informa
Products & Releases

Veracode Launches Massive-Scale Vulnerability Scanning Service

Veracode DynamicMP empowers companies to rapidly identify SQL Injection or XSS error-related security issues in their running Web applications
BURLINGTON, Mass. – August 2, 2011 – Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security. As a result, Veracode, Inc., provider of the world’s only independent, cloud-based application risk management platform, today announced Veracode DynamicMP for critical vulnerabilities. Veracode will be discussing the benefits of Veracode DynamicMP, its new massively parallel application security verification service, at Black Hat USA 2011 this week in Las Vegas.

The only service of its kind, Veracode DynamicMP signals a welcomed, cost-effective shift from approaches that simply examine one or a small number of applications at a time. Veracode becomes the first company to combine the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive vulnerability detection service that can simultaneously verify application security across thousands of sites. In fact, with Veracode DynamicMP’s massively parallel deployment architecture, no other on-premise tool or service provider can achieve this level of scalability with their core technologies.

With its dynamic analysis engine, Veracode DynamicMP empowers companies to rapidly identify SQL Injection or XSS error-related security issues in their running web applications across thousands of externally facing websites before hackers can exploit them. For one Fortune 100 company, this meant urgently scanning nearly 3,000 sites in what equates to compressing more than a year’s worth of dynamic scanning into only eight days. What’s more, the company was able to reach its goals for this significant project well under budget.

“Due to cost and time constraints and the imminent threat from attacks, organizations have been forced to prioritize security testing for only their most critical web applications. While pragmatic, this approach to security leaves enterprises at risk with potentially vulnerable untested applications,” said Neil MacDonald, vice president and Gartner Fellow at Gartner Research. “Scaling to test all of an organization’s web applications in a short period of time requires new approaches to dynamic application security testing that balance the need to confidently detect the most serious vulnerabilities with the time and cost required to scan all applications.”

Massive Scalability, Vast Improvements in Application Security

By employing massively parallel cloud-based dynamic scanning architecture, Veracode DynamicMP can produce results within hours or days, versus months or years. Key deliverables include:

Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws

Detailed remediation information on how to fix the flaws

Guidance on proactive steps to drive longer term strategies that organizations can adopt to improve overall application security across their software portfolio

“Software application security has risen as a top priority on C-level and Board of Director agendas, especially given the onslaught of high-profile attacks like Sony, Toshiba and others that originated via undetected application vulnerabilities that were exploited by hackers,” said Maria Cirino, chairperson, Veracode Board of Directors and managing director, .406 Ventures. “If your Board is asking whether a Sony-like breach can happen in your organization, you can’t take eight months or even eight weeks to respond. Not knowing is simply inexcusable. With Veracode DynamicMP, the answer can be delivered in days, and at a scale and cost not possible with any other security solution.”

Pricing and Availability

Veracode DynamicMP for critical vulnerabilities is available now. Pricing is $150 per website (with a minimum of 500 sites). Accelerated discounts apply based on volume.

About Veracode

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide including Global 2000 brands such as Barclays PLC and Computershare as well as the California Public Employees’ Retirement System (CalPERS) and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the ZeroDay Labs blog.

Recommended Reading: