Veracode Adds Backdoor Detection

BURLINGTON, Mass. -- Veracode, the first provider of on-demand application security testing solutions, today announced a further innovation – comprehensive detection of backdoors and malicious code.

Veracode is the only company to offer application code reviews on a software-as-a-service subscription basis. Veracode’s SecurityReview® is the first solution to enable organisations to discover security flaws in software automatically, without releasing their valuable source code. Whether a company is buying or building software Veracode helps improve the security quality of applications without the need to hand over precious intellectual property by providing comprehensive identification and remediation of the security flaws contained in binary code, the very foundation of today’s software applications.

The addition of the new backdoor detection capability further strengthens Veracode’s position as a true trailblazer in the application security arena. Backdoors are often included in programmes by developers for seemingly legitimate purposes but are increasingly being exploited by hackers to compromise applications. Research from the US Department of Homeland Security points to a significant risk from backdoors and 23% of software packages used by US government employees have backdoors built into them.

"Backdoors and malicious code pose significant operational risk to enterprises and software that are just too significant to ignore,” said Matt Moynahan, chief executive officer of Veracode. “Given the complexity of modern application development, the common practice of outsourcing and increasing use of third party libraries, it is nearly impossible for an enterprise to identify the pedigree and security level of the software running their business-critical applications and handling their customer’s personally identifiable information. As a result, we expect backdoors and malicious code insertion to become an increasingly prevalent attack vector against the enterprise. Because the binary (compiled code) represents the actual attack surface for the hacker, testing the application binaries is the most accurate and complete way to conduct final, independent security validation and verification.”

Veracode