Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:40 PM
Dark Reading
Dark Reading
Products and Releases

New Innovations From Veracode Help Security Teams and Software Developers Protect Applications and Shorten Time to Deployment

Today's Announcement Highlights the Opportunity for a New Approach to Application Security, Extending It Seamlessly From Application Development to Protecting Applications as They Are Running

BURLINGTON, MA--(Marketwired - Jun 6, 2016) -

News Highlights:

·         Veracode Runtime Protection offers real-time protection for applications in production, helping to prevent application abuse and data loss while providing alerts and other data to security operations teams.

·         Veracode receives patent for automated, in-line coaching methodology, which provides positive feedback to developers on when they are using secure coding practices, helping reduce security-related defects in software early in the development process.

·         These announcements are evidence of Veracode's aggressive strategy to transform application security, extending it across the entire software lifecycle to reduce risk, manage compliance and shorten deployment times for secure software applications.

Veracode, a leader in securing the world's software, today announced new products and innovations that help extend application security across the entire software development lifecycle. Today's announcements highlight new ways in which Veracode helps developers and security teams wrestle with some of their greatest challenges, namely protecting applications in operation without sacrificing time to market, and making secure coding practices a more seamless and positive part of the software development process. They are part of Veracode's strategy to transform application security to increase its speed and effectiveness in the face of changing software development processes and the explosion of software development across all industries.

Detect and block attacks against applications in real-time

According to Verizon's most recent Data Breach Report1, 40 percent of breaches are tied to web applications. Veracode's own analysis of thousands of enterprise applications revealed that on initial scans more than half contained cross-site scripting vulnerabilities and more than a third were susceptible to SQL injection attacks2.

Veracode Runtime Protection is a Runtime Application Self-Protection (RASP) technology deployed as an agent to help detect these common attacks, preventing the return of sensitive data to attackers, and providing insight into the attack for security operations teams. Because Veracode Runtime Protection incorporates visibility into key characteristics -- such as application logic, event and data flow, and executed instructions -- it provides greater effectiveness than Web Application Firewalls, reducing false positives and preventing unauthorized access to sensitive information.

It is simple to install and can be deployed in minutes with a one-line change to the application server settings. It also does not require the level of ongoing maintenance required to get value from Web Application Firewalls. Veracode Runtime Protection gives security operations personnel much-needed insight into application behavior and attack patterns at the application level.

Besides shielding production applications from attacks, Veracode Runtime Protection -- in conjunction with Veracode's WAS dynamic applications security testing service -- will be used for application security testing, assuring unmatched accuracy of vulnerability detection at the pre-production phase. With this announcement, Veracode begins to offer the most complete set of security technologies in the market, including: Veracode Static Analysis, Veracode Software Composition Analysis, Veracode's web application security products, and the newly announced Veracode Runtime Protection for RASP and IAST (Interactive Application Security Testing).

Provide positive reinforcement where developers took active measures to increase security

Veracode's newly-patented, automated coaching methodology provides positive feedback to developers on good security practices as part of the coding process, helping them create better code 'on the fly.' The motivation for this approach is based on the desire to make secure code creation a positive and integral part of software development, where developers see not only security defects to be remediated, but also have the ability to recognize and repeat good secure coding practices.

"Major changes in how software is being developed, coupled with the increased value and risk associated with the software that powers every aspect of our lives, demand a transformation in how application security is done," said Sam King, Veracode's Chief Strategy Officer. "Application security has to become a seamless part of how software is developed in the first place to support the move to DevOps and Continuous Integration processes. It also has to extend all the way to protect applications as they are running. We're moving forward on both of those paths and today's announcements are evidence of that strategy in action."

"Products such as Veracode Runtime Protection, as part of a complete lifecycle approach to application security, give security teams and developers new tools to manage risk and speed," said Joseph Feiman, Chief Innovation Officer for Veracode and former Gartner analyst for Application Security. "We are broadening the choices security teams and developers have for eliminating vulnerabilities as early as possible in the development process, and deploying compensating controls where necessary."

Veracode Runtime Protection is being announced for early-access customers immediately. The patented in-line coaching methodology will be incorporated into Veracode products to help developers improve code security through positive reinforcement of good coding practices.

About Veracode

Veracode is a leader in helping organizations secure the software that powers their world, whether it is software they make, buy or sell. Veracode's SaaS platform and integrated solutions for application security provide an end-to-end approach from code creation to application deployment. The Veracode platform incorporates technology, expertise and workflows into a unified, efficient solution for developers and security teams as well as enterprise risk and compliance functions.

Veracode serves over a thousand customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes' 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Veracode is a registered trademark of Veracode, Inc. All other brand names, product names, or trademarks belong to their respective holders.

1 2016 Verizon Data Breach Investigations Report

2 Veracode State of Software Security Report and follow-on research, 2015


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting