Veracode Application Security Platform Reviews

The world needs something like Veracode. Cyberthreats are too complex and are changing too fast for average software developers to keep up with all the necessary expertise and techniques. Separating cybersecurity testing into a standalone, purpose-built service simply makes sense. I appreciate that Veracode is, at least in theory, attempting to be that platform.

Unfortunately, Veracode hasn't actually found the formula for success yet. The interface is clunky and disjointed, the documentation is confusing, and customer support takes literally weeks or months to respond to requests. It's a classic case of an excellent idea with lackluster execution.

Press their sales people hard for details about whether the platform actually covers your security needs. Despite claiming broad coverage, there are some large holes.

So far, despite quite a bit of money and effort on my part as an independent developer, Veracode has not helped me make any meaningful improvements in the security of my software products. I can't say I've realized any benefits.

I like that Veracode has a tool that allows a programmer to use Visual Studio to run the tool. I also allows the programmer to view vulnerabilities in the source code reported by Veracode within Visual Studio. This make it very well integrated with Visual Studio.

Veracode can take quite a bit of time to run a source code analysis. This can be discouraging to the programmers and sometimes they do not run Veracode because of this slowness.

If you need static code security analysis, and who doesn't, this is the product for you.

My company is using Veracode as the first item to be run before a Application Security Review. It shows the items that are the possible problems before running a dynamic vulnerability scan.

It is easy to integrate with code build tools and produces comprehensive reports about the code quality and security vulnerabilities.

Nothing much to consider but it needs little bit of tweaks in order to tailor to your needs and to suit multiple technologies.

It serves multiple purposes like static code analysis and security vulnerabilities at one shot and produces good reports.

Veracode combines human and automated scanning to offer a really robust report. Reports are actionable, remediation is automated, and executive summaries are available on demand.

Veracode today is robust for static scans, but limited to specific mobile builds and Firefox for dynamic scans. This makes analyzing Saas apps that do not support Firefox particularly challenging.

If your app supports Firefox, this is the best tool on the market!

Application security, vulnerability assessment.

The idea. I'm a big evangelist of clean code and standards.

Everything:

- Scans inaccurate

- Slow

- Outdated UI

- Not user friendly

- Terrible HTTP API for automation

- Bad customer support

- One of our applications, only 1 out of hundreds issues turns out to be true.

If you want your developers frustrated, go ahead and impose veracode. SonarQube together with Findbugs provides more useful feedback.

No benefits. I only use Veracode because it is enforced by company policies

Sast and DAST feautures are good. Risk rating of the apps are decent. Ability to provide built in reports are good

Nothing that I can think of. Perhaps ability to commect with other industry products and scanning engine.

Exposing risks from our enterprise apps is a major benefit. Challenge is the volume but at lease we have visibility now.

I like how easy it is to learn, and how much time it saves in your process

I am fairly new to this program, so I will update if I find anything I dislike

Just give it a try and see how much better you will operate!

I am saving time and having more protection for my business

its provides an automated cloud-based service for securing web, mobile and third-party enterprise applications

Its bit cost cost compare to competitors, But I like all the features

Veracode makes writing secure code just one more aspect of writing great code. With our designed-for-developer tools, API and workflow integrations

Was required by some of our customers, allowed us to scan code and develop higher confidence in security robustness

Huge number of false positives that needed to be explained away, did not deal well with 3rd party libraries

try it once, and you will run away

Static code analysis for security

It provides a fair amount of security but has some quirks.

Not as user friendly as I would like it to be

My experience is using Peer reviews.

Very user friendlyand easy to navigate.. response time for assistance is great

Nothing to report at this time working well

N/A

Risk management

Single solution for both static and dynamic scans.

There's a little bit of a learning curve.

Developing secure software.