Scanning thousands of Web apps in days, not months
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security.
As a result, Veracode announced Veracode DynamicMP, which combines the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a scalable vulnerability detection service that can simultaneously verify application security across thousands of sites.
With its dynamic analysis engine, the service allows companies to rapidly identify SQL Injection or XSS error-related security issues in their running web applications across thousands of externally facing websites before hackers can exploit them.
For one Fortune 100 company, this meant urgently scanning nearly 3,000 sites in what equates to compressing more than a year’s worth of dynamic scanning into only eight days. What’s more, the company was able to reach its goals for this significant project well under budget.
By employing massively parallel cloud-based dynamic scanning architecture, Veracode DynamicMP can produce results within hours or days, versus months or years.
Key deliverables include:
- Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws
- Detailed remediation information on how to fix the flaws
- Guidance on proactive steps to drive longer term strategies that organizations can adopt to improve overall application security across their software portfolio
“Due to cost and time constraints and the imminent threat from attacks, organizations have been forced to prioritize security testing for only their most critical web applications. While pragmatic, this approach to security leaves enterprises at risk with potentially vulnerable untested applications,” said Neil MacDonald, vice president and Gartner Fellow at Gartner Research. “Scaling to test all of an organization’s web applications in a short period of time requires new approaches to dynamic application security testing that balance the need to confidently detect the most serious vulnerabilities with the time and cost required to scan all applications.”