data mined from Veracode’s cloud-based platform, Veracode analyzed thousands of applications and found over 12 percent were at risk of having the OpenSSL vulnerability. Unlike other services, Veracode uses both static and dynamic analysis techniques to quickly identify and mitigate the risk from the wide-spread OpenSSL vulnerability in all applications.
“When new vulnerabilities are identified, it is crucial for large enterprises to react quickly to mitigate the risk to their infrastructure and customers’ data. However, we recognize how difficult it can be for companies to develop an appropriate response in a timely manner,” said Bob Brennan, CEO, Veracode. “These offerings are meant to assist customers in their Heartbleed mitigation efforts. It is our intention that by harnessing the full power of Veracode’s cloud-based platform, customers are able to prevent this vulnerability from having a long-term effect on their businesses.”
Veracode is offering the following cloud-based services to current customers, giving them visibility into their hidden perimeter and embedded apps:
- Heartbleed Component Analysis: The Veracode software composition analysis engine searches static code for evidence of OpenSSL and produces a report detailing at risk applications.
- Heartbleed Web Perimeter Analysis: Through the use of Veracode’s massively parallel Discovery technology, Veracode will discover all sites in the customer’s domain, detect the use of OpenSSL in all company owned websites and produce a report identifying vulnerable websites.