SlideShare uma empresa Scribd logo

Veracode - Overview

S
Stephen Durrant
1 de 4
Baixar para ler offline
It’s Smart: Our software learns continuously to address rapidly- evolving threats — and is designed by the world’s foremost experts in application security. It’s Cloud-Based: Our cloud-based platform is massively scalable and let’s you start immediately — without hiring more consultants or installing more servers and tools. VERACODE APPLICATION SECURITY Speed your innovations to market — without sacrificing security We help the world’s largest enterprises reduce global application-layer risk across web, mobile and third-party applications. More than half of all breaches occur at the application layer, yet only 10% of enterprises test all their critical applications for resilience against cyber-attacks. Why? Because traditional application security slows down innovation. Veracode offers a simpler and more scalable approach for reducing application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications. It’s Programmatic: Our program managers help you implement a centralized, policy-based approach for managing enterprise-wide governance and reporting on an ongoing basis.
54% of all attacks target the application layer (Source: Verizon DBIR) Mobile, cloud, social media and Big Data are dramatically changing the way we deliver business innovation. And it’s your job as CISO to ensure new applications don’t introduce unnecessary risk. The traditional, on-premises approach to application security imposes excessive complexity on fast-moving development teams. It requires specialized expertise and is difficult to configure. Plus it doesn’t allow you to apply an enterprise-wide governance model with consistent policies across multiple business units and development teams. As a result, most enterprises take a fragmented approach to application-layer security. They spend millions on ad-hoc manual testing and tools but cover only a fraction of their global application threat surface. In fact, 28% of organizations don’t even know how many applications they have   (Source: SANS) 87% of web applications don’t comply with the OWASP Top 10 (Source: Veracode State of Software Security Report) 78% of enterprises don’t perform security reviews for 3rd-party software (Source: SANS) Despite this, fewer than 10% of enterprises test all of their business-critical applications before and after deploying them (Source: SANS) 79% of developers say they either have no process or an inefficient ad-hoc process for building security into applications (Source: Ponemon) APPLICATIONS ARE STRATEGIC FOR BUSINESS INNOVATION – AND A TOP TARGET FOR CYBER-ATTACKS EVERY ENTERPRISE IS NOW A TECHNOLOGY COMPANY This piecemeal approach yields predictably poor results. Cyber-attackers continue to improve their tactics at an alarming rate. They look for paths of least resistance, such as less critical sites you may not even know existed. They search every nook and cranny of your applications to find their weak spots. And if you aren’t testing your application infrastructure to the same level, you’re exposing yourself to unnecessary risks that can lead to theft of customer data and intellectual property, fraud, downtime and brand impact. Veracode offers a smarter and fundamentally different approach to application-layer security. Our subscription-based service combines a powerful cloud-based platform with deep security expertise and proven best practices for managing enterprise-wide governance programs. That’s why you can count on us to make your global program successful — so your business can go further faster without compromising your security posture.
BRING YOUR GLOBAL APPLICATION INFRASTRUCTURE INTO CORPORATE COMPLIANCE WITHIN WEEKS — VERSUS MONTHS OR YEARS WITH LEGACY ON-PREMISES APPROACHES SMART CLOUD-BASED PROGRAMMATIC • Continuously learning with every new scan to address rapidly evolving threats and minimize false positives • Delivers security intelligence to existing WAFs, MDMs and GRC frameworks • Combines multiple analysis techniques for optimum accuracy and coverage (binary SAST, DAST, behavioral analysis, manual penetration testing) • Analytics dashboards track KPIs vs. industry peers • Built and evolved by the world’s top researchers in application-layer security • Massively scalable to address your entire application infrastructure • Implements central policies uniformly across all business units and development teams • Rapid ramp-up via SaaS model — no need to hire more consultants or install more servers and tools • Centralized information-sharing platform for simplified collaboration across global teams: security, development, audit, operations, third-party vendors • Transforms de-centralized, ad-hoc processes into structured, ongoing governance programs • Outsourced program management leverages proven best practices developed with the world’s largest enterprises • Addresses complexity of managing across geographically-distributed development organizations • Expert coaching helps developers rapidly remediate vulnerabilities  • Tight integration with agile workflows accelerates developer adoption • Recognized by Gartner for receiving high marks from customers for customer success program CISOs CAN BE MORE PROACTIVE AND STRATEGIC ABOUT APPLICATION-LAYER SECURITY — MAKING THEM BUSINESS INNOVATION ENABLERS
THE MOST POWERFUL APPLICATION SECURITY PLATFORM ON THE PLANET 65 Network Drive,  Burlington, MA 01803, USA.   Tel +1.339.674.2500    www.veracode.com Binary Static Analysis (SAST) Static Application Security Testing (SAST), or “white-box” testing, finds common vulnerabilities by creating a detailed model of the application’s data and control paths — without actually executing it. The model is then searched for all paths through the application that represent a potential weakness, such as SQL Injection. Unique in the industry, Veracode’s patented binary SAST technology analyzes all code — including third- party software such as components and libraries — without requiring access to source code. Dynamic Analysis (DAST) Dynamic Application Security Testing (DAST) or “black-box” testing, identifies architectural weaknesses and vulnerabilities in your running web applications before cyber-criminals can find and exploit them. DAST uses the same approach used by attackers when probing the attack surface, such as deliberately supplying malicious input to web forms and shopping carts. Web Application Discovery & Monitoring Most organizations have thousands of web-facing applications — including many they may not even be aware of, such as temporary marketing sites and sites inherited via M&A. Veracode addresses this visibility gap by creating a catalog of all web applications via a massively parallel, auto-scaling cloud infrastructure that discovers tens of thousands of sites per week (via production-safe crawling). Veracode then baselines your risk by running a non-intrusive scan on thousands of applications simultaneously. This scan quickly identifies the most exploitable vulnerabilities such as SQL Injection and Cross-Site Scripting. Rapid mitigation is enabled by feeding threat intelligence to Web Application Firewalls (WAFs). Third-Party Security More than two-thirds of enterprise applications are provided by third- parties1 — including commercial applications, outsourced code, SaaS, third-party libraries and open source. Our Vendor Application Security Testing Program (VAST) reduces the risk associated with third-party software by managing the entire vendor compliance program on your behalf and helping you define a best practices governance model. Mobile Application Security Veracode’s behavioral analysis dynami- cally analyzes an application’s real-time behavior (in a sandbox) to identify risky actions such as data exfiltration to suspi- cious geolocations. This security intelli- gence is integrated with MDM solutions to enable enforcement of corporate BYOD policies. Static analysis is also used to identify malware and coding vulnerabilities such as information leakage. Manual Penetration Testing Services Manual Penetration Testing adds the benefit of specialized human expertise to our automated binary static and dynamic analysis — and it uses the same methodology cyber-criminals use to exploit specific weaknesses such as business logic vulnerabilities. Veracode’s cloud-based platform provides a single central location for consolidating results from multiple techniques — both automated and manual — so you’re better able to identify all vulnerabilities of measurable risk. VERACODE AT A GLANCE • Founded in 2006 • 300+ employees • 500+ customers worldwide • Gartner Magic Quadrant Leader for Application Security Testing • One-third of the Fortune 100 • 3 of the top 4 banks • 25+ of the top global brands Securing global application infrastructures for the largest and most complex enterprises including: 1. Source: Quocirca Cloud-Based Platform Our cloud-based platform provides centralized policies and simplifies information sharing across global teams. It also provides: role-based access control (RBAC); security analytics and KPI dashboards to track the progress of your global program; automated compliance reporting and workflows; and APIs for tight integration with agile development processes. eLearning Helps developers become proficient in secure coding practices and achieve compliance with mandates such as PCI-DSS Requirement 6.5. Veracode’s holistic approach combines our powerful cloud-based platform with multiple technologies and services to identify application-layer threats, including:

Recomendados

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 

Recomendados

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
Stefan Streichsbier
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.
Matt Tesauro
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
idsecconf
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps Approach
VMware Tanzu
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
Veracode
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
Salil Kumar Subramony
 

Mais conteúdo relacionado

Mais procurados

Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 

Mais procurados (20)

Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps Approach
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 

Destaque

The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
Veracode
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
Veracode
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 

Destaque (14)

Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - Veracode
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 

Semelhante a Veracode - Overview

Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
Andrew Kanikuru
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
Tyler Shields
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
Lumension
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
qqlan
 

Semelhante a Veracode - Overview (20)

Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Security that Scales with Cloud Native Development
Security that Scales with Cloud Native DevelopmentSecurity that Scales with Cloud Native Development
Security that Scales with Cloud Native Development
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 
How Can Your Organization Benefit From Application Modernization_.pdf
How Can Your Organization Benefit From Application Modernization_.pdfHow Can Your Organization Benefit From Application Modernization_.pdf
How Can Your Organization Benefit From Application Modernization_.pdf
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018)
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of Globalization
 

Veracode - Overview

  • 1. It’s Smart: Our software learns continuously to address rapidly- evolving threats — and is designed by the world’s foremost experts in application security. It’s Cloud-Based: Our cloud-based platform is massively scalable and let’s you start immediately — without hiring more consultants or installing more servers and tools. VERACODE APPLICATION SECURITY Speed your innovations to market — without sacrificing security We help the world’s largest enterprises reduce global application-layer risk across web, mobile and third-party applications. More than half of all breaches occur at the application layer, yet only 10% of enterprises test all their critical applications for resilience against cyber-attacks. Why? Because traditional application security slows down innovation. Veracode offers a simpler and more scalable approach for reducing application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications. It’s Programmatic: Our program managers help you implement a centralized, policy-based approach for managing enterprise-wide governance and reporting on an ongoing basis.
  • 2. 54% of all attacks target the application layer (Source: Verizon DBIR) Mobile, cloud, social media and Big Data are dramatically changing the way we deliver business innovation. And it’s your job as CISO to ensure new applications don’t introduce unnecessary risk. The traditional, on-premises approach to application security imposes excessive complexity on fast-moving development teams. It requires specialized expertise and is difficult to configure. Plus it doesn’t allow you to apply an enterprise-wide governance model with consistent policies across multiple business units and development teams. As a result, most enterprises take a fragmented approach to application-layer security. They spend millions on ad-hoc manual testing and tools but cover only a fraction of their global application threat surface. In fact, 28% of organizations don’t even know how many applications they have   (Source: SANS) 87% of web applications don’t comply with the OWASP Top 10 (Source: Veracode State of Software Security Report) 78% of enterprises don’t perform security reviews for 3rd-party software (Source: SANS) Despite this, fewer than 10% of enterprises test all of their business-critical applications before and after deploying them (Source: SANS) 79% of developers say they either have no process or an inefficient ad-hoc process for building security into applications (Source: Ponemon) APPLICATIONS ARE STRATEGIC FOR BUSINESS INNOVATION – AND A TOP TARGET FOR CYBER-ATTACKS EVERY ENTERPRISE IS NOW A TECHNOLOGY COMPANY This piecemeal approach yields predictably poor results. Cyber-attackers continue to improve their tactics at an alarming rate. They look for paths of least resistance, such as less critical sites you may not even know existed. They search every nook and cranny of your applications to find their weak spots. And if you aren’t testing your application infrastructure to the same level, you’re exposing yourself to unnecessary risks that can lead to theft of customer data and intellectual property, fraud, downtime and brand impact. Veracode offers a smarter and fundamentally different approach to application-layer security. Our subscription-based service combines a powerful cloud-based platform with deep security expertise and proven best practices for managing enterprise-wide governance programs. That’s why you can count on us to make your global program successful — so your business can go further faster without compromising your security posture.
  • 3. BRING YOUR GLOBAL APPLICATION INFRASTRUCTURE INTO CORPORATE COMPLIANCE WITHIN WEEKS — VERSUS MONTHS OR YEARS WITH LEGACY ON-PREMISES APPROACHES SMART CLOUD-BASED PROGRAMMATIC • Continuously learning with every new scan to address rapidly evolving threats and minimize false positives • Delivers security intelligence to existing WAFs, MDMs and GRC frameworks • Combines multiple analysis techniques for optimum accuracy and coverage (binary SAST, DAST, behavioral analysis, manual penetration testing) • Analytics dashboards track KPIs vs. industry peers • Built and evolved by the world’s top researchers in application-layer security • Massively scalable to address your entire application infrastructure • Implements central policies uniformly across all business units and development teams • Rapid ramp-up via SaaS model — no need to hire more consultants or install more servers and tools • Centralized information-sharing platform for simplified collaboration across global teams: security, development, audit, operations, third-party vendors • Transforms de-centralized, ad-hoc processes into structured, ongoing governance programs • Outsourced program management leverages proven best practices developed with the world’s largest enterprises • Addresses complexity of managing across geographically-distributed development organizations • Expert coaching helps developers rapidly remediate vulnerabilities  • Tight integration with agile workflows accelerates developer adoption • Recognized by Gartner for receiving high marks from customers for customer success program CISOs CAN BE MORE PROACTIVE AND STRATEGIC ABOUT APPLICATION-LAYER SECURITY — MAKING THEM BUSINESS INNOVATION ENABLERS
  • 4. THE MOST POWERFUL APPLICATION SECURITY PLATFORM ON THE PLANET 65 Network Drive,  Burlington, MA 01803, USA.   Tel +1.339.674.2500    www.veracode.com Binary Static Analysis (SAST) Static Application Security Testing (SAST), or “white-box” testing, finds common vulnerabilities by creating a detailed model of the application’s data and control paths — without actually executing it. The model is then searched for all paths through the application that represent a potential weakness, such as SQL Injection. Unique in the industry, Veracode’s patented binary SAST technology analyzes all code — including third- party software such as components and libraries — without requiring access to source code. Dynamic Analysis (DAST) Dynamic Application Security Testing (DAST) or “black-box” testing, identifies architectural weaknesses and vulnerabilities in your running web applications before cyber-criminals can find and exploit them. DAST uses the same approach used by attackers when probing the attack surface, such as deliberately supplying malicious input to web forms and shopping carts. Web Application Discovery & Monitoring Most organizations have thousands of web-facing applications — including many they may not even be aware of, such as temporary marketing sites and sites inherited via M&A. Veracode addresses this visibility gap by creating a catalog of all web applications via a massively parallel, auto-scaling cloud infrastructure that discovers tens of thousands of sites per week (via production-safe crawling). Veracode then baselines your risk by running a non-intrusive scan on thousands of applications simultaneously. This scan quickly identifies the most exploitable vulnerabilities such as SQL Injection and Cross-Site Scripting. Rapid mitigation is enabled by feeding threat intelligence to Web Application Firewalls (WAFs). Third-Party Security More than two-thirds of enterprise applications are provided by third- parties1 — including commercial applications, outsourced code, SaaS, third-party libraries and open source. Our Vendor Application Security Testing Program (VAST) reduces the risk associated with third-party software by managing the entire vendor compliance program on your behalf and helping you define a best practices governance model. Mobile Application Security Veracode’s behavioral analysis dynami- cally analyzes an application’s real-time behavior (in a sandbox) to identify risky actions such as data exfiltration to suspi- cious geolocations. This security intelli- gence is integrated with MDM solutions to enable enforcement of corporate BYOD policies. Static analysis is also used to identify malware and coding vulnerabilities such as information leakage. Manual Penetration Testing Services Manual Penetration Testing adds the benefit of specialized human expertise to our automated binary static and dynamic analysis — and it uses the same methodology cyber-criminals use to exploit specific weaknesses such as business logic vulnerabilities. Veracode’s cloud-based platform provides a single central location for consolidating results from multiple techniques — both automated and manual — so you’re better able to identify all vulnerabilities of measurable risk. VERACODE AT A GLANCE • Founded in 2006 • 300+ employees • 500+ customers worldwide • Gartner Magic Quadrant Leader for Application Security Testing • One-third of the Fortune 100 • 3 of the top 4 banks • 25+ of the top global brands Securing global application infrastructures for the largest and most complex enterprises including: 1. Source: Quocirca Cloud-Based Platform Our cloud-based platform provides centralized policies and simplifies information sharing across global teams. It also provides: role-based access control (RBAC); security analytics and KPI dashboards to track the progress of your global program; automated compliance reporting and workflows; and APIs for tight integration with agile development processes. eLearning Helps developers become proficient in secure coding practices and achieve compliance with mandates such as PCI-DSS Requirement 6.5. Veracode’s holistic approach combines our powerful cloud-based platform with multiple technologies and services to identify application-layer threats, including: