Cloud opens security testing to all developers, says Veracode

The economics and accessibility of the model enables application security for the mass market for the first time, said Matt Moynahan, president and chief executive at Veracode.

This has been lacking, putting security testing of applications out of reach for smaller organisations and individual developers, he told Infosecurity's sister publication, Computer Weekly.

In collaboration with the Open Web Application Security Project (OWASP), Vercode aims to enable developers to see first-hand how easy and cost-effective it is to use an automated, cloud-based binary analysis of applications to check and fix vulnerabilities by giving free access to one of its testing services.

"Anyone will be able to register to upload a single application to the cloud and test for cross-site scripting (XSS) vulnerabilities," said Moynahan.

XSS is a security vulnerability typically found in web applications that enables malicious attackers to inject script into web pages viewed by other users.

"We chose XSS because even after 10 years of knowing about this vulnerability, it is still responsible for the most egregious security breaches," said Moynahan.

The cloud computing model enables application security testing at a price that smaller organisations can afford, but at a scale required by the largest of organisations, such as Barclays Bank, which has developers in 71 countries, he said.

More than half the software commonly used by businesses fails to meet acceptable levels of security, a Veracode study of 2,900 applications revealed in September 2010.

Third-party applications have the lowest security quality and failed to achieve acceptable levels of security 81% of the time the study found.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?