BURLINGTON, Mass. – September 21, 2011 – Veracode, Inc. today announced enhancements to its cloud-based application risk management platformthat make it even easier to embed security verification processes into the software product development lifecycle. With improved automation and expanded APIs, development teams can maximize the benefits of powerful static and dynamic cloud-based security testing in an on-premise development environment while improving productivity, application security quality and policy compliance.
Developers who work in rapid build and test cycles, including Agile and continuous integration teams, can now benefit from an advanced Veracode platform Upload API that supports a fully-scripted build server integration and fully automated security verification for entire software portfolios. This means the Veracode platform can now automate all the necessary security verification steps from uploading applications and specifying status, to creating application profiles and submitting the application for a scan. With specific line-of-code vulnerability identification and remediation instructions, the results may be integrated directly into defect tracking systems without negatively impacting the development cycle. Additional benefits include:
· Timeliness of Alerts:With more rapid results, developers can identify flaws early in the development cycle before they become production issues.
· Decrease Time to Fix:By identifying flaws immediately after checking the application into the build server, developers are able to fix problems more efficiently.
· Improved Policy Compliance:Results are not only delivered quickly, but also through the lens of the company’s security policy; this means development teams receive a severity-based list to prioritize their efforts.
“There has been strong momentum among our customers who are taking advantage of our expanded APIs to capitalize on the rapid security verification benefits that can be achieved through greater automation,” said Jon Stevenson, senior vice president of product strategy, Veracode. “By making security testing a seamless, completely integrated part of the software development cycle, teams don’t have to slow down or extend cycles to build in security, it becomes an integral component that is flexible and scalable.”
Veracode added a number of expanded APIs and reference integrations including an Open Source Jenkins plug-in for integrated static testing in continuous integration SDLCs, and SAML integration support. These integration capabilities create greater flexibility for developers across a number of software specialties, including those in the identity management space working to advance Single Sign-On (SSO) solutions. Veracode provides existing support for security testing in Java, .Net, C/C++, ColdFusion, PHP and mobile development environments including RIM’s BlackBerry operating system (OS), Windows Mobile, Google’s Android OS and Apple iOS.
About Veracode
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide including Global 2000 brands such as Barclays PLC and Computershare as well as the California Public Employees’ Retirement System (CalPERS) and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the ZeroDay Labs blog.
###
Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
Media Contacts:
Liz Campbell
fama PR
phone: +1 617-986-5009
email: veracode@famapr.com