Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

At Your Service: Veracode's SaaS-based application analysis


This article can also be found in the Premium Editorial Download: Information Security magazine: CISO survival guide: 18 of the best security tips




Price: Minimum cost of engagement is at $40K

Application development has historically given short shrift to security, and we pay the price for it every day as attackers exploit vulnerable Web apps to control corporate systems and steal sensitive data.

Companies are finally building security into the software development lifecycle, but vetting software for security is difficult, time-consuming and error-prone. Organizations often turn to pen testers and/or a variety of commercial products.

Symantec spinoff Veracode weighs in with an on-demand software-as-a-service (SaaS) that performs binary analysis of any application.

Customers upload apps to Vera-code, which reports possible flaws and recommends remediation.

Binary analysis offers particular advantages. Companies are often twitchy about sharing source code, and binary analysis may well find flaws that source code, Web crawling and manual analysis miss. Moreover, applications are typically not monolithic, single-source programs but are built on various pieces contributed by internal and external developers.

"Modern applications are assembled from a mixed code base," says Veracode CEO Matt Moynahan. "Binary analysis analyzes 100 percent of the code."

Moynahan says that binary analysis complements other methods, including source code analysis and human testing. Veracode partners with SPI Dynamics, maker of the WebInspect app scanner.

"All applications are not equal," he says. "If you have a flight control system for a Boeing 747, for example, you want to test with a variety of methods."

This was last published in July 2007

Dig Deeper on Secure SaaS: Cloud application security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.