Cloudflare Zero Trust Services vs. Veracode

For example, Cloudflare is a very good solution for ZTNA implementation. Cloudflare has Warp for propagating Gateway rules and checking device posture. Browser Isolation gives you more abilities to use internet resources without any restrictions and at the same time not put the company at risk. For example, if there is no DLP solution in place blocking the printing function can partly protect the company's sensitive data from intentional or intentional leakage through the online forms. A similar approach protects the end-user device from Zero-day threats and malicious software code. Moreover, Remote Browser Isolation technology protects not only the user's device but also the user himself from possible phishing attacks - for example, even if the user enters his username and password on the phishing website, bank card issuers, or other personal or confidential data, data will not go beyond the isolated cloud environment. Cloudflare Access gives company administrators a great opportunity to implement role-based access policies and make effect segmentation and diversification of company network groups.

Incentivized

I will say it is a nine because the aggregated score of all the modules in an application is not shown anywhere in the Veracode. Otherwise, it's good for the easiness and stability of the application that a developer and an organization are keen to see in a penetration application, respectively.

Incentivized

• Block access to known bad, risky, or unwanted destinations at the DNS or HTTP level.
• Excellent protection for remote users.
• Best in class browser isolation techniques.

Incentivized

• The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
• Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
• SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
• Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)

Incentivized

• Very API [oriented] which is fine, but the GUI is sometimes inconsistent

Incentivized

• Build a ticket management screen into the platform
• Easier integrations to SSO/SAML
• A different method of having API users, they should be either integrated into the team (an API key as part of the team) or at least separate from the regular user area.

Incentivized

At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.

Incentivized

- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.

Incentivized

Veracode has always been up and available to us.

Incentivized

At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.

Incentivized

Good chat support from the portal for basic questions and minor issues. The enterprise support line is provided as well.

Secure code training it's a great option to enable developers in the security world, it's a dynamic platform that helps to understand the vulnerabilities and how to fix them in a real environment, and the documentation contains all the information you need to understand all the functions of the Veracode platform.

Incentivized

We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.

Incentivized

As long as all Cloudflare products and services rely on anycast technology, in a complex approach Cloudflare is faster and more relevant for cloud applications. The balance between security and performance is fully established. Also, Cloudflare has quite a good stack for API connection protection, like the API Shield example, which makes it more effective compared to F5 for example. Warp as a ZTNA agent gives better visibility and device posture information than FortiClient does.

Incentivized

I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.

Incentivized

It meets our needs.

Incentivized

• Complete solution in case of using with Cloudflare Access.
• No need of maintenance.
• No skilled staff and trainings required.

Incentivized

• Veracode's tools can perform in a couple of hours what would take us weeks to do.
• Our customers--rightfully--expect a high degree of security from us.
• It's easy to integrate Veracode into a CI pipeline allowing you to catch flaws while the code changes are fresh in your mind.

Incentivized