March 10, 2010
Hot topics :
Free Newsletters :
IT Management
Products
Security
Security Administration Tools

Veracode SecurityReview

Product Watch
On-Demand Security Analysis for Binary Applications

New company Veracode has announced their flagship product offering Veracode SecurityReview, an automated, on-demand (vendor hosted) service that allows for the scanning of applications in their binary form without requiring access to the original source code of the application. According to the vendor, such a methodology prevents the need to disclose the actual source code of the tested application or any potential dependent libraries, allowing the service to be targeted both to software development shops as well as any organization who needs to test existing applications, or applications that they are considering purchasing.

As a Web-based service, customers are not required to install any new software or hardware at their site; results of the scans are accessed and managed via a Web interface. Both static and dynamic analyses of applications can be performed, with the vendor noting that multiple testing techniques are utilized and their results correlated in an effort to reduce false positive reports. The appropriate testing techniques are themselves determined via a determination of the application's "Assurance Level," which is based on how critical the application's function is to the business, and what types of data are handled by the application. The scans search both for security vulnerabilities such as embedded (accidentally or intentionally) malicious code and backdoor access; as well as the absence of certain security related features, such as the encryption of data. Results of the tests are prioritized, with recommendations and reports provided on which flaws should be fixed first.

For repetitive testing and remediation cycles, the service additionally assigns a security rating to applications, based both on the results of the application's security analysis and its (the application's) usage. Called the Security Quality Score (Veracode SQS), the rating takes into account the security weaknesses' impact on confidentiality, integrity, and availability of business information as well as environmental parameters such as operating environment, network security, application assurance levels, time-to-fix, and cost-to-fix. The vendor states that their rating system is based on the Common Weakness Enumeration (CWE) from MITRE, and the Common Vulnerability Scoring System (CVSS) from FIRST.

Veracode SecurityReview is offered in three primary flavors: Veracode Enterprise SecurityReview, for the continual analysis of internally developed applications; Veracode Vendor SecurityReview for the analysis of purchased software; and Veracode Partner SecurityReview, targeted to the assessment of partner-developed components.

Contact Veracode for further information.

product submission by EITPlanet Staff

fact sheet
ID#: 1169485140
date posted: Jan. 22, 2007
category: Security:Security Administration Tools
platform: Hosted Service
vendor: Veracode, Inc
(www.veracode.com/)
vendor's information:
about Veracode SecurityReview
about Veracode, Inc


Security

Anti-spam | Anti-virus | Biometrics | Encryption | Filtering/Monitoring | Firewalls | Identity | Intrusion Detection/Prevention | Personal Utilities | Privacy | Security Administration Tools | Tools

Latest category updates via our RSS feed
RSS


Partners
Partner With Us













More IT Management
CIO Update
Datamation
eCRMGuide
DRM Watch
eSecurity Planet
ITSMWatch
Intranet Journal
Inside ID
Grid Computing Planet
bITa Planet
IT Career Planet
Project Manager Planet
Semantic Web


The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration
 Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On
Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Get Started: Create Applications Without Infrastructure Limits with the Windows Azure Platform
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Develop Cloud Applications - Get Started Now with the Windows Azure Platform
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES