RSA 2012: Veracode denounces negative approach to secure application testing

Many application security ‘solutions’ test developer code based only on what is wrong with it. Today, Veracode calls this approach counter-productive, and in response, has released a new reporting feature within the Veracode platform which also highlights successful use of security best practices by developers.

Veracode claims that its new reporting capability delivers positive, actionable reports when developers successfully use best practices to eliminate vulnerabilities. The software also continues to provide actionable recommendations for writing secure code.

“For too long, security testing has only highlighted what developers did wrong and not what they did right”, said Wendy Nather, research director, Enterprise Security Practice, 451 Research. “Veracode’s new reports put an application’s security weaknesses alongside its security strengths, giving a balanced look at how well a development team is building in security.”

With the prevalence of common vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) errors, organizations are keen to implement security measures to ensure their application portfolio is secure.

Veracode’s product manager, Tim Jarrett, believes they have the answer. “Developer adoption of testing services is difficult and the feedback from our customers was consistent—they wanted to empower their developers with a new form of reporting while ensuring the security of their software applications.”

This update is available to all current Veracode customers.

What’s Hot on Infosecurity Magazine?