![]() ![]() We also have the option of creating our own configurations, like how often do the applications need to be scanned." "The active scanner, which does an automated search of any web vulnerabilities." "The automated scan is what I find most useful because a lot of customers will need it. They have a set of predefined options where you can pick one and start scanning. For example, a black box satellite host." "The feature that we have found most valuable is that it comes with pre-set configurations. It can capture the request, and there are so many functions that are very good for that. "You can scan any number of applications and it updates its database." "For pentesting scenarios, this is the number one tool. Veracode's Software Composition Analysis scans those libraries and we find that very valuable." You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. There are always patches coming out for those open source applications. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. They are responsive and very knowledgeable." "One of the features they have is Software Composition Analysis. We immediately replace these with more permissive, open-source licenses, so we are safe in the end." "The Veracode technical support is very good. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. Based on that report, we decide if we can continue. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. The development teams have the freedom to choose their own libraries and languages. The lack of initial lead time or initial overhead to get going is the primary advantage." "In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application." "The centralized view of different testing types helps reduce our risk exposure. You just log in, create an application profile, associate a security configuration, and that's about it. There is no initial time needed to set up an application. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly." "It is SaaS hosted. By adopting their suggestions, we are fixing this vulnerability." "The static scan is the feature that we use the most, as it gives us insight into our source code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. By implementing it in the right way, we can fix the issue. Then, we adopt their suggestions of the tool. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. "My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous." "Veracode provides guidance for fixing vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |