Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Web Application Security Assurance Mark

Veracode : 12 August, 2010  (New Product)
The Verafied mark of security from Veracode for independently assessed quality assurance is now being used for web application code
Veracode has unveiled a new Verafied mark of security quality that indicates an application has been independently assessed and found to have no "very high," "high" or "medium" severity vulnerabilities as defined by MITRE, nor any of the top 10 vulnerabilities as defined by the Open Web Application Security Project (OWASP Top 10). The independent high assurance assessment is performed with SecurityReview, Veracode's patented cloud-based automated security verification service, and complemented by manual penetration testing by Veracode or its partners to identify flaws in business logic and design.

According to the OWASP Foundation, "The OWASP Foundation is pleased to see Veracode using the OWASP Top 10 application security risks. Managing application security requires real visibility into exactly what has been verified and what has not. Veracode's transparency around its combination of manual and automated verification techniques stands in stark contrast to those product vendors that wrongly and dangerously assert complete automated coverage and compliance with the Top 10."

Software providers whose applications earn the Verafied mark may display it as an indicator to customers that independent automated and manual testing did not detect the list of known, dangerous vulnerabilities and demonstrates the software is in successful compliance with the PCI Data Security Standard as well as other software assurance policies based on the OWASP Top 10. Additionally, the application may be identified with a Verafied High Assurance mark in Veracode's Verafied Software Directory. CIOs, CISOs and others who acquire software may also use the mark as a threshold for independently verified security quality delivered by commercial, outsourced or open source suppliers.

To earn the Verafied High Assurance mark for the OWASP Top 10, software providers submit their final integrated application - binary or bytecode - to Veracode SecurityReview for assessment. The application is analyzed by Veracode's patented cloud-based automated security verification service and then subjected to additional manual penetration testing by Veracode or a security consultant in Veracode's growing partner ecosystem. Following the remediation of any vulnerabilities of severity medium or higher, as defined by FIRST's CVSS vulnerability scoring system, and any vulnerabilities identified in the OWASP Top 10, the application is then resubmitted to Veracode for complete security regression testing and verification. Given the ad hoc approach to security testing adopted by most organizations today, this consistent and repeatable framework and process enables software suppliers to differentiate applications that are Verafied for OWASP Top 10 compliance and display the mark of independent verification.

"As web applications increasingly connect organizations to a network of their customers, partners and other stakeholders, malicious attacks have been on the rise and hackers have turned to web applications, which often represent a weak link in enterprise security," said Matt Moynahan, CEO of Veracode. "Displaying the Verafied mark for the OWASP Top 10 indicates an organization is serious about securing their applications deployed in SaaS, PaaS and other cloud-based environments, and should be recognized by potential customers and partners for their efforts in managing their application-related security risk."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo