TrustRadius
Veracode offers application security and testing software. The company was acquired by CA Technologies in 2017.https://dudodiprj2sv7.cloudfront.net/product-logos/Zz/fJ/O8D176TKZ82L.pngCA TechnologiesVeracode, It's a great tool if you can afford it2018-02-28T14:25:21.981ZMathematica Policy Research uses Veracode across many websites developed for our clients. We are currently working on setting it up to perform a static security scan when source code is checked into our source control repository. It is used by many of staff in the development departments of the company. It is the first step in the process of making certain we do not deploy applications that have security flaws written into them. We do not allow an application to be deployed if it does not pass the Veracode static scan.,Veracode works very well from within Visual Studio for .Net based websites.
The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.,Some members at Mathematica Policy Research program Python-based websites. The Python Static Analysis has not yet come out in Veracode. We have been waiting for over one year for Python.
Speed is a problem with us and Veracode. It can take over two hours at times to get a very simple, single HTML page "website" scanned. This is becoming non-maintainable.
Documentation on the XML out files should be provided. I was able to process the XML files but I am sure there are parts that I either did not see or misinterpreted. I t would be nice if the XML was documented.
Cut the price or come up with multiple pricing models. We do a lot of small applications that only run for a few months. To make us pay a $7000.00 fee for each website is overly costly. Because of the price we cannot use Veracode on all of the applications we would like to use it on,9,As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
The analysis report is accepted by our clients as a proper SSAT report.
Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.,,Burp Suite, Netsparker, Microsoft Visual Studio Team System, Visual Studio IDEGlenn JonesVeracode - A step to securing your application2016-11-18T17:01:56.820ZMy Veracode Experience was efficient. I used Veracode for an legacy application that was coded in c++. It had many functions used that did not meet up with the security standards.These functions used were not the secure versions released later by Microsoft and thus created threat to the application. Veracode scanned the code with great efficiency and provided us a report of:
1) How secure our application is by giving an initial score.
2) Which line has an issue that could compromise the security of the application.
3) The mitigation that can be used for a particular flaw occurring at a particular line.
4) The severity of the that flaw and what should be the priority to mitigate it.
5) A To-Be score to be achieved by our system so that it meets the security standards and our application becomes secure.
After scanning the code, and identifying the flaws, we segregated those flaws based on priority - High, Medium, Low and worked on the highest flaws at earliest.,Extremely efficient for large amount of code as it scans and saves time and resources.
Report given about security of the application is detailed and very easy to work on.
Secure application and ensures code is safe.,Available online - SaaS, could be a desktop application too.,9,I was an employee working on Veracode. As a software developer I am not aware of the impact on business.,,Tableau DesktopVerified UserVeracode review2016-12-14T22:53:04.499ZVeracode is used by our whole organization to test the security of our software. We upload the source code to Veracode at least once every six months and get a report back identifying security flaws, if any, along with recommendations to fix them.,It works great for managed code identifying the security flaws in your code and recommendations to fix them. The report lists not only the source files containing the problem, but also pinpoints the line numbers in the file where the problem is. So, it's easy to quickly fix the problem.,It was scanning our asp.net code just fine, but couldn't scan our Classic ASP and SQL files. At least, we couldn't get it to scan our Classic ASP and SQL code when we tried. Perhaps that's an area for improvement.
We also ran in to some performance issues getting the scanned report back in time. We had to overcome that by reducing the size of our upload.,8Verified User
Unspecified
Veracode
5 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
