<< Back to Partners

Veracode

Veracode seamlessly integrates application security into software development, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain. Without the need for additional staff or equipment, Veracode customers ramp up quickly, see results and prove value on day one, and consistently see improvement over time.



Binary Static Analysis (SAST)

Identifying and fixing security threats earlier in the development process allows for increased efficiency throughout an organization's application security program. 

Veracode's patented binary static application security testing (SAST) technology analyzes all code — including third-party components and libraries — without requiring access to source code. Automated SAST supplements code reviews performed by developers, finding coding errors and omissions more quickly and at a lower cost. The technology is typically run in the early phases of the Software Development Lifecycle because it's easier and less expensive to fix problems before going into production deployment. Similarly, it is often heavily utilized during major updates or modifications to an application prior to a deployment, allowing changes to be made on time and on budget without posing a risk to an organization. Veracode's SAST techniques identify critical vulnerabilities such as SQL injection, cross-site scripting (XSS), buffer overflows, unhandled error conditions and potential back-doors. Actionable information is delivered to help developers address them quickly, including detailed remediation information.

 

Veracode Binary SAST Delivers Deep Visibility 

Veracode's binary SAST technology makes it faster than ever to find and fix vulnerabilities in your applications. It delivers detailed information that: 

  • Is accurate: Static binary analysis examines applications the same way attackers look at them: By creating a detailed model of the application's data and control flows. Unlike legacy source code scanners, this approach accurately detects hidden threats such as backdoors that are difficult to detect because they're not visible in source code.   
  • Is actionable: Prioritized results can be accessed via standard bug tracking systems such as JIRA or Team Foundation Server, via IDE plugins for Eclipse or Visual Studio, or viewed through our web interface. Common flaw sources are automatically identified to allow quick identification of risky inputs. Flaw details and remediation advice are automatically provided to aid in rapid mitigation or remediation. 
  • Minimizes false positives: Legacy scanning tools have a reputation for generating a high volume of inaccurate findings, which waste developer effort and make it harder to ship secure code on time. Our centralized platform is backed by world-class security experts and continuously learns with every new application it scans, to reduce false positives so you can start remediating faster.

Static Analysis: What makes Veracode different?


Static analysis, which is also known as "white-box testing," is the analysis of software without actually executing, or running, that software. Static analysis examines either the software source code (the code written by the developers) or the executable machine code, which is also known as binary code or bytecode. Examination of the Binary Code in Veracode Static Analysis is different because it operates on the application's compiled binary code or bytecode and not its source code. Veracode uses a patented binary static analysis methodology which creates a complete model of an application's control and data flow directly from the executable binary or bytecode. Then, Veracode tests the model to detect flaw patterns. Veracode's binary static analysis accurately detects potential attack points across the entire application, including pieces that can only be analyzed in binary form, such as third-party libraries, pre-packaged components, and code introduced by compiler- or platform-specific interpretations that are included in the final application binary. Often enterprise developers lack access to the source code of these items and, therefore, cannot analyze it using source code analysis tools. This challenge is solved by Veracode's patented methods and performing static binary analysis generally serves to reduce concerns surrounding intellectual property contained in the source code.


More about Veracode

Veracode's cloud-based service and systematic approach deliver a simpler and more scalable solution for reducing global application-layer risk across web, mobile and third-party applications.

In addition to Veracode's flagship product offering, Binary Static Analysis, Veracode also offers Software Composition Analysis for analyzing open source code and Runtime Protection for protecting production applications, in addition to several other application security options.  

Get More Info