News
Veracode Makes Urgent Detection of SQL Injection and XSS Vulnerabilities at Massive Scale a Reality
August 2011 by Marc Jacob
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organisation’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security. As a result, Veracode, Inc., provider of the world’s only independent, cloud-based application risk management platform, today announced Veracode DynamicMP for critical vulnerabilities. Veracode will be discussing the benefits of Veracode DynamicMP, its new massively parallel application security verification service, at Black Hat USA 2011 this week in Las Vegas.
The only service of its kind, Veracode DynamicMP signals a welcomed, cost-effective shift from approaches that simply examine one or a small number of applications at a time. Veracode becomes the first company to combine the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive vulnerability detection service that can simultaneously verify application security across thousands of sites. In fact, with Veracode DynamicMP’s massively parallel deployment architecture, no other on-premise tool or service provider can achieve this level of scalability with their core technologies.
With its dynamic analysis engine, Veracode DynamicMP empowers companies to rapidly identify SQL Injection or XSS error-related security issues in their running web applications across thousands of externally facing websites before hackers can exploit them. For one Fortune 100 company, this meant urgently scanning nearly 3,000 sites in what equates to compressing more than a year’s worth of dynamic scanning into only eight days. What’s more, the company was able to reach its goals for this significant project well under budget.
Massive Scalability, Vast Improvements in Application Security
By employing massively parallel cloud-based dynamic scanning architecture, Veracode DynamicMP can produce results within hours or days, versus months or years. Key deliverables include:
· Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws
· Detailed remediation information on how to fix the flaws
· Guidance on proactive steps to drive longer term strategies that organisations can adopt to improve overall application security across their software portfolio
– Pricing and Availability
Veracode DynamicMP for critical vulnerabilities is available now. Pricing is $150 per website (with a minimum of 500 sites). Accelerated discounts apply based on volume.
