Veracode’s Cloud-based app testing
The security paradigm is changing, changing from an emphasis on protecting borders to an emphasis on protecting applications and data. One of the driving forces is the migration from computer room to cloud computing; where the border is neither static nor known. You can’t protect what doesn’t exist; so instead you have to protect the data that does exist, and the applications that use the data. You protect data with encryption; you protect applications by testing for vulnerabilities and remediation.
Veracode’s newly enhanced SecurityReview can help with the latter – and where more fitting to do so than in the cloud? Developers can now upload applications automatically and download line-of-code specific vulnerability identification and remediation instructions directly to defect tracking systems and integrated development environments (IDEs). Results are claimed to be often 100 percent lower in false positives than alternative on-premise source code tools. By delivering the benefits of cloud-based static binary and dynamic web application testing to local development environments, Veracode makes accurate, reliable application security testing accessible to all developers, not just security experts.
By integrating cloud-based testing capabilities directly into tools that are part of a developer’s everyday life, Veracode is really completing the ‘last mile’ needed to deliver the advantages of both static and dynamic cloud-based security testing into the on-premise development climate. It’s one of the few really useful examples of the cloud that I have seen and the potential is clear – more secure code for substantially less developer effort.
Nigel Stanley, practice leader, Bloor Research
Until now, developers responsible for incorporating security testing into their development lifecycles have had two options – on-premise tools with high false positive rates, or manual third-party penetration testing that can be time consuming and costly. With this announcement, we are truly offering developers the best of all worlds – the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner. Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive.
Jon Stevenson, senior vice president of engineering, Veracode