Security Experts:

Veracode Hunts SQL Injection and XSS Vulnerabilities on Demand

Surrounding the Black Hat Conference set to take place this week in Las Vegas, Veracode, a provider of cloud-based application risk management solutions, today announced Veracode DynamicMP, an on demand solution that combines the power of automated web application vulnerability scanning with the power of cloud computing to provide a scalable vulnerability detection service that can simultaneously test application security across thousands of sites.

Veracode LogoVeracode DynamicMP helps organizations to rapidly identify SQL Injection or XSS error-related security issues in their running web applications, and can do so across thousands of externally facing websites. With DynamicMP, Veracode, working with a Fortune 100 client, was able to scan nearly 3,000 sites in only eight days, the company said.

“Due to cost and time constraints and the imminent threat from attacks, organizations have been forced to prioritize security testing for only their most critical web applications. While pragmatic, this approach to security leaves enterprises at risk with potentially vulnerable untested applications,” said Neil MacDonald, vice president and Gartner Fellow at Gartner Research. “Scaling to test all of an organization’s web applications in a short period of time requires new approaches to dynamic application security testing that balance the need to confidently detect the most serious vulnerabilities with the time and cost required to scan all applications.”

By using a cloud-based architecture, Veracode DynamicMP can produce results within hours. Key deliverables include:

• Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws

• Detailed remediation information on how to fix the flaws

• Guidance on proactive steps to drive longer term strategies that organizations can adopt to improve overall application security across their software portfolio

“Software application security has risen as a top priority on C-level and Board of Director agendas, especially given the onslaught of high-profile attacks like Sony, Toshiba and others that originated via undetected application vulnerabilities that were exploited by hackers,” said Maria Cirino, chairperson, Veracode Board of Directors and managing director, .406 Ventures. “If your Board is asking whether a Sony-like breach can happen in your organization, you can’t take eight months or even eight weeks to respond. Not knowing is simply inexcusable.”

Veracode DynamicMP is available now, priced at $150 per website, but with a minimum of 500 web sites. Veracode said it will offer discounts based on volume.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.