Scribd
Upload
14 views

An Overview of The Veracode Application Security Platform - Veracode Produced White Paper

Uploaded by

Ernesto Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

An Overview of The Veracode Application Security Platform - Veracode Produced White Paper

Uploaded by

Ernesto Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

People, Process and Technology

AN OVERVIEW OF
THE VERACODE
APPLICATION
SECURITY
PLATFORM
1

2
8

3
7

4
6
5
VERACODE
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

APPLICATION
SECURITY
PLATFORM ME
WO
R KS
USER
I N T E R FAC E
I DE
s, I
SS
U E
A TR
FR AC
C K
Security R I Development
G SCANNING ENGINES
Cloud-based from day

N
Leaders Leaders

G
CY

+
LI

CI
one, the Veracode

PO

TO
O
Application Security

LS
W
F LO
Platform is backed by:

BO R AT I O N + WOR K

INTE
• 10 years’ experience POLICIES

G R AT I O N + A P
• $150 million invested
• 2+ trillion lines of code scanned REPORTING

LLA

Is
This gives you:
CO
ANALYTICS

•U
 nprecedented intelligence Security Development
Teams Teams
about code vulnerabilities and DATABASE
how to fix them.

•T
 he ability to seamlessly
collaborate on the application
security process across — and
even beyond — your business.

01
USER
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

INTERFACE
Application security is a unique USER
I N T E R FAC E

business initiative because of


SCANNING ENGINES
the number of people in your
organization it affects.

S
W
They all care about different things,

F LO
BO R AT I O N + WOR K
and may even be located all over

INTE
the globe. But our UI brings them POLICIES

G R AT I O N + A P
all together.
REPORTING
Role-based access control lets
users from different organizations

LLA

Is
upload and scan binaries, scan web

CO
ANALYTICS

applications, and view the results Security Development


and metrics they need, without Teams
DATABASE
Teams

having to wade through those


they don’t.

02
DEVELOPMENT
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

+ SECURITY
Meet in One Place
I N T E R FAC E
USER

This centralized view of results is SCANNING ENGINES

powered by seamless integrations


into both business systems and

S
W
development processes.

F LO
BO R AT I O N + WOR K

INTE
Security and development teams each POLICIES

G R AT I O N + A P
have very different AppSec
priorities:
REPORTING

 he security team is focused


•T

LLA

Is
on reducing risk and achieving

CO
ANALYTICS
compliance, so they care about
Security Development
things like fix rates and compliance Teams Teams
DATABASE
with regulations.

•D
 evelopers are focused on
delivering quality code on deadline.
They care about things like finding
the line of code where a defect is
and getting information about
how to fix it quickly.

03
ADDRESSING EACH TEAM
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

For Developers
Our APIs and plug-ins automate:

•S
 canning applications automatically from
an IDE or CI/CD system.

• Integrating flaw comments and mitigation


workflow tasks into IDEs.
For Security
•O
 pening and closing tickets in issue
We feed data into leading tracking systems when flaws are found
GRC platforms to share critical and fixed.
information such as: •S
 canning portions of an application while
you code and displaying security findings
• Application security scores
directly from within an IDE.
• Lists of all discovered flaws
•T
 raining and coaching: quick access to
•F
 law status information short secure-coding instructional videos
(new, open, fixed or re-opened) or personalized remediation advice.

04
SCANNING
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

ENGINES
At the heart of the Veracode USER
I N T E R FAC E

Platform are our powerful


SCANNING ENGINES
scanning engines.

We offer all major types of automated

S
W
and manual security assessments,

F LO
spanning the application lifecycle

BO R AT I O N + WOR K

INTE
from development to QA to POLICIES

G R AT I O N + A P
production, including:
REPORTING
• Static analysis

LLA
• Veracode Greenlight (instant

Is
CO
scanning for developers— right ANALYTICS

in the IDE) Security Development


Teams Teams
•W
 eb application scanning DATABASE

and dynamic analysis


• Software composition analysis
• Runtime application self-protection

05
POLICIES
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

But what do you do with


all the scanning results from
I N T E R FAC E
these engines? USER

SCANNING ENGINES
The Veracode Platform filters the
results returned from the scanning
engines through custom or standard

S
W
policies, pinpointing what needs

F LO
BO R AT I O N + WOR K
to be fixed and when.

INTE
POLICIES
With our Central Policy Manager,

G R AT I O N + A P
you can use a preconfigured policy
REPORTING
for PCI-DSS, or create custom
policies and then centrally view

LLA

Is
policy compliance.

CO
ANALYTICS

Security Development
Teams Teams
DATABASE

06
REPORTING
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

Our reporting engine gives


you the insights you need.
I N T E R FAC E
USER
Whether that form is:
SCANNING ENGINES
•A
 n executive-level view reporting
on compliance

S
W
•A
 detailed report comparing

F LO
BO R AT I O N + WOR K
progress across different teams

INTE
POLICIES
•A
 report on risk reduction

G R AT I O N + A P
over time
REPORTING
•A
 ny other way you need to filter

LLA

Is
the information

CO
ANALYTICS

Security Development
Teams Teams
DATABASE

07
ANALYTICS
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

Beyond reporting sits our


analytics capabilities.
I N T E R FAC E
USER
Use the analytics to take the data
SCANNING ENGINES
one step further and figure out
what’s working, and what’s not:

S
•W
 hich teams are scanning and

W
F LO
fixing flaws?

BO R AT I O N + WOR K

INTE
• What types of flaws are emerging? POLICIES

G R AT I O N + A P
• How long is it taking to fix flaws?
REPORTING

LLA

Is
CO
ANALYTICS

Security Development
Teams Teams
DATABASE

08
DATABASE
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

In the end, all these interactions


and all this data create a
I N T E R FAC E
goldmine of intelligence. USER

SCANNING ENGINES
The Veracode Platform has scanned
tens of thousands of enterprise,
mobile and cloud-based apps.

S
W
And with every scan, the Platform

F LO
BO R AT I O N + WOR K
gets smarter.

INTE
POLICIES

G R AT I O N + A P
Bottom line?
REPORTING
Better analytics, faster learnings,

LLA

Is
incident response for newly

CO
ANALYTICS
disclosed vulnerabilities, increased
accuracy and the ability to create Security
Teams
Development
Teams
DATABASE
more software, more securely
than ever before.

09
STREAMLINED
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

APPSEC
Ultimately, our Platform and all its
capabilities streamline the task of I DE
R KS s, I
securing applications — you can ME
WO
USER
I N T E R FAC E SS
U E
A TR
FR
use it as a stand-alone service, R
C
AC
K
I
Security G SCANNING ENGINES Development
or from within the development

N
Leaders Leaders

G
CY

+
tools, GRC frameworks and

LI

CI
PO

TO
program management tools

O
S

LS
W
F LO
you are already using.

BO R AT I O N + WOR K

INTE
POLICIES

G R AT I O N + A P
REPORTING

LLA

Is
CO
ANALYTICS

Security Development
Teams Teams
DATABASE

10
Platform in action?
You’ve had a taste

see the Veracode

Platform Demos.
for what we can

Sign up for one


do — ready to

of our weekly

SIGN UP NOW

11
Introduction / User Interface / Development + Security / Scanning Engines / Policies / Reporting / Analytics / Database / Streamlined AppSec / Conclusion

You might also like