Application security firm Veracode has introduced a series of improvements to its SecurityReview automated static binary and dynamic web application testing service that provides developers with a cloud-based approach to improve software application security.
Veracode SecurityReview now features a number of new APIs and reference integrations that support security testing in popular Java, .Net, C/C++, ColdFusion and PHP development environments. Developers simply upload the executable (not source) or provide the URL to Veracode’s cloud-based platform at points of their choosing in the development lifecycle for automated static binary and dynamic web application security testing.
The step may be automated and scheduled in build management systems using SecurityReview’s Upload APIs. Depending on the size and complexity of the application, developers quickly receive line-of-code specific vulnerability identification and remediation instructions that are often 100 percent lower in false positives than on-premise source code tools. These results may be integrated into defect tracking systems and IDEs using SecurityReview’s Results APIs and XML formatted output.
“Until now, developers responsible for incorporating security testing into their development lifecycles have had two options – on-premise tools with high false positive rates, or manual third-party penetration testing that can be time consuming and costly,” said Jon Stevenson, senior vice president of engineering, Veracode.
“With this announcement, we are truly offering developers the best of all worlds – the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner. Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive.”
