DevSecOps 工具,SaaS

Application Analysis

Five application security analysis types in one solution, all integrated into the development pipeline.
Veracode - 图1

Static Analysis 白盒测试

  • Feedback While Coding,与 IDE 集成,实时反馈,提供修复指导
  • Fast Results,编译时扫描,可以中止编译
  • Satisfying Auditors,完整评估确保合规,提供沙盒环境测试 policy
  • High Accuracy
  • Intergrated Into Tooling,与多种服务集成,也提供 API
  • Focus On Fixing,开发者获得建议、指导和视频教程

Software Composition Analysis

  • Leverage Open Source
  • Identify Vulnerabilities In Open Source,扫描已知漏洞,提示版本更新
  • Get Fast Feedback,pipelines 和 IDE 中都可以集成并扫描
  • Find More Than NVD(National Vulnerability Database)
  • Prioritize Vulnerabilities,确定到执行路径,确定优先级
  • Assess Dependencies Several Layers Deep,开源库引用的库也扫描
  • Get Remediation Guidance And Automation,提供升级建议甚至直接提 Pull Request

Interactive Analysis

  • Embed DevSecOps In The Pipeline
  • Find Vulnerabilities Fast,利用已有的 QA 阶段发现问题
  • Simplify Testing,一个 agent 测试多种编程语言
  • Get Accurate Results,减少误报和重复的结果
  • Customize Vulnerability Checks

Dynamics Analysis 黑盒测试

  • Reduce Risk From Web Apps
  • Scan In Parallel,同时测试上千个 Web 应用
  • Remediate With Actionable Data,展示如何被攻击及应用的响应方式,提供修复指导
  • Scan Non-Public Apps,利用 Gateway 实现扫描非公网应用
  • Integrate With The Build Process,可以和编译工具集成或通过 API 触发
  • Easily Scan Behind Login Screens

Discovery

  • Protect Unknown Apps
  • Map Attack Surface,发现并识别 Web 应用
  • Easily Set Up Scans,与 Dynamics Analysis 集成,简化发现并扫描的流程
  • Scope M&A Risk,对被收购方的 Web 应用做安全审计
  • Reduce Attack Surface

Manual Penetration Testing

Developer Enablement

Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.

Empower Development Teams

  • Security feedback in the IDE in seconds
  • Fix-first recommendations alongside findings
  • Automated fix advice
  • Code reviews with secure coding experts

  • eLearning for developers and security champions

    Focus on Fixing

    Reduce New Flaws

    DevSecOps in the Pipeline

    Developer Training

  • eLearning

  • Instructor-Led Training
  • Developer Workshops

AppSec Governance

Veracode helps security teams to demonstrate the value of AppSec.

Define Program to Achieve Goals

  • risk reduction
  • compliance with internal policies
  • contractual requirements, laws and regulations

    Scale Through Best Practices

    Demonstrate program success to stakeholders using proven metrics

    Policy Management

    Remediation Management

    Analytics & Reporting

    Veracode Verified

    Success Programs


    Other

    Web Application Scan by DynamicDS

    Mobile Application Security

    Vendor Application Security


    Pricing

    官方估算 €7 per vulnerability