Veracode, Inc. today detailed recent updates to the Veracode platform that features core static binary scanning, dynamic scanning, developer education, and reporting and analytics components. Overall enhancements focus on ease of use and improving the balance between IT productivity and security assurance.
Primary updates include a redesigned platform administration interface and data export capabilities to provide customers with better access to information and intelligence about their application security program. Veracode also added new flaw categories for Android applications, support for the Apache Xerces J2EE framework, and numerous improvements in results quality and API-based results access. Additional details on key focus areas include:
- New Android Flaw Categories: Based on increasing requests for
analysis of applications developed on the Android platform, Veracode
expanded scanning capabilities for new flaw categories including
several items on the Mobile
App Top 10. For example, expanded support examines cases where
Android apps attempt to modify proxy settings, create inbound SMS
listeners, or create data files or permissions settings in ways that
allow other apps to read or change them. - Tracking Common Frameworks and Xerces Prevalence: One of the
benefits of running a scanning service in the cloud is the ability for
Veracode to learn in an anonymous, aggregated way about the
applications it analyzes. For instance, Veracode began tracking the
frequency with which it saw frameworks in the applications that are
uploaded to the platform and mined that data to prioritize and improve
the quality of results. One outcome of this effort was identifying
Xerces as the fifth most common Java framework or technology,
following JSPs, Spring MVC and Struts 1.x. The benefit to customers is
better application scanning coverage, leading to more accurate results. - Enhanced User Administration Features Encourage Adoption and Scale:
To secure an enterprise, it’s not enough to scan a few applications or
educate a few users. Veracode provides the technology to support a
more scalable, holistic approach. In fact, Veracode has multiple customers
that have scanned 100 applications in the first 30 days of their
subscription, and others that have successfully rolled out more than
1,000 developer education programs for their users. As customers work
toward these milestones or grow their Veracode user base from hundreds
to thousands, Veracode has enhanced its user administration features
and added capabilities for better sorting, filtering and taking quick
action on user lists, easy team membership management, and getting
on-platform access to detailed user activity logs for tracking and
investigating user activity.
“Veracode takes advantage of being a SaaS-based service provider to update our platform frequently with the goal of quickly driving actionable results for our customers, and making it as easy as possible to maximize the benefits of every aspect of the service, from requesting scans and viewing results to setting policy and running an application security program,” said Tim Jarrett, director of product management, Veracode. “For Veracode and our customers, ease of use isn’t just nice to have, it’s mission critical.”
