Andrew Kanikuru, profile picture
Uploaded byAndrew Kanikuru
162 views

Veracode Corporate Overview - Print

The document discusses an application security platform that provides end-to-end security across web, mobile, and legacy applications. It utilizes multiple techniques like static analysis, dynamic analysis, software composition analysis, and web perimeter monitoring to identify vulnerabilities. The platform was designed for scale as a cloud-based service to securely manage global application infrastructures. It implements structured governance programs backed by security experts to help enterprises reduce risks across their software supply chains.

Embed presentation

Download to read offline
It’s End-to-End: Our single central platform covers web, mobile and legacy applications, from the SDLC to IT operations to the software supply chain and open source. It’s Built for Scale: Our cloud-based service was purpose-built for the speed and scale required to secure applications enterprise-wide. VERACODE APPLICATION SECURITY Speed your innovations to market — without sacrificing security We help the world’s largest enterprises reduce global application-layer risk across web, mobile and third-party applications. Web applications are the #1 attack vector for data breaches, yet only 10% of enterprises test all their critical applications for resilience against cyber- attacks. Why? Because traditional application security slows down innovation. Veracode offers a simpler and more scalable approach for reducing application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications. It’s Systematic: Our program managers help you reduce enterprise security risk by implementing structured governance programs, backed by world-class experts in application security.
Web applications are the #1 attack vector (Source: Verizon DBIR) Mobile, cloud and social media are dramatically changing the way we deliver business innovation. And it’s your job as CISO to ensure new applications don’t introduce unnecessary risk. The traditional, network-centric approach to cybersecurity is no longer sufficient because application-layer attacks often bypass network-layer defenses. And the traditional, on-premises approach to application security imposes excessive complexity on fast-moving development teams. It requires specialized expertise and is difficult to scale. Plus it doesn’t allow you to apply an enterprise-wide governance model with consistent policies across multiple business units and development teams. As a result, most enterprises take a fragmented approach to application-layer security. They spend millions on ad-hoc manual testing and tools 
but cover only a fraction of their global application threat surface. In fact, 28% of organizations don’t even know how many applications they have   (Source: SANS) 87% of web applications don’t comply with the OWASP Top 10 (Source: Veracode State of Software Security Report) 78% of enterprises don’t perform security reviews for 3rd-party software (Source: SANS) Despite this, fewer than 10% of enterprises test all of their business-critical applications before and after deploying them (Source: SANS) 79% of developers say they either have no process or an inefficient ad-hoc process for building security into applications (Source: Ponemon) APPLICATIONS ARE STRATEGIC FOR BUSINESS INNOVATION – AND A TOP TARGET FOR CYBER-ATTACKS EVERY ENTERPRISE IS NOW A TECHNOLOGY COMPANY This piecemeal approach yields predictably poor results. Cyberattackers continue to improve their tactics at an alarming rate. They look for paths of least resistance, such as less critical sites you may not even know existed. They search every nook and cranny of your applications to find their weak spots. And if you aren’t testing your application infrastructure to the same level, you’re exposing yourself to unnecessary risks that can lead to theft of customer data and corporate intellectual property, fraud, downtime and brand impact. Veracode offers a fundamentally different approach. Our automated cloud-based service combines centralized policies and analytics with world-class expertise and proven best practices for managing enterprise-wide governance programs. That’s why you can count on us to make your global program successful — so your business can go further faster without compromising your security posture.
BRING YOUR GLOBAL APPLICATION INFRASTRUCTURE INTO CORPORATE COMPLIANCE WITHIN WEEKS — VERSUS MONTHS OR YEARS WITH LEGACY ON-PREMISES APPROACHES END-TO-END BUILT FOR SCALE SYSTEMATIC • Across web, mobile & legacy applications • From the SDLC to IT ops to the software supply chain & open source • Broad coverage via multiple techniques (SAST, DAST, behavioral, web perimeter & SW composition analysis) • Central policies & metrics for consistent controls across global BUs & development teams • Purpose-built as automated cloud-based service • Enables speed & scale required to secure apps enterprise-wide • Platform is continuously learning to address new threats & reduce false positives • Fast turnaround & tight integration with agile development workflows via APIs • Transform de-centralized processes into structured governance programs • Backed by the world’s foremost experts in application-layer security • Best practices learned from securing the world’s largest global enterprises • Single point of accountability & focus on successful outcomes Single central platform Cloud-based automation Reduced enterprise risk CISOs CAN BE MORE PROACTIVE AND STRATEGIC ABOUT APPLICATION-LAYER SECURITY — MAKING THEM BUSINESS INNOVATION ENABLERS
THE MOST POWERFUL APPLICATION SECURITY PLATFORM ON THE PLANET 65 Network Drive,  Burlington, MA 01803, USA.   Tel +1.339.674.2500    www.veracode.com Binary Static Analysis (SAST) Static Application Security Testing (SAST), or “white-box” testing, finds common vulnerabilities by creating a detailed model of the application’s data and control paths — without actually executing it. The model is then searched for all paths through the application that represent a potential weakness, such as SQL Injection. Unique in the industry, Veracode’s patented binary SAST technology analyzes all code — including third- party software such as components and libraries — without requiring access to source code. Software Composition Analysis Software composition analysis enables developers to continuously audit all their code — including third-party and open source components such as libraries and frameworks — to identify known vulnerabilities such as Heartbleed and Struts2 vulnerabilities. Integration with Agile and DevOps Toolchains Veracode provides a rich set of APIs and plugins to simplify integration into development environments. This maximizes developer productivity by embedding security into build and test processes, including Agile and continuous deployment toolchains (Jenkins, JIRA, Eclipse, Visual Studio, Team Foundation Server, etc.). Frequent assessments allow the team to identify and remediate release blockers early in the cycle — when they are easier and less expensive to fix. Equally important is that the majority of Veracode scans finish quickly. In fact, 80% of assessments are turned around in less than 4 hours. Dynamic Analysis (DAST) Dynamic Application Security Testing (DAST) or “black-box” testing, identifies architectural weaknesses and vulnerabilities in your running web applications before cyber-criminals can find and exploit them. DAST uses the same approach used by attackers when probing the attack surface, such as deliberately supplying malicious input to web forms and shopping carts. Web Perimeter Monitoring Cyber-attackers are constantly looking for the paths of least resistance — such as obscure or out-of-date websites — to gain access to critical corporate and customer data. Our massively parallel, auto-scaling cloud infrastructure rapidly discovers all public-facing applications, including unknown sites outside the normal corporate IP range. Unlike traditional network scanners, it uses a combination of advanced search techniques — such as DNS keyword searches, production-safe crawling, analyzing page redirects and machine learning — to quickly identify unknown sites that traditional network scanners miss. It then crawls all of the pages of high confidence sites using unauthenticated scanning to identify critical vulnerabilities such as SQL injection and Cross-Site Scripting (XSS). Organizations can often rapidly reduce risk simply by shutting down unused websites or upgrading vulnerable modules to more up-to-date versions. WAF Integration Veracode integrates its security intelligence with leading WAFs to enable rapid “virtual patching” of critical vulnerabilities in production applications. This approach effectively mitigates risk until code remediation can occur. Third-Party Security More than two-thirds of enterprise applications are provided by third- parties — including commercial applications, outsourced code, SaaS, third- party libraries and open source. Our vendor application security testing program reduces the risk associated with third-party software by managing the entire vendor compliance program on your behalf. VERACODE AT A GLANCE • Founded in 2006 • 400+ employees • 800+ customers worldwide • Gartner Magic Quadrant Leader for Application Security Testing • Hundreds of the world’s top enterprises • 3 of the top 4 banks in the Fortune 100 • 20+ of Forbes’ 100 Most Valuable Brands Securing global application infrastructures for the largest and most complex enterprises including: Veracode’s holistic approach combines our powerful cloud-based platform with multiple analysis technologies to identify application- layer threats, including: Mobile Application Security Veracode’s Mobile App Reputation Service provides behavioral intelligence to help you determine which mobile apps violate enterprise policies for security and privacy. The App Reputation Service integrates with leading mobile device management (MDM) solutions ­— including AirWatch, MobileIron, and Fiberlink — to help you implement a secure BYOD program via automated app blacklisting. Cloud-Based Platform Our cloud-based platform provides centralized policies and simplifies information sharing across global teams. It also provides: role-based access control (RBAC); security analytics and KPI dashboards to track the progress of your global program; automated compliance reporting and remediation workflows; and APIs for tight integration with agile development processes. eLearning Helps developers become proficient in secure coding practices and achieve compliance with mandates such as PCI-DSS Requirement 6.5. to identify all vulnerabilities of measurable risk.

More Related Content

PDF
Veracode - Overview
byStephen Durrant
 
PPTX
Secure Code review - Veracode SaaS Platform - Saudi Green Method
bySalil Kumar Subramony
 
PDF
Healthcare application-security-practices-survey-veracode
byVeracode
 
PPTX
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
PPTX
Veracode - Inglês
byDeServ - Tecnologia e Servços
 
PDF
Risks in the Software Supply Chain
byMark Sherman
 
PDF
edgescan vulnerability stats report (2018)
byEoin Keary
 
PDF
Fortify Continuous Delivery
byMainstay
 
Veracode - Overview
byStephen Durrant
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
bySalil Kumar Subramony
 
Healthcare application-security-practices-survey-veracode
byVeracode
 
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
Veracode - Inglês
byDeServ - Tecnologia e Servços
 
Risks in the Software Supply Chain
byMark Sherman
 
edgescan vulnerability stats report (2018)
byEoin Keary
 
Fortify Continuous Delivery
byMainstay
 

What's hot

PDF
application-security-fallacies-and-realities-veracode
bysciccone
 
PDF
The Web AppSec How-To: The Defender's Toolbox
byCheckmarx
 
PPTX
Intelligence on the Intractable Problem of Software Security
byTyler Shields
 
PDF
Mobile Security: Apps are our digital lives.
byVeracode
 
PDF
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
bySonatype
 
PPTX
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
byTunde Ogunkoya
 
PDF
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
bySonatype
 
PDF
Cybersecurity Best Practices for 3rd Party Supply Chain
byAnthony Braddy
 
PPTX
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
byDigital Defense Inc
 
PDF
Application Security Management with ThreadFix
byVirtual Forge
 
PDF
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
bySonatype
 
PPTX
Accelerating Innovation with Software Supply Chain Management
bySonatype
 
PDF
Qualys Corporate Brochure
byQualys
 
PDF
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
bySonatype
 
PPTX
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
byIBM Security
 
PDF
7 measures to overcome cyber attacks of web application
byTestingXperts
 
PDF
PCI and Vulnerability Assessments - What’s Missing?
byBlack Duck by Synopsys
 
PPTX
Black Duck & IBM Present: Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
PDF
Secunia Vulnerability Review 2014
byKim Jensen
 
PDF
Turning the Tables on Cyber Attacks
by- Mark - Fullbright
 
application-security-fallacies-and-realities-veracode
bysciccone
 
The Web AppSec How-To: The Defender's Toolbox
byCheckmarx
 
Intelligence on the Intractable Problem of Software Security
byTyler Shields
 
Mobile Security: Apps are our digital lives.
byVeracode
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
bySonatype
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
byTunde Ogunkoya
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
bySonatype
 
Cybersecurity Best Practices for 3rd Party Supply Chain
byAnthony Braddy
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
byDigital Defense Inc
 
Application Security Management with ThreadFix
byVirtual Forge
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
bySonatype
 
Accelerating Innovation with Software Supply Chain Management
bySonatype
 
Qualys Corporate Brochure
byQualys
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
bySonatype
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
byIBM Security
 
7 measures to overcome cyber attacks of web application
byTestingXperts
 
PCI and Vulnerability Assessments - What’s Missing?
byBlack Duck by Synopsys
 
Black Duck & IBM Present: Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
Secunia Vulnerability Review 2014
byKim Jensen
 
Turning the Tables on Cyber Attacks
by- Mark - Fullbright
 

Viewers also liked

PDF
New .
byPaula Perez
 
PPS
О чем молчат обелиски
by9bklass
 
PPTX
Maoris TOURISM
byajoydas11
 
DOCX
Shooting schedule
byLauren Bailey
 
PDF
Presentació de Frederic Udina: Secrets i enganys dels sondejos. Ateneu Barcel...
bySecció Ciència i Tecnologia
 
PDF
Opinator - Rexona case study
bypiiacarita
 
PPT
Puansettija - Рождественский цветок
byeesti
 
PPTX
Startup Weekend B2B (Geodometer)
byTyler Bauer
 
PPS
Nationalgeographictravelerphotooftheday2014 140831031457-phpapp02
byLucky Lucky
 
PPT
Теорема Пифагора
by9bklass
 
PPT
Shaista Project
bykhuzama08
 
PDF
World war 1 in huntingdon backup
byPaula Perez
 
PDF
New
byPaula Perez
 
DOCX
Shooting schedule-overview-4
byLauren Bailey
 
PDF
Презентация krasotadesign
byNikita Kulchitskiy
 
PPTX
family tree
bykhuzama08
 
PPT
Viikingite küla 2014
byeesti
 
DOCX
Recruitement And Selection Process
byAyesha Sultana
 
PPTX
Sumber Hukum Islam
byM. Insan Alfi Sobri
 
PPTX
осенние фантазии конкурс - дефиле костюмов
byeesti
 
New .
byPaula Perez
 
О чем молчат обелиски
by9bklass
 
Maoris TOURISM
byajoydas11
 
Shooting schedule
byLauren Bailey
 
Presentació de Frederic Udina: Secrets i enganys dels sondejos. Ateneu Barcel...
bySecció Ciència i Tecnologia
 
Opinator - Rexona case study
bypiiacarita
 
Puansettija - Рождественский цветок
byeesti
 
Startup Weekend B2B (Geodometer)
byTyler Bauer
 
Nationalgeographictravelerphotooftheday2014 140831031457-phpapp02
byLucky Lucky
 
Теорема Пифагора
by9bklass
 
Shaista Project
bykhuzama08
 
World war 1 in huntingdon backup
byPaula Perez
 
New
byPaula Perez
 
Shooting schedule-overview-4
byLauren Bailey
 
Презентация krasotadesign
byNikita Kulchitskiy
 
family tree
bykhuzama08
 
Viikingite küla 2014
byeesti
 
Recruitement And Selection Process
byAyesha Sultana
 
Sumber Hukum Islam
byM. Insan Alfi Sobri
 
осенние фантазии конкурс - дефиле костюмов
byeesti
 

Similar to Veracode Corporate Overview - Print

PDF
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
byCA Technologies
 
PDF
State of Software Security - Enterprise Testing of Software Supply Chain
bystemkat
 
PDF
Building Blocks of Secure Development: How to Make Open Source Work for You
bySBWebinars
 
PDF
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
byDevSecCon
 
PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
byThreat Stack
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
byMichael Man
 
PPTX
How to get the best out of DevSecOps - a security perspective
byColin Domoney
 
PDF
We are excited to announce that our new State of Software Security (SOSS) rep...
byAmpliz
 
PDF
The State of Software Security 2022 SOSS - Solution
byNeelKamalSingh8
 
PDF
state-software-security-report-june-2015-report
bySean Varga
 
PDF
RSA 2018- What’s Hot in the Cyber Security Space
bySBWebinars
 
PDF
The complete guide to developer first application security By Github.Com
bydarelinornes
 
PDF
The complete guide to developer first application security By Github.Com
bynootjeiviwe
 
PDF
Protect Your Organization Against Known Security Defects
byDeborah Schalm
 
PPTX
DevOps to DevSecOps: Enhancing Software Security Throughout The Development L...
byAnowar Hossain
 
PDF
Application Security in a DevOps World
byCA Technologies
 
PPTX
How to create a business case for expanding your AppSec program
byColin Domoney
 
PDF
Breached! App Attacks, Application Protection and Incident Response
byResilient Systems
 
PDF
Create code confidence for better application security
byRogue Wave Software
 
PDF
Veracode ciso riyadh
bySalil Kumar Subramony
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
byCA Technologies
 
State of Software Security - Enterprise Testing of Software Supply Chain
bystemkat
 
Building Blocks of Secure Development: How to Make Open Source Work for You
bySBWebinars
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
byDevSecCon
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
byThreat Stack
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
byMichael Man
 
How to get the best out of DevSecOps - a security perspective
byColin Domoney
 
We are excited to announce that our new State of Software Security (SOSS) rep...
byAmpliz
 
The State of Software Security 2022 SOSS - Solution
byNeelKamalSingh8
 
state-software-security-report-june-2015-report
bySean Varga
 
RSA 2018- What’s Hot in the Cyber Security Space
bySBWebinars
 
The complete guide to developer first application security By Github.Com
bydarelinornes
 
The complete guide to developer first application security By Github.Com
bynootjeiviwe
 
Protect Your Organization Against Known Security Defects
byDeborah Schalm
 
DevOps to DevSecOps: Enhancing Software Security Throughout The Development L...
byAnowar Hossain
 
Application Security in a DevOps World
byCA Technologies
 
How to create a business case for expanding your AppSec program
byColin Domoney
 
Breached! App Attacks, Application Protection and Incident Response
byResilient Systems
 
Create code confidence for better application security
byRogue Wave Software
 
Veracode ciso riyadh
bySalil Kumar Subramony
 

Veracode Corporate Overview - Print

  • 1.
    It’s End-to-End: Oursingle central platform covers web, mobile and legacy applications, from the SDLC to IT operations to the software supply chain and open source. It’s Built for Scale: Our cloud-based service was purpose-built for the speed and scale required to secure applications enterprise-wide. VERACODE APPLICATION SECURITY Speed your innovations to market — without sacrificing security We help the world’s largest enterprises reduce global application-layer risk across web, mobile and third-party applications. Web applications are the #1 attack vector for data breaches, yet only 10% of enterprises test all their critical applications for resilience against cyber- attacks. Why? Because traditional application security slows down innovation. Veracode offers a simpler and more scalable approach for reducing application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications. It’s Systematic: Our program managers help you reduce enterprise security risk by implementing structured governance programs, backed by world-class experts in application security.
  • 2.
    Web applications are the#1 attack vector (Source: Verizon DBIR) Mobile, cloud and social media are dramatically changing the way we deliver business innovation. And it’s your job as CISO to ensure new applications don’t introduce unnecessary risk. The traditional, network-centric approach to cybersecurity is no longer sufficient because application-layer attacks often bypass network-layer defenses. And the traditional, on-premises approach to application security imposes excessive complexity on fast-moving development teams. It requires specialized expertise and is difficult to scale. Plus it doesn’t allow you to apply an enterprise-wide governance model with consistent policies across multiple business units and development teams. As a result, most enterprises take a fragmented approach to application-layer security. They spend millions on ad-hoc manual testing and tools 
but cover only a fraction of their global application threat surface. In fact, 28% of organizations don’t even know how many applications they have   (Source: SANS) 87% of web applications don’t comply with the OWASP Top 10 (Source: Veracode State of Software Security Report) 78% of enterprises don’t perform security reviews for 3rd-party software (Source: SANS) Despite this, fewer than 10% of enterprises test all of their business-critical applications before and after deploying them (Source: SANS) 79% of developers say they either have no process or an inefficient ad-hoc process for building security into applications (Source: Ponemon) APPLICATIONS ARE STRATEGIC FOR BUSINESS INNOVATION – AND A TOP TARGET FOR CYBER-ATTACKS EVERY ENTERPRISE IS NOW A TECHNOLOGY COMPANY This piecemeal approach yields predictably poor results. Cyberattackers continue to improve their tactics at an alarming rate. They look for paths of least resistance, such as less critical sites you may not even know existed. They search every nook and cranny of your applications to find their weak spots. And if you aren’t testing your application infrastructure to the same level, you’re exposing yourself to unnecessary risks that can lead to theft of customer data and corporate intellectual property, fraud, downtime and brand impact. Veracode offers a fundamentally different approach. Our automated cloud-based service combines centralized policies and analytics with world-class expertise and proven best practices for managing enterprise-wide governance programs. That’s why you can count on us to make your global program successful — so your business can go further faster without compromising your security posture.
  • 3.
    BRING YOUR GLOBALAPPLICATION INFRASTRUCTURE INTO CORPORATE COMPLIANCE WITHIN WEEKS — VERSUS MONTHS OR YEARS WITH LEGACY ON-PREMISES APPROACHES END-TO-END BUILT FOR SCALE SYSTEMATIC • Across web, mobile & legacy applications • From the SDLC to IT ops to the software supply chain & open source • Broad coverage via multiple techniques (SAST, DAST, behavioral, web perimeter & SW composition analysis) • Central policies & metrics for consistent controls across global BUs & development teams • Purpose-built as automated cloud-based service • Enables speed & scale required to secure apps enterprise-wide • Platform is continuously learning to address new threats & reduce false positives • Fast turnaround & tight integration with agile development workflows via APIs • Transform de-centralized processes into structured governance programs • Backed by the world’s foremost experts in application-layer security • Best practices learned from securing the world’s largest global enterprises • Single point of accountability & focus on successful outcomes Single central platform Cloud-based automation Reduced enterprise risk CISOs CAN BE MORE PROACTIVE AND STRATEGIC ABOUT APPLICATION-LAYER SECURITY — MAKING THEM BUSINESS INNOVATION ENABLERS
  • 4.
    THE MOST POWERFUL APPLICATIONSECURITY PLATFORM ON THE PLANET 65 Network Drive,  Burlington, MA 01803, USA.   Tel +1.339.674.2500    www.veracode.com Binary Static Analysis (SAST) Static Application Security Testing (SAST), or “white-box” testing, finds common vulnerabilities by creating a detailed model of the application’s data and control paths — without actually executing it. The model is then searched for all paths through the application that represent a potential weakness, such as SQL Injection. Unique in the industry, Veracode’s patented binary SAST technology analyzes all code — including third- party software such as components and libraries — without requiring access to source code. Software Composition Analysis Software composition analysis enables developers to continuously audit all their code — including third-party and open source components such as libraries and frameworks — to identify known vulnerabilities such as Heartbleed and Struts2 vulnerabilities. Integration with Agile and DevOps Toolchains Veracode provides a rich set of APIs and plugins to simplify integration into development environments. This maximizes developer productivity by embedding security into build and test processes, including Agile and continuous deployment toolchains (Jenkins, JIRA, Eclipse, Visual Studio, Team Foundation Server, etc.). Frequent assessments allow the team to identify and remediate release blockers early in the cycle — when they are easier and less expensive to fix. Equally important is that the majority of Veracode scans finish quickly. In fact, 80% of assessments are turned around in less than 4 hours. Dynamic Analysis (DAST) Dynamic Application Security Testing (DAST) or “black-box” testing, identifies architectural weaknesses and vulnerabilities in your running web applications before cyber-criminals can find and exploit them. DAST uses the same approach used by attackers when probing the attack surface, such as deliberately supplying malicious input to web forms and shopping carts. Web Perimeter Monitoring Cyber-attackers are constantly looking for the paths of least resistance — such as obscure or out-of-date websites — to gain access to critical corporate and customer data. Our massively parallel, auto-scaling cloud infrastructure rapidly discovers all public-facing applications, including unknown sites outside the normal corporate IP range. Unlike traditional network scanners, it uses a combination of advanced search techniques — such as DNS keyword searches, production-safe crawling, analyzing page redirects and machine learning — to quickly identify unknown sites that traditional network scanners miss. It then crawls all of the pages of high confidence sites using unauthenticated scanning to identify critical vulnerabilities such as SQL injection and Cross-Site Scripting (XSS). Organizations can often rapidly reduce risk simply by shutting down unused websites or upgrading vulnerable modules to more up-to-date versions. WAF Integration Veracode integrates its security intelligence with leading WAFs to enable rapid “virtual patching” of critical vulnerabilities in production applications. This approach effectively mitigates risk until code remediation can occur. Third-Party Security More than two-thirds of enterprise applications are provided by third- parties — including commercial applications, outsourced code, SaaS, third- party libraries and open source. Our vendor application security testing program reduces the risk associated with third-party software by managing the entire vendor compliance program on your behalf. VERACODE AT A GLANCE • Founded in 2006 • 400+ employees • 800+ customers worldwide • Gartner Magic Quadrant Leader for Application Security Testing • Hundreds of the world’s top enterprises • 3 of the top 4 banks in the Fortune 100 • 20+ of Forbes’ 100 Most Valuable Brands Securing global application infrastructures for the largest and most complex enterprises including: Veracode’s holistic approach combines our powerful cloud-based platform with multiple analysis technologies to identify application- layer threats, including: Mobile Application Security Veracode’s Mobile App Reputation Service provides behavioral intelligence to help you determine which mobile apps violate enterprise policies for security and privacy. The App Reputation Service integrates with leading mobile device management (MDM) solutions ­— including AirWatch, MobileIron, and Fiberlink — to help you implement a secure BYOD program via automated app blacklisting. Cloud-Based Platform Our cloud-based platform provides centralized policies and simplifies information sharing across global teams. It also provides: role-based access control (RBAC); security analytics and KPI dashboards to track the progress of your global program; automated compliance reporting and remediation workflows; and APIs for tight integration with agile development processes. eLearning Helps developers become proficient in secure coding practices and achieve compliance with mandates such as PCI-DSS Requirement 6.5. to identify all vulnerabilities of measurable risk.