Veracode Application Security Services System
The Veracode Application Security Services System (VASSS) is designed to assist organizations in verifying an application’s security state and in determining acceptable levels of risk before the software is deployed for business use. In conjunction with providing these services, Veracode relies upon its Center for Software Assurance (CSA) function to perform quality review procedures over the results generated by the Platform System prior to delivering them to its clients.
The Veracode cloud-based platform provides customers a centralized way to secure web, mobile and third-party applications across their global infrastructure, from development to production, without slowing innovation.
White Box Testing / Binary Static Analysis (SAST)
Static Application Security Testing (SAST), or “white-box” testing, finds common vulnerabilities by performing a deep analysis of customer applications without executing them. Using Veracode patented binary SAST technology, all code is analyzed, including open source and third-party components, without requiring access to source code.
SAST supplements threat modeling and code reviews performed by developers, finding coding errors and omissions more quickly and at lower cost via automation. It’s typically run in the early phases of the Software Development Lifecycle when it’s easier and less expensive to fix problems prior to production deployment.
Black Box Testing / Dynamic Analysis (DAST)
Dynamic Application Security Testing (DAST), or “black-box” testing, identifies architectural weaknesses and vulnerabilities in customer running web applications. DAST allows customers to test and secure applications prior to and after shipping.
Web Application Perimeter Monitoring
Most enterprises don’t even know how many public-facing applications they have. To reduce customers’ global application threat surface, Veracode’s parallel cloud infrastructure rapidly discovers public-facing applications and identifies the potential exploitable vulnerabilities.
As enterprises spin-up new websites for new marketing campaigns or geographies, create web portals for customers and partners, and acquire companies, web application perimeters are constantly expanding. Additionally, legacy and aging marketing sites may exist unknowingly. The Veracode platform allows customers to quickly identify risks and take immediate action by shutting down legacy sites. Customers can also feed security intelligence about specific vulnerabilities from the Veracode cloud-based platform to your existing WAFs, for rapid mitigation via virtual patching.
Vendor Application Security Testing
Driving innovation to market usually means trusting the resilience of third-party software. The VAST program leaves less to chance. It baselines the risk posed by third-party applications and components, and then works directly with vendors to ensure your software supply chain is in compliance with your corporate policies.
Mobile Application Security System
Veracode’s cloud-based solution helps mobile teams achieve the correct balance between innovation and control. Veracode helps effectively manage the security risk posed by the mobile apps that customer organizations build, buy or download. Veracode’s solution provides the intelligence to protect against attacks and verify compliance with corporate risk and privacy policies.
Veracode’s mobile application security solution combines automated code assessments with expert remediation services that enable IT teams to rapidly secure mobile applications in agile development environments, without slowing innovation.
Privacy Threshold Analysis (PTA)
Privacy Impact Assessment (PIA)
System of Records Notice (SORN)
FedRAMP (Agency) (link)
FedRAMP (CSP Package)