Veracode offers portfolio and application scans as an integral part of any company-wide security policy. You can use Veracode to enforce consistent application security policies across your entire inventory of applications, both those that you develop and third-party applications.
Portfolio scans analyze the perimeter that your software applications create around your business processes, and investigate the limitations of your application security and potential threats to your company.
- Discovery Scans
- Analyze your application perimeter and perform focused searches for web applications within a defined IP address range or list of known hosts, then provide you with a detailed listing of the applications found.
- DynamicMP Scans
- Perform massively parallel scans, rapidly and simultaneously analyzing multiple web applications to establish a security baseline of your application perimeter.
Application scans deeply analyze individual applications and provide a detailed report on the discovered flaws and remediation guidance. There are three types of application scans. Veracode recommends both static and DynamicDS scans for web applications with very high, high, or medium business criticality. Using all scan techniques increases the completeness and depth of analysis for your application.
- Static Scans
- Perform deep analyses in an offline environment of compiled or ready-to-deploy web, enterprise, desktop, or mobile applications to detect security flaws in the underlying code. Static scans create a model of the entire application and analyzes its data and inter-procedural flow, and are ideal if you have access to the compiled code for your web or backoffice (non-web) applications.
- Dynamic Scans
- Perform deep analyses of web applications, using customized scan, crawl, and authentication settings to establish a deep understanding of the vulnerabilities of a single web application. Dynamic scans simulate malicious user behavior and detect potential attack points by crawling the application an d checking if intended functionality can be misused. This type of scan is necessary if the web application and its security are critical to your business.
- Manual Penetration Testing
- Leverage and extend the findings identified by automated static and dynamic assessments to uncover unforeseen design issues within an application.
You must have the Creator, Submitter, or Security Lead roles to be able to start a scan. In addition, you must also have the
specific permission to submit each type of scan. Click Your
Account in the top-right of the Veracode Platform to review your scan
permissions. Contact the Veracode administrator in your organization if you want to
request further permissions.