Veracode is a platform that contains all of the application security testing types: static analysis, dynamic analysis, software composition analysis, and manual penetration testing.
Static Analysis
Static analysis identifies security vulnerabilities in application source code before deployment, helping reduce both risk and remediation costs.
Supported Languages
- Android: C, C++, Java, Kotlin
- iOS: Objective-C, Swift
- Java: SE, EE, JSP
- .NET: C#, ASP.NET, VB.NET
- Web: JavaScript, Python, PHP, Ruby on Rails, ColdFusion, ASP
- Legacy: COBOL, Visual Basic 6, RPG
Dynamic Analysis
Web applications were the source of 43% of breaches in 2020, more than double that in 2019, according to the Verizon Data Breach Investigations Report.
Veracode’s Dynamic Application Security Testing (DAST) solution provides automated scanning for running applications and API specifications.
Use Cases
- Test live web applications in testing or production environments
- Scan security endpoints in API specifications
Supported Technologies
- Browser-based web applications
- Java, ASP, ASP.NET, Ruby on Rails, JavaScript, Perl, PHP, Python applications
- Single-page (SPA) and HTML5 applications
- Angular, React, Vue.js frameworks
Software Composition Analysis
Third-party components comprise up to 80% of application codebases, making vulnerability scanning of open-source libraries essential.
Veracode’s Software Composition Analysis (SCA) identifies security and license risks in open-source libraries early.
Security Labs
Developers who complete at least one training course from Veracode Security Labs fix security flaws over 33% faster than those who have not, according to Veracode’s State of Software Security report.
Security Labs provides hands-on training for developers to tackle modern threats through real-code exploitation and patching.