Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Channels ▼

Jolt Awards

Cloud-Based Application Security Service Unveiled

Veracode has unveiled enhancements to its SecurityReview automated static binary and dynamic web application testing service that gives developers cloud-based approach to improving software application security. According to Veracode, developers can now upload applications automatically and download line-of-code specific vulnerability identification and remediation instructions directly to defect tracking systems and IDEs. The company says that results are often 100 percent lower in false positives than alternative on-premise source code tools.

"By integrating cloud-based testing capabilities directly into tools that are part of a developer's everyday life, Veracode is really completing the 'last mile' needed to deliver the advantages of both static and dynamic cloud-based security testing into the on-premise development climate," said Nigel Stanley, practice leader, Bloor Research. "It's one of the few really useful examples of the cloud that I have seen and the potential is clear -- more secure code for substantially less developer effort."

Veracode SecurityReview now features a number of new APIs and reference integrations that support security testing in popular Java, .Net, C/C++, ColdFusion and PHP development environments. Developers simply upload the executable (not source) or provide the URL to Veracode's cloud-based platform at points of their choosing in the development lifecycle for automated static binary and dynamic web application security testing. The step may be automated and scheduled in build management systems using SecurityReview's Upload APIs. Depending on the size and complexity of the application, developers quickly receive line-of-code specific vulnerability identification and remediation instructions that are often 100 percent lower in false positives than on-premise source code tools. These results may be integrated into defect tracking systems and IDEs using SecurityReview's Results APIs and XML formatted output.

With SecurityReview, the aggregation of security testing from thousands of applications produces a more effective security testing engine that, the company claims,can provide more coverage (dynamic, static, manual) and greater accuracy (continuously improving scans that instantly benefit the very next application tested, fewer false positives) than on-premise source code security testing tools.

"Until now, developers responsible for incorporating security testing into their development lifecycles have had two options -- on-premise tools with high false positive rates, or manual third-party penetration testing that can be time consuming and costly," said Jon Stevenson, senior vice president of engineering, Veracode. "With this announcement, we are truly offering developers the best of all worlds – the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner. Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive."

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.