Archives

Veracode revolutionizes cloud-native security with a dynamic duo: DAST Essentials and Veracode GitHub App

Veracode

Veracode, the global leader in intelligent software security, announced the launch of product innovations that will improve developer experience. The new features, which integrate security into the software development lifecycle (SDLC), promote the adoption of application security techniques in the environments where developers work.

According to a recent study by analyst firm IDC, 84% of companies say that developer acceptance of security tools is the “most important requirement” or a “very important requirement” when it comes to security tools. adoption of DevSecOps (development, security and operations).¹ Veracode’s latest innovations redefine the approach to securing cloud-native applications across the SDLC, reinforcing the company’s commitment to providing a unified platform for comprehensive security risk management.

Brian Roche, Director of Product at Veracode, said: “ Developers face enormous pressure to deliver innovations quickly, so they often resort to mechanisms like LLMs and open source. source to speed up the process. Unfortunately, this approach, instead of mitigating security risks, can lead to code consumption and insecure solutions that exacerbate them. For developers, the situation is further compounded by existing security tools that add complexity rather than simplify the process.

Also Read: Opsera Announces Salesforce DevOps 3.0 Capabilities to Speed Deployment Time and Maximize Current Investments in Salesforce Development 

This is the challenge that Veracode sought to address by delivering a unified platform that not only monitors and mitigates risk, but also streamlines developer workflows across repositories, IDEs (integrated development environments), and the cloud. By providing developers with user-friendly security tools, we enable businesses to produce secure software faster, eliminating the need to compromise between security and speed. »

Considering that web applications suffer 60% of breaches² and API attacks increased by 137% in 2022³, it is essential to ensure that cloud-native applications are sufficiently protected and continuously monitored. Using real-world attack methods in a secure environment, dynamic analysis analyzes live execution systems, and it can be performed in a staging environment, within the SDLC. Traditional point solutions fall short and often don’t provide the scalability and flexibility required by growing businesses. Veracode’s DAST Essentials, on the other hand, is an agile solution that makes it easy for developers and security teams to manage risk quickly and at scale.

“ As organizations continue to struggle to secure an ever-expanding attack surface, the need for comprehensive solutions is undeniable. Balancing rapid development and robust security is a daunting task, and the time-consuming nature of regular dynamic scans and the disconnect between development and security teams makes it even more difficult, said Katie Norton, senior research analyst, DevOps and DevSecOps , at IDC. Solutions like Veracode DAST Essentials, which are integrated and reduce friction, enable developers to accelerate the development of secure software and unify remediation efforts, helping organizations strengthen their defenses in an evolving cybersecurity environment . »

Veracode DAST Essentials – which has one of the lowest customer-reported false positive rates (below 5%) – analyzes and tests multiple web applications and multiple APIs (application programming interfaces) simultaneously. Veracode’s “State of Software Security” study showed that 80% of web applications have critical vulnerabilities that can only be identified through dynamic analysis. This highlights the critical role that Dynamic Application Security Testing (DAST) plays in a robust application security program, ensuring that businesses can accurately and quickly remediate exploitable vulnerabilities in cloud-native software.

SOURCE: Businesswire