BURLINGTON, Mass. – January 4, 2012 – Veracode, Inc.,the leader in cloud-based application security testing, today announced it has been positioned by Gartner, Inc. as a Visionary in the 2011 “Magic Quadrant for Dynamic Application Security Testing1.” The research analyzes the evolution and potential growth of the dynamic application security testing (DAST) market and evaluates vendors according to their business and technology vision, as well as their ability to execute against that vision in their products and services.
Gartner defines DAST technologies as those “designed to detect conditions indicative of a security vulnerability in an application in its running state.” The report states that “DAST solutions should be considered mandatory to test all web-enabled enterprise applications, as well as packaged and cloud-based application providers. The market is maturing, with a large number of established providers of products and services.” Further, Gartner suggests that “enterprises should understand the importance of application security vulnerability testing —dynamically and statically. All Web-enabled applications — whether internally developed, procured, outsourced or cloud-based — should be tested.”
In its discussions with clients and prospects, Veracode has found that web application security has risen to the top of the agenda for security professionals striving to increase the effectiveness of their company’s overall application security testing initiatives. This sense of urgency is rooted in the fact that a large percentage of recent cyber attacks have specifically targeted the application layer in order to exploit weaknesses and steal critical financial, customer data and intellectual property. In fact, according to Veracode’s most recent State of Software Security report, web applications analyzed showed high concentrations of Cross-Site Scripting (XSS) and SQL Injection flaws, two of the most frequently exploited vulnerabilities.
According to Veracode, its automated web application vulnerability scanning, also known as DAST or black-box testing, empowers companies to identify and remediate security issues in their running web applications before hackers can exploit them. By dynamically testing web applications at run-time, Veracode inspects applications the same way a hacker would attack them – providing accurate and actionable vulnerability detection. Additionally, one of Veracode’s innovations is its use of Selenium, which has a proven track record in traditional Quality Assurance initiatives, to improve the coverage problems present in many other DAST products.
“We believe that our placement in the Visionaries quadrant is indicative of our innovative approach and superior design decisions,” said Sam King, senior vice president, product marketing, Veracode. “Delivering both our Static Application Security Testing (SAST) and DAST capabilities through a single cloud platform is the right solution for our customers as it avoids fragmentation of vendors and vulnerability information. We plan to continue aggressive development and enhancement of our DAST technology in the coming year with the goal of replicating the market leadership we have established with SAST.”
Gartner’s report also recognized the Veracode DynamicMP service that combines the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive and rapid vulnerability detection service that can quickly and accurately identify application security vulnerabilities across thousands of sites. Veracode DynamicMP empowers companies to simultaneously scan thousands of websites for critical vulnerabilities such as XSS and SQL Injection. By employing a massively parallel cloud-based dynamic scanning architecture, customers benefit from being able to discover and prioritize vulnerabilities across thousands of web applications in a matter of hours or days, versus months or years as with legacy solutions.
Veracode is providing a complimentary licensed copy of the “Magic Quadrant for Dynamic Application Security Testing” for download on its website.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
1 – Gartner, “Magic Quadrant for Dynamic Application Security Testing,” by Neil MacDonald and Joseph Feiman, December 27, 2011
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.
Copyright © 2011 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.