We can conduct security testing (both static and dynamic) on any given application . For penetration testing this is the best tool.
- In web application scanning we can conduct
a) Website discovery
b) Dynamic DS
c) Dynamic MP
d) Dynamic Analysis
- Manual Penetration testing
- Code scanning
a) Static analysis
b) Source clear software composite analysis
And top of all its scan reporting features Review collected by and hosted on G2.com.
Scanning progress is highly dependent on speed of internet as a result it creates confusion on the completion Review collected by and hosted on G2.com.
individual code scanning which helps to scan individual code. which is written by each individual and can be scan at the same time Review collected by and hosted on G2.com.
backend support isnt good . there should be a proepr backend support that is needed from the veracode support team Review collected by and hosted on G2.com.
Over the years, Veracode has made the tools much faster and more thorough. Their Support group is very good, too. It's great to be able to schedule a consultation, and most of their consultants have been fantastic. Review collected by and hosted on G2.com.
On the static scan, sometimes a flaw is detected during one scan, not detected during the next, and subsequently detected on a third. The inconsistency makes it hard to track. Also, they do not make it easy to mitigate flaws other than those for a static scan. Review collected by and hosted on G2.com.
Veracode is good static analysis tool to find security flaws. I use this tool to scan my java microservices jar files. it's easy to configure. It does not require source code and accepts binary files and scans them.
We can either manually scan files or integrate with jenkin so jars are auto scanned on every build. Review collected by and hosted on G2.com.
can takes some time . It could be better if scanning time is improved. Review collected by and hosted on G2.com.
Sast and DAST feautures are good. Risk rating of the apps are decent. Ability to provide built in reports are good Review collected by and hosted on G2.com.
Nothing that I can think of. Perhaps ability to commect with other industry products and scanning engine. Review collected by and hosted on G2.com.
It is easy to integrate with code build tools and produces comprehensive reports about the code quality and security vulnerabilities. Review collected by and hosted on G2.com.
Nothing much to consider but it needs little bit of tweaks in order to tailor to your needs and to suit multiple technologies. Review collected by and hosted on G2.com.
Veracode gives detailed analysis and supports “ignoring of previously reviewed findings”. You can mark findings as “already reviewed”. Review collected by and hosted on G2.com.
User interface is a little clumsy. The UI needs a face lift with more modern technology and widgets. Review collected by and hosted on G2.com.
its provides an automated cloud-based service for securing web, mobile and third-party enterprise applications Review collected by and hosted on G2.com.
Its bit cost cost compare to competitors, But I like all the features Review collected by and hosted on G2.com.
I like that Veracode has a tool that allows a programmer to use Visual Studio to run the tool. I also allows the programmer to view vulnerabilities in the source code reported by Veracode within Visual Studio. This make it very well integrated with Visual Studio. Review collected by and hosted on G2.com.
Veracode can take quite a bit of time to run a source code analysis. This can be discouraging to the programmers and sometimes they do not run Veracode because of this slowness. Review collected by and hosted on G2.com.
Was required by some of our customers, allowed us to scan code and develop higher confidence in security robustness Review collected by and hosted on G2.com.
Huge number of false positives that needed to be explained away, did not deal well with 3rd party libraries Review collected by and hosted on G2.com.
The world needs something like Veracode. Cyberthreats are too complex and are changing too fast for average software developers to keep up with all the necessary expertise and techniques. Separating cybersecurity testing into a standalone, purpose-built service simply makes sense. I appreciate that Veracode is, at least in theory, attempting to be that platform. Review collected by and hosted on G2.com.
Unfortunately, Veracode hasn't actually found the formula for success yet. The interface is clunky and disjointed, the documentation is confusing, and customer support takes literally weeks or months to respond to requests. It's a classic case of an excellent idea with lackluster execution. Review collected by and hosted on G2.com.
Veracode combines human and automated scanning to offer a really robust report. Reports are actionable, remediation is automated, and executive summaries are available on demand. Review collected by and hosted on G2.com.
Veracode today is robust for static scans, but limited to specific mobile builds and Firefox for dynamic scans. This makes analyzing Saas apps that do not support Firefox particularly challenging. Review collected by and hosted on G2.com.
The idea. I'm a big evangelist of clean code and standards. Review collected by and hosted on G2.com.
Everything:
- Scans inaccurate
- Slow
- Outdated UI
- Not user friendly
- Terrible HTTP API for automation
- Bad customer support
- One of our applications, only 1 out of hundreds issues turns out to be true. Review collected by and hosted on G2.com.