What is it about?
The applications (of any type, not only web) are the tool with which we access and process the most diverse data, critical to the business as well as sensitive and personal. Making it more secure, especially if it is present on the Internet, means protecting the data itself and tackling “at source” the defects that then become security vulnerabilities.
CryptoNet Labs has selected the SAST (Static Analysis Security Testing) solution from its technology partner Veracode.
Through its cloud-based platform, this solution offers several benefits:
- Ability to review a complete application, i.e. the entire build, while scanning source code may ignore non-compileable parts.
- Identification of problems with compilation options, which is obviously not possible with the source code.
- Examination of all third-party components included in the build.
- Reduction of the risk of intellectual property disclosure.
Choosing the cloud provides additional benefits:
- No need for on-premises deployment
- Its scalability allows you to manage scans of numerous applications with frequent releases
- The analysis logics are optimised to reduce false positives and keep the platform updated with the evolution of the attacks, taking advantage of the knowledge that Veracode acquires on a very large code base.
Finally, Veracode addresses the increasing presence of open source software within its applications to identify the use of vulnerable components, through Software Composition Analysis (SCA) techniques and public and proprietary vulnerability databases.
Who can benefit from it
Companies with in-house development teams or wishing to validate externally commissioned software prior to production. Raising the level of security, lowering fixing costs and adhering to industry standards and regulations (ISO 27001, PCI DSS, PSD2, GDPR, etc.).