Veracode

Burlington, MA, USA
2006
  |  By Alexandra Gobbi
RSA Conference 2024 brought together industry experts, practitioners, and policymakers to discuss the latest trends and challenges in cybersecurity. We showcased our commitment to CISA's Secure by Design, explored the potential of AI in risk management, and emphasized the significance of global collaboration. Here are some highlights from our time at RSA Conference, providing insights into the discussions and announcements that shape the future of cybersecurity.
  |  By Jenny Buckingham
In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks.
  |  By Natalie Tischler
Are you looking to catch up on the latest in AI and cloud-native Application Security at RSAC 2024? Veracode is hosting a series of talks at our booth along with a series of programs at The W San Francisco. Here are all the details.
  |  By Robert Haynes
We’re excited to bring you two significant updates to Veracode Fix: our AI-powered security flaw remediation tool. Since we launched Fix nearly a year ago, two requests have dominated our customer feedback: We recently launched a new version of Veracode Scan for VS Code that included Fix (with more IDE’s to follow), which answered some of those requests, and now we’re updating Fix to cover more languages and a new mode that will automatically apply the top-ranked fix.
  |  By Natalie Tischler
Traditional methods of flaw remediation are not equipped with the technology to keep pace with the rapid evolution of code generation practices, leaving developers incapable of managing burdensome and overwhelming security debt. Code security is still a critical concern in software development. For instance, when GitHub Copilot generated 435 code snippets, almost 36% of them had security weaknesses, regardless of the programming language.
  |  By Brian Roche
Software development teams face a constant dilemma: striking the right balance between speed and security. How is artificial intelligence (AI) impacting this dilemma? With the increasing use of AI in the development process, it's essential to understand the risks involved and how we can maintain a secure environment without compromising on speed. Let’s dive in.
  |  By Brian Roche
As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market.
  |  By Nova Trauben
The US National Institute of Standards and Technology (NIST) has almost completely stopped analyzing new vulnerabilities (CVEs) listed in its National Vulnerability Database (NVD). Through the first six weeks of 2024, NIST analyzed over 3,500 CVEs with only 34 CVEs awaiting analysis.1 Since February 13th, however, nearly half (48%) of the 7,200 CVEs received this year by the NVD are still awaiting analysis.2 The number of CVEs analyzed has dropped nearly 80% to less than 750 CVEs analyzed.
  |  By Robert Haynes
In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.
  |  By Jenny Buckingham
Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode's State of Software Security 2024 Report. Let’s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more.
  |  By Veracode
Join our CEO, Brian Roche, and CTO, Chris Wysopal as they talk about Veracode's recent acquisition and more.
  |  By Veracode
Are you ready to dive into the world of application security and artificial intelligence? Watch the exclusive talk by the renowned Julian Totzek Hallhuber, Solutions Architecture Manager at Veracode, during Mind the Sec 2023 in Brazil. In this engaging talk, Julian explores the advantages and disadvantages of using AI in the AppSec landscape and discovers how AI is revolutionizing the way we protect our applications from constantly evolving cyber threats.
  |  By Veracode
Veracode co-founder Chris Wysopal joins host Brian Roche, Chief Product Officer of Veracode, in our inaugural video podcast, The Tech Evolution. In this episode Brian and Chris discuss the impact that artificial intelligence has on software development, and even more importantly, keeping software secure using this exciting new technology.
  |  By Veracode
In this video, you will learn how to create, configure, and schedule an unauthenticated Dynamic Analysis. An unauthenticated Dynamic Analysis scan is appropriate when the site you are scanning does not require a login. Veracode Dynamic Analysis also supports the scanning of websites that require authentication, such as login via a web form, browser-based, or NTLM.
  |  By Veracode
In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.
  |  By Veracode
Introducing Veracode Container Security - this new tool is now seamlessly integrated with the Continuous Software Security Platform. Veracode Container Security is a command line interface (CLI) tool that integrates into your pipeline with ease. This empowers developers to secure containers earlier in the software development life cycle, ensuring containers are built and deployed securely.
  |  By Veracode
Chris Wysopal, CTO and Co-founder of #Veracode shares his 2023 Application Security Technology Predictions with Community Manager, Javed Mohammed.
  |  By Veracode
In this video, you will learn how to set up an agent and start scanning with the Veracode Software Composition Analysis agent-based scan.
  |  By Veracode
Introducing the Veracode SCA Scan for VS Code Plugin Developers can now: · Run an SCA Scan with Veracode· Identify vulnerabilities and license risks in open-source dependencies· Prioritize and rapidly fix any issues· Access the Veracode database, remediation guidance, and more All from within VS Code! Easily download the extension from the VS Code Marketplace.
  |  By Veracode
In this video, you will learn how to install the Veracode Greenlight for Visual Studio extension. Veracode Greenlight finds the defects in your code as you write it and provides recommendations and code examples to help you fix them directly in your IDE. It allows you to write quality secure code from the very beginning while perfecting your understanding of application security Best Practices.
  |  By Veracode
While shifting security left in your software development lifecycle is crucial to application security success, it's still imperative to maintain testing in the later stages of your process. After all, some web application vulnerabilities can only be discovered at that point in the SDLC.
  |  By Veracode
With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.
  |  By Veracode
Veracode Static Analysis provides fast, automated security feedback to developers; conducts a full policy scan before deployment; and gives clear guidance on what issues to focus on and how to fix them faster.
  |  By Veracode
You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes.
  • Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.
  •   |  By Veracode
    In a world where time is money, companies are required to churn out software quickly or get left in the dust. To stay ahead of the market, developers are turning towards open source code, which - when secure - can be a valuable asset towards their efforts
      |  By Veracode
    Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.
      |  By Veracode
    Veracode Security Labs shifts application security knowledge "left," earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.
      |  By Veracode
    Today, most organizations are in a race to deliver new, innovative software before their competitors. In turn, they have gone from bi-annual software releases to daily, hourly, or even by-the-minute releases. To keep up with these rapid deployments, security has had to shift from being a late-stage blocker, to an integrated part of the development process. Developers have been doing their best to implement these security measures, but since their performance is often tied to the rate of deployments, speed tends to take precedence. As a security professional, what are some steps you can take so that security doesn't take a back seat to speed?

    Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.

    Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

    The Veracode Solution:

    • Overcoming DevSecOps Challenges: Innovating through software holds many promises but also bears risks. AppSec programs often struggle with the same problems:
      • Some solutions are hard to manage and scale.
      • Developers are not empowered to fix security issues.
      • Security teams lack bandwidth to manage DevSecOps programs.
      Veracode addresses all of these challenges with a unique combination of automated application analysis in the pipeline, plus DevSecOps expertise for developers and security professionals, all delivered through a scalable SaaS platform.
    • Delivered Through SaaS: Our SaaS model delivers a better, more scalable service at a lower cost. Because we've analyzed over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy - without tuning. Our expertise is based on analyzing customer programs for over a decade.
    • Application Analysis: Veracode simplifies AppSec programs by combining five application security analysis types in one solution, all integrated into the development pipeline.
    • Developer Enablement: Most AppSec programs forget that there is only one team that can fix security findings: the development team. Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
    • AppSec Governance: AppSec programs can only be successful if all stakeholders value and support them. That’s why Veracode helps security teams to demonstrate the value of AppSec.

    Manage Your Entire Application Security Program in a Single Platform.