Veracode
announced product innovations to enhance the developer experience. The
new features integrate security into the software development lifecycle
(SDLC) and drive adoption of application security techniques in the
environments where developers work.
According to a recent study by analyst firm IDC, 84 percent of
organizations say developer acceptance of security tooling is the "most
important requirement" or a "very important requirement" for DevSecOps
adoption. Veracode's latest innovations redefine the approach to
securing cloud-native applications throughout the SDLC, reinforcing the
company's commitment to providing a unified platform for comprehensive
security risk management.
Brian Roche, Chief Product Officer at Veracode said, "Developers face
immense pressure to rapidly deliver innovations, often resorting to
mechanisms such as LLMs and open source to expedite the process.
Unfortunately, this approach can result in insecure code consumption and
solutions that exacerbate security risks rather than mitigate them. The
situation is compounded by existing security tools that add complexity
rather than simplifying the process for developers.
Veracode addresses this challenge by providing a unified platform that
not only monitors and mitigates risk but also streamlines developer
workflows across repositories, IDEs, and the cloud. By delivering
developer-friendly security tools, we empower organizations to deliver
secure software faster, eliminating the need to compromise between
security and speed."
The Next Frontier: DAST Essentials
In a world where web applications account for 60 percent of breaches
and API attacks skyrocketed by 137 percent in 2022, ensuring
cloud-native applications are sufficiently protected and continuously
monitored is paramount. Dynamic scanning analyzes live runtime systems
using real-world attack methods in a safe environment and can be
performed in a pre-production environment-within the SDLC. Traditional
point solutions fall short and often don't offer the scalability and
flexibility required by growing organizations. In contrast, Veracode's
DAST Essentials is an agile solution that empowers developers and
security teams to address risk easily at speed and scale.
"As organizations continue to grapple with the challenge of securing an
ever-expanding attack surface, the need for comprehensive solutions is
undeniable. Balancing speed of development with robust security is a
daunting task, hindered by the time-consuming nature of regular dynamic
scans and the disconnect between development and security teams," said
Katie Norton, senior research analyst, DevOps and DevSecOps, at IDC.
"Solutions, like Veracode DAST Essentials, that are integrated and
reduce friction for developers can help to accelerate secure software
development, unify remediation efforts, and empower organizations to
strengthen their defenses in the evolving cybersecurity landscape."
With one of lowest customer-reported false-positive rates (below five
percent), Veracode DAST Essentials scans and tests multiple web
applications and APIs (Application Programming Interfaces)
simultaneously. Veracode's State of Software Security research found 80
percent of web applications have critical vulnerabilities that can only
be identified through dynamic scanning. This emphasizes the critical
role DAST (Dynamic Application Security Testing) plays in a robust
application security program, ensuring organizations can address
exploitable vulnerabilities in cloud-native software accurately and
swiftly.
Supply chain solutions specialist, Manhattan Associates, chose to
partner with Veracode on its dynamic analysis and cloud-native security
program. Rob Thomas, Executive Vice President, Research &
Development and Cloud Operations at Manhattan Associates, said,
"Veracode's tenure in the industry and the fact that they are
cloud-based means they can continually deliver new innovation. Having a
cloud-native partner like Veracode enables us to scan our software
continuously so we have real-time confidence that our solution is as
safe as possible."
Enhancing Developer Workflows: Veracode GitHub App
Veracode understands the challenges developers face in adopting
cloud-native security measures without disrupting their workflows. The
Veracode GitHub App facilitates developer adoption, allowing application
security teams to configure once and seamlessly onboard developers.
This integration enables developers to fix code quickly in the
environments where they work with a single tool for static, software
composition analysis (SCA), and container security scanning. The result
is a faster, frictionless development process that doesn't compromise
security.
Enhanced Repo Scanning
Scanning cloud-native applications for the first time is often a manual,
complex and frustrating process. The Veracode GitHub App simplifies
this by providing developers with frustration-free scan results in their
preferred environment. DevOps teams can easily onboard repositories
without manual setup, maintaining development velocity and streamlining
scan processes. With the ability to standardize scan configurations
across hundreds of repositories using a single click, DevOps teams can
reduce friction and integrate cloud-native security much earlier in the
development cycle.
Roche closed, "Ensuring the security of cloud-native applications has
never been more crucial. Developers are assembling code just as much as
they're writing it, meaning even the most meticulously built
applications are susceptible to threat. To protect the software supply
chain, modern application development demands a paradigm shift in
security practices. As distributed cloud app development methods take
hold, these latest product innovations demonstrate Veracode is embracing
the dynamic nature of the cloud-native landscape to lead the charge in
securing our digital future."