Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Security test and audit service for software and outsourced code

Veracode : 22 April, 2008  (New Product)
Service available for verification of security of purchased software or for outsourced development activity.
Veracode is launching the world's first portfolio of subscription-based services to provide organisations with a completely independent view of the risks posed to them by their applications. The Veracode SecurityReview service presents a major breakthrough by allowing users to obtain a single clear view of security risks right across their applications, whether those applications are purchased as commercial off-the-shelf software or developed offshore.

As part of this new offering Veracode is the first to deliver independent auditing of externally sourced code, a cause of considerable security concern for a growing number of businesses. By its innovative use of patented technology, Veracode is also the only provider to identify and remedy the security flaws in binary code, the very foundation of all today's software applications, and thus eliminate the need for an organisation to hand over for test intellectual property represented in source code.

Application security has risen to the top of the agenda for security professionals striving to control their company's overall risk profile. According to the Computer Emergency Response Team (CERT), more than 7,000 new vulnerabilities were discovered over the last year, with 92 percent of vulnerabilities found in software according to National Institute of Standards and Technology (NIST). With organisations deploying an increasing number of complex applications - some developed internally, some offshore, some purchased off-the-shelf - the effort needed to manage risk becomes greater. Traditional approaches have focused on conducting costly and time-consuming manual penetration tests or using tools that typically require source code which is not usually available in mixed-code base environments or commercial applications.

"Veracode offers a unique method for testing commercial-off-the-shelf (COTS) software that fills an essential gap in our software security programme enabling a more effective understanding of risk from commercial software along with the information needed to manage this risk with our software vendors,' said Jim Routh, CISO of Depository Trust & Clearing Corporation, who is participating in the panel session "Five keys to effective application security and secure coding" taking place 12:45-14:00 on 22 April within the keynote conference at Infosecurity Europe, Olympia in London.

Rhonda MacLean, Global Information Security Officer, Global Retail and Commercial Banking, Barclays Bank (who is also participating on the panel) further commented on the benefits of the Veracode service:

"In a rapidly changing threat environment, Veracode's technology and its software-as-a-service model have given us the flexibility to conduct rapid code review cycles, which is an obvious benefit for our customers."

"Enterprises are increasingly outsourcing the development of their applications and leveraging commercial software to run their business operations, but they cannot outsource the security risk and liability associated with those applications", said Diana Kelley, Partner at analyst organization SecurityCurve. "Enterprises need effective ways to test and audit the risk associated with COTS and outsourced software when source code isn't available."

Based on patented, static binary testing technology and dynamic web scanning , Veracode's SecurityReview is the industry's first solution specifically designed to overcome the limitations of traditional tools and manual penetration tests:

* Veracode's comprehensive portfolio of services covers all testing needs - including internal security reviews, PCI compliance, COTS security audits and outsourced secure code acceptance.

* Veracode is the only organisation to scan code using automated techniques which mirror the way a machine executes code or a hacker's approach to attack - accurately assessing the roots of the problem as no other tool can do.

* It is the only company to offer organisations application code reviews on a software-as-a-service subscription basis (eliminating the need to install or maintain costly software, hardware or train personnel).

* Veracode helps users keep in lockstep with new threats by leveraging its on-demand security platform, pooling the learning from every scan across all customers

* No one else can identify and remedy the security flaws in binary code, the very foundation of all today's software applications.

* Veracode is the first provider to help organisations improve their application security without asking them to hand over the intellectual property represented in source code.

* Veracode alone deals with scanning mixed-code-based applications as it can tackle both dynamic and static testing of code - reducing the fud (fear, uncertainty and doubt) factor in software procurement.

TheVeracode SecurityReview Service Portfolio is now comprised of the following on-demand services:

* Outsourcing SecurityReview - Provides a simple, cost-effective, and automated security audits that ensures enterprises receive secure code from offshore development partners.

* COTS (Common-off-the-shelf software) SecurityReview - Helps enterprises and government agencies quantify and manage security risks of commercial off-the-shelf software

* SDLC (Software development life cycle) SecurityReview - Enables security teams to conduct security assessments on mission-critical internally developed applications before they ship

* PCI SecurityReview - Automates and shortens the process for achieving compliance with the application security requirements of PCI-DSS, Visa PABP and PA-DSS in a simple and cost-effective way

"With applications being the weakest link in the corporate security chain, organisations are increasingly demanding independent verification and validation of applications as part of their software release and acceptance criteria, said Matt Moynahan, CEO at Veracode. "With Veracode, customers can now count on a single vendor delivering a comprehensive portfolio of on-demand services that delivers independent security audits for applications whether they are developed, offshore or purchased off-the-shelf."

All four SecurityReview services are available immediately.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo