Veracode Expands Android Mobile App Testing Support

Veracode, Inc., the leader in cloud-based application security testing, today detailed recent updates to the Veracode platform that features core static binary scanning, dynamic scanning, developer education, and reporting and analytics components. Overall enhancements focus on ease of use and improving the balance between IT productivity and security assurance.

Primary updates include a redesigned platform administration interface and data export capabilities to provide customers with better access to information and intelligence about their application security program. Veracode also added new flaw categories for Android applications, support for the Apache Xerces J2EE framework, and numerous improvements in results quality and API-based results access. Additional details on key focus areas include:

• New Android Flaw Categories: Based on increasing requests for analysis of applications developed on the Android platform, Veracode expanded scanning capabilities for new flaw categories including several items on the Mobile App Top 10. For example, expanded support examines cases where Android apps attempt to modify proxy settings, create inbound SMS listeners, or create data files or permissions settings in ways that allow other apps to read or change them.
• Tracking Common Frameworks and Xerces Prevalence: One of the benefits of running a scanning service in the cloud is the ability for Veracode to learn in an anonymous, aggregated way about the applications it analyzes. For instance, Veracode began tracking the frequency with which it saw frameworks in the applications that are uploaded to the platform and mined that data to prioritize and improve the quality of results. One outcome of this effort was identifying Xerces as the fifth most common Java framework or technology, following JSPs, Spring MVC and Struts 1.x. The benefit to customers is better application scanning coverage, leading to more accurate results.
• Enhanced User Administration Features Encourage Adoption and Scale: To secure an enterprise, it’s not enough to scan a few applications or educate a few users. Veracode provides the technology to support a more scalable, holistic approach. In fact, Veracode has multiple customers that have scanned 100 applications in the first 30 days of their subscription, and others that have successfully rolled out more than 1,000 developer education programs for their users. As customers work toward these milestones or grow their Veracode user base from hundreds to thousands, Veracode has enhanced its user administration features and added capabilities for better sorting, filtering and taking quick action on user lists, easy team membership management, and getting on-platform access to detailed user activity logs for tracking and investigating user activity.

“Veracode takes advantage of being a SaaS-based service provider to update our platform frequently with the goal of quickly driving actionable results for our customers, and making it as easy as possible to maximize the benefits of every aspect of the service, from requesting scans and viewing results to setting policy and running an application security program,” said Tim Jarrett, director of product management, Veracode. “For Veracode and our customers, ease of use isn’t just nice to have, it’s mission critical.”

About Veracode

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide including Global 2000 brands such as Barclays PLC and Computershare as well as the California Public Employees’ Retirement System (CalPERS) and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

Copyright © 2012 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.