Email Article
Suggest LinkNew company Veracode has announced their flagship product offering Veracode SecurityReview, an automated, on-demand (vendor hosted) service that allows for the scanning of applications in their binary form without requiring access to the original source code of the application. According to the vendor, such a methodology prevents the need to disclose the actual source code of the tested application or any potential dependent libraries, allowing the service to be targeted both to software development shops as well as any organization who needs to test existing applications, or applications that they are considering purchasing.
As a Web-based service, customers are not required to install any new software or hardware at their site; results of the scans are accessed and managed via a Web interface. Both static and dynamic analyses of applications can be performed, with the vendor noting that multiple testing techniques are utilized and their results correlated in an effort to reduce false positive reports. The appropriate testing techniques are themselves determined via a determination of the application's "Assurance Level," which is based on how critical the application's function is to the business, and what types of data are handled by the application. The scans search both for security vulnerabilities such as embedded (accidentally or intentionally) malicious code and backdoor access; as well as the absence of certain security related features, such as the encryption of data. Results of the tests are prioritized, with recommendations and reports provided on which flaws should be fixed first.
For repetitive testing and remediation cycles, the service additionally assigns a security rating to applications, based both on the results of the application's security analysis and its (the application's) usage. Called the Security Quality Score (Veracode SQS), the rating takes into account the security weaknesses' impact on confidentiality, integrity, and availability of business information as well as environmental parameters such as operating environment, network security, application assurance levels, time-to-fix, and cost-to-fix. The vendor states that their rating system is based on the Common Weakness Enumeration (CWE) from MITRE, and the Common Vulnerability Scoring System (CVSS) from FIRST.
Veracode SecurityReview is offered in three primary flavors: Veracode Enterprise SecurityReview, for the continual analysis of internally developed applications; Veracode Vendor SecurityReview for the analysis of purchased software; and Veracode Partner SecurityReview, targeted to the assessment of partner-developed components.
Contact Veracode for further information.
product submission by EITPlanet Staff
| |||||||||||||
 |
Latest category updates via our RSS feed
 |
|
Hyper-V: The Killer Feature in Windows Server 2008 It's fair to say that while many of the other new features are evolutionary, Hyper-V, by contrast, is revolutionary. Paul Rubens explores Microsoft's big step into virtualization. » Achieve flexibility and agility in your IT environment, from desktop to data centers, with Microsoft virtualization technologies. » Tune in to the on-demand Webcasts and learn how you can leverage the new features to improve your organization's networking infrastructure and security, server performance and reliability, remote resource access, and client deployment. » With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. » Keep up with the latest tricks, tips, and news about Microsoft Windows Server 2008, as well as related technologies like Hyper-V, by reading the Windows Server 2008 blog. » |
|
