In this video, you will learn how to create a custom policy in the Veracode Platform. The Veracode Platform enables you to create an application security policy against which you can evaluate and measure your applications. You can create, edit, or delete a policy. You must have the Policy Administrator role to perform policy maintenance activities. Policies can comprise one or more of the following types of requirements for your applications: rules, scan requirements, and remediation grace periods. You define the requirements while creating a new policy.

For the 11th version of the State of Software Security report, Veracode analyzed the security scan results from 130,000 applications. This short video gives a snapshot of what the data shows about the state of software security today.

Learn more about cross-site scripting (XSS) and how to avoid common XSS attacks.

Learn more about SQL injection vulnerabilities and how to prevent a SQL injection attack.

In this video, you will learn how to: You can use the Jenkins Credentials Binding Plugin to hide your Veracode API credentials from the Jenkins interface and logs. You use the plugin to associate, or bind, your Veracode API credentials to environment variables and save them to the Jenkins credentials store. During a build, Jenkins uses the environment variables to secretly access your credentials. The Jenkins interface and logs only show the bound environment variables.

In this video, you will learn how to create a new application profile in the Veracode Platform. Users with the Creator or Security Lead role on the Veracode Platform can create application profiles. The application profile describes your application, identifies the policy to evaluate the application with, and provides metadata that enables a thorough analysis of security performance across all the applications in your organization.

While most false positives result from the misconfiguration of scans, this video series will help you understand what causes them and how to avoid or reduce them.