Veracode helped us meet our fin-tech compliance needs
October 02, 2020

Veracode helped us meet our fin-tech compliance needs

Derek Overby | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Static Analysis (SAST)
  • Dynamic Analysis (DAST)
  • Penetration Testing

Overall Satisfaction with Veracode

We use Veracode to ensure that we are providing best-in-class security to our customers, as wells as meeting annual security assessment requirements specified by our partners in the financial services industry. Primarily our technology (software development) organization within our business is using Veracode services, however our entire organization is involved in the review of results and understands the importance of these security assessment services, the results of which we share with our partners.
  • Link findings to CVE/CVSS standards
  • Provide comprehensive report artifacts
  • Thorough manual penetration testing services
  • Expert support
  • Need easier CI integration tools
  • Need easier CI integration tools
  • Need easier CI integration tools
  • Look at GitHub and Snyk
  • Passed IT assessment with a Top 5 bank
  • Ready for future compliance processes
  • Confidence in platform security
  • Love the "Verified by Veracode" badges
Have also evaluated services by GitHub and Snyk. I will say that we continue to use Veracode because of its brand recognition and vendor status in the financial services industry. However if my current company was not operating in this industry I would be tempted to use the less-expensive security analysis services provided by GitHub and Snyk.
I have had several highly technical issues related to our Static, Dynamic, and Manual Penetration testing activities with Veracode, and each time I was able to schedule a consultation for myself and my team members quite easily using the Veracode platform and have our technical issue resolved expeditiously, which was very much appreciated.
The platform has many features that were not relevant to use, retrieving the different reports was not always straightforward and sometimes required special assistance. Overall I think the platform could use a UX refresh. I did not have considerable issues using the platform, however I think some less technical users would require significant training in order to effective use the product to meet their various needs.

Do you think Veracode delivers good value for the price?


Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?


Did implementation of Veracode go as expected?


Would you buy Veracode again?


Excellent for finding issues during static code analysis and dynamic application testing and linking those issues back to CVE/CVSS security standards. Also excellent at providing reporting artifacts for compliance processes and helping prioritize issues by severity. Additionally very helpful during the assessment, remediation and remediation review processes. This is why we are a repeat Veracode customer.