June 16, 2010
BURLINGTON, Mass., June 16, 2010 -- Veracode, Inc. today unveiled a series of enhancements to its SecurityReview automated static binary and dynamic web application testing service that empowers developers with an easy-to-use, cloud-based approach to quickly improve software application security. Developers can now upload applications automatically and download line-of-code specific vulnerability identification and remediation instructions directly to defect tracking systems and integrated development environments (IDEs). Results are often 100 percent lower in false positives than alternative on-premise source code tools. By delivering the benefits of cloud-based static binary and dynamic web application testing to local development environments, Veracode makes accurate, reliable application security testing accessible to all developers, not just security experts.
Veracode understands that developers are increasingly asked to be responsible for delivering secure software on time and within budget, without being afforded the training or technologies to make it happen. In some cases, developers have been handed down expensive, complicated on-premise security tools with high false positive rates that require them to be security tool experts and waste precious cycles finding the real problems. Alternatively, they receive manual testing results reports from third-parties that are disconnected from their development processes. Veracode’s pragmatic approach to cloud-based security testing and training, which is integrated into local development environments, enables developers to focus on writing secure code on time and within budget.
“By integrating cloud-based testing capabilities directly into tools that are part of a developer’s everyday life, Veracode is really completing the ‘last mile’ needed to deliver the advantages of both static and dynamic cloud-based security testing into the on-premise development climate,” said Nigel Stanley, practice leader, Bloor Research. “It’s one of the few really useful examples of the cloud that I have seen and the potential is clear – more secure code for substantially less developer effort.”
Freedom From False Positives: More Secure Software Is Within Reach
Veracode SecurityReview now features a number of new APIs and reference integrations that support security testing in popular Java, .Net, C/C++, ColdFusion and PHP development environments. Developers simply upload the executable (not source) or provide the URL to Veracode’s cloud-based platform at points of their choosing in the development lifecycle for automated static binary and dynamic web application security testing. The step may be automated and scheduled in build management systems using SecurityReview’s Upload APIs. Depending on the size and complexity of the application, developers quickly receive line-of-code specific vulnerability identification and remediation instructions that are often 100 percent lower in false positives than on-premise source code tools. These results may be integrated into defect tracking systems and IDEs using SecurityReview’s Results APIs and XML formatted output.
With SecurityReview, the aggregation of security testing from thousands of applications produces a more effective security testing engine that can provide more coverage (dynamic, static, manual) and greater accuracy (continuously improving scans that instantly benefit the very next application tested, fewer false positives) than on-premise source code security testing tools. When combined with Veracode’s patented static binary/ bytecode analysis of final executables rather than source, the potential for reaching far more applications – including third-party components and applications – compared to traditional source code tools is impressive.
“Until now, developers responsible for incorporating security testing into their development lifecycles have had two options – on-premise tools with high false positive rates, or manual third-party penetration testing that can be time consuming and costly,” said Jon Stevenson, senior vice president of engineering, Veracode. “With this announcement, we are truly offering developers the best of all worlds – the integration advantages that on-premise tools have sometimes delivered plus the benefits of an expert security partner. Veracode is changing the game for software development, destroying the myth that improving the security of every application is prohibitively slow, complicated and expensive.”
Agile Security: Successful Security Testing for Agile Development
In addition to SecurityReview enhancements, Veracode is announcing the availability of new developer materials focused on achieving security testing best practices for Agile development including a whitepaper, “Agile Security: Successful Security Testing for Agile Development,” and related webinar scheduled for July 7, 2010 at 11 a.m. EDT. To register, visit https://www1.gotomeeting.com/register/922248089.
With Agile’s fast pace and lean concepts, Veracode acknowledges that many organizations simply consider testing for application security defects to be too costly in terms of time and resources. The reasons behind these beliefs include concerns related to the cost of deployment and training, and the inability for testing tools to fit into existing Agile development processes. The whitepaper addresses these concerns and describes methods that utilize Veracode’s SecurityReview and methodologies for security testing that succeed in the Agile world. To download the whitepaper visit http://www.veracode.com/research/index.html.
Pricing and Availability
Veracode is offering special incentive pricing to qualified organizations interested in SecurityReview. Fortify and IBM AppScan Source customers may receive credit for up to 50 percent off their source code tool purchase in the past year. Learn more at The Veracode Challenge site. Single seat secure developer training is now available for only $500; single application subscriptions to SecurityReview with unlimited automated static binary and dynamic web application testing may also be purchased by visiting the Veracode Subscriptions site.
Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic Web assessments and developer e-learning, Veracode SecurityReview® is the most accurate and cost-effective way to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the most simple, complete way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com, follow on Twitter @Veracode or read the ZeroDay Labs blog.
The ever-growing complexity of scientific and engineering problems continues to pose new computational challenges. Thus, we present a novel federation model that enables end-users with the ability to aggregate heterogeneous resource scale problems. The feasibility of this federation model has been proven, in the context of the UberCloud HPC Experiment, by gathering the most comprehensive information to date on the effects of pillars on microfluid channel flow.
Large-scale, worldwide scientific initiatives rely on some cloud-based system to both coordinate efforts and manage computational efforts at peak times that cannot be contained within the combined in-house HPC resources. Last week at Google I/O, Brookhaven National Lab’s Sergey Panitkin discussed the role of the Google Compute Engine in providing computational support to ATLAS, a detector of high-energy particles at the Large Hadron Collider (LHC).
Frank Ding, engineering analysis & technical computing manager at Simpson Strong-Tie, discussed the advantages of utilizing the cloud for occasional scientific computing, identified the obstacles to doing so, and proposed workarounds to some of those obstacles.
May 23, 2013 |
The study of climate change is one of those scientific problems where it is almost essential to model the entire Earth to attain accurate results and make worthwhile predictions. In an attempt to make climate science more accessible to smaller research facilities, NASA introduced what they call ‘Climate in a Box,’ a system they note acts as a desktop supercomputer.
May 16, 2013 |
When it comes to cloud, long distances mean unacceptably high latencies. Researchers from the University of Bonn in Germany examined those latency issues of doing CFD modeling in the cloud by utilizing a common CFD and its utilization in HPC instance types including both CPU and GPU cores of Amazon EC2.
05/10/2013 | Cleversafe, Cray, DDN, NetApp, & Panasas | From Wall Street to Hollywood, drug discovery to homeland security, companies and organizations of all sizes and stripes are coming face to face with the challenges – and opportunities – afforded by Big Data. Before anyone can utilize these extraordinary data repositories, however, they must first harness and manage their data stores, and do so utilizing technologies that underscore affordability, security, and scalability.
04/02/2012 | AMD | Developers today are just beginning to explore the potential of heterogeneous computing, but the potential for this new paradigm is huge. This brief article reviews how the technology might impact a range of application development areas, including client experiences and cloud-based data management. As platforms like OpenCL continue to evolve, the benefits of heterogeneous computing will become even more accessible. Use this quick article to jump-start your own thinking on heterogeneous computing.