Veracode Launches World's First Automated, Subscription-Based Security Service for testing Off-the-shelf Software and Outsourced Code Development
Exciting innovator takes risk out of software procurement and development and delivers the only independent security audit for externally sourced code
As part of this new offering Veracode is the first to deliver independent auditing of externally sourced code, a cause of considerable security concern for a growing number of businesses. By its innovative use of patented technology, Veracode is also the only provider to identify and remedy the security flaws in binary code, the very foundation of all today's software applications, and thus eliminate the need for an organisation to hand over for test intellectual property represented in source code.
Application security has risen to the top of the agenda for security professionals striving to control their company's overall risk profile.
According to the Computer Emergency Response Team (CERT), more than 7,000 new vulnerabilities were discovered over the last year, with 92 percent of vulnerabilities found in software according to National Institute of Standards and Technology (NIST). With organisations deploying an increasing number of complex applications - some developed internally, some offshore, some purchased off-the-shelf - the effort needed to manage risk becomes greater. Traditional approaches have focused on conducting costly and time-consuming manual penetration tests or using tools that typically require source code which is not usually available in mixed-code base environments or commercial applications.
"Veracode offers a unique method for testing commercial-off-the-shelf
(COTS) software that fills an essential gap in our software security programme enabling a more effective understanding of risk from commercial software along with the information needed to manage this risk with our software vendors," said Jim Routh, CISO of Depository Trust & Clearing Corporation, who is participating in the panel session "Five keys to effective application security and secure coding" taking place 12:45-14:00 on 22 April within the keynote conference at Infosecurity Europe, Olympia in London.
Rhonda MacLean, Global Information Security Officer, Global Retail and Commercial Banking, Barclays Bank (who is also participating on the panel) further commented on the benefits of the Veracode service:
"In a rapidly changing threat environment, Veracode's technology and its software-as-a-service model have given us the flexibility to conduct rapid code review cycles, which is an obvious benefit for our customers."
"Enterprises are increasingly outsourcing the development of their applications and leveraging commercial software to run their business operations, but they cannot outsource the security risk and liability associated with those applications", said Diana Kelley, Partner at analyst organization SecurityCurve. "Enterprises need effective ways to test and audit the risk associated with COTS and outsourced software when source code isn't available."
Based on patented, static binary testing (1) technology and dynamic web scanning (2), Veracode's SecurityReview is the industry's first solution specifically designed to overcome the limitations of traditional tools and manual penetration tests:
- Veracode's comprehensive portfolio of services covers all testing needs - including internal security reviews, PCI compliance, COTS security audits and outsourced secure code acceptance.
- Veracode is the only organisation to scan code using automated techniques which mirror the way a machine executes code or a hacker's approach to attack - accurately assessing the roots of the problem as no other tool can do.
- It is the only company to offer organisations application code reviews on a software-as-a-service subscription basis (eliminating the need to install or maintain costly software, hardware or train personnel).
- Veracode helps users keep in lockstep with new threats by leveraging its on-demand security platform, pooling the learning from every scan across all customers
- No one else can identify and remedy the security flaws in binary code, the very foundation of all today's software applications.
- Veracode is the first provider to help organisations improve their application security without asking them to hand over the intellectual property represented in source code.
- Veracode alone deals with scanning mixed-code-based applications as it can tackle both dynamic and static testing of code - reducing the fud (fear, uncertainty and doubt) factor in software procurement.
TheVeracode SecurityReview Service Portfolio is now comprised of the following on-demand services:
- Outsourcing SecurityReview Provides a simple, cost-effective, and automated security audits that ensures enterprises receive secure code from offshore development partners.
- COTS (Common-off-the-shelf software) SecurityReview Helps enterprises and government agencies quantify and manage security risks of commercial off-the-shelf software
- SDLC (Software development life cycle) SecurityReview Enables security teams to conduct security assessments on mission-critical internally developed applications before they ship
- PCI SecurityReview Automates and shortens the process for achieving compliance with the application security requirements of PCI-DSS, Visa PABP and PA-DSS in a simple and cost-effective way
"With applications being the weakest link in the corporate security chain, organisations are increasingly demanding independent verification and validation of applications as part of their software release and acceptance criteria, said Matt Moynahan, CEO at Veracode. "With Veracode, customers can now count on a single vendor delivering a comprehensive portfolio of on-demand services that delivers independent security audits for applications whether they are developed, offshore or purchased off-the-shelf."
Veracode is the world's leader for on-demand application security testing solutions. Veracode SecurityReview is the industry's first solution to use patented binary code analysis and dynamic web analysis to any application security threats including vulnerabilities and malicious code. SecurityReview performs the only complete and independent security audit across internally developed applications, third-party commercial off-the-shelf software and offshore code without exposing a company's source code. Delivered as an on-demand service, Veracode delivers the simplest and most-cost effective way to implement security best practices, reduce operational cost and achieve compliance without requiring any hardware, software or training.
Veracode has already established a position in the US as the market visionary and leader with awards that include recognition as a Gartner 'Cool Vendor' 2008, Info Security Product Guide's "Tomorrow's Technology Today Award 2008", Information Security "Readers' Choice Award 2008", AlwaysOn Northeast Top 100 Private Company 2008, NetworkWorld "Top 10 Security Company to Watch 2007", and Dark Reading's "Top 10 Hot Security Startups 2007".
Veracode is backed by .406 Ventures, Atlas Venture and Polaris Venture Partners. www.veracode.com. For more information, visit www.veracode.com.
1. In static binary testing applications are tested in the same way in which a machine would execute code and using a method similar to that a hacker would use to attack code.
2. Dynamic web scanning is effectively automated penetration testing.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Was ist ein Honeypot?
Honeypot und Honeynet sind Computersysteme oder Netzwerkkomponenten, die gezielt Angreifer anlocken sollen. Sie lassen sich einsetzen, um Angriffsmethoden zu studieren, von anderen Systemen abzulenken oder Hackern eine Falle zu stellen.Weiterlesen