Veracode Application Security Platform Reviews & Product Details

I find the Veracode Application Security Platform incredibly useful for identifying social injections and providing static code analysis, which helps in addressing all security vulnerabilities effectively. The ease of integrating with GitHub and cloud-based repositories streamlines our development process. The platform's PR static analysis feature is invaluable for maintaining best code practices, especially in preventing SQL injections and cross-site scripting attacks. I also appreciate the comprehensive code analysis capabilities that ensure our applications maintain high security standards. Review collected by and hosted on G2.com.

i don't any issues with this security Review collected by and hosted on G2.com.

We perform SAST and DAST code review on internal developed software in order to grant secure platform and accountability to our customers.

We use 2 licecense since 2018

The support teams is really propositive and contact you before renewal, a specific session is performed in order to understand if the needs changed during years Review collected by and hosted on G2.com.

During the years the costs increased faster and each application request a dedicated licence Review collected by and hosted on G2.com.

Serves great as a single entry point for all our applications portfolio, allowing to have both a general overview and to go in details on the security findings. Review collected by and hosted on G2.com.

Account executive way too pushy and creates unneeded pressure.

The company delivers way more features to the US market than EU, and the features are never delivered as promised.

There are mismatches between what is described in the docs and what is actually delivered.

Overly complex license model.

The investment on the customer success package is hard to justify and its services are not measurable. Review collected by and hosted on G2.com.

security scanning which can conduct on our sdk'd , ipa's , jar files is something whoich one should appreciate . Because it gives back the exact report with correction required and suggestions . Review collected by and hosted on G2.com.

Fro scanning as we upload sdk'd , ipa's ,jar files . When upload is not successfull ,user is not intimated immediately. This causes little confusion for a new comer. Review collected by and hosted on G2.com.

It's a tool to make a static code scan and detect the exposed secrets or passwords before the application is released. We can create multiple sandboxes and run various parts of the code individually. Veracode can be easily integrated with CI/CD pipelines, making it easy to trigger the scan. Review collected by and hosted on G2.com.

Any meditation of false positive flaws is not straightforward or internal to the team. There is always dependency on the Veracode admin team to mitigate the flows, interrupting the overall workflow. Review collected by and hosted on G2.com.

Help to analyse or found security threats in code.

Performing Security testing get easy Review collected by and hosted on G2.com.

Bit complex to implement and understand the threats.

Description is to less for many errors.

Scaning take more time to complete the result or report Review collected by and hosted on G2.com.

We can conduct security testing (both static and dynamic) on any given application . For penetration testing this is the best tool.

- In web application scanning we can conduct

a) Website discovery

b) Dynamic DS

c) Dynamic MP

d) Dynamic Analysis

- Manual Penetration testing

- Code scanning

a) Static analysis

b) Source clear software composite analysis

And top of all its scan reporting features Review collected by and hosted on G2.com.

Scanning progress is highly dependent on speed of internet as a result it creates confusion on the completion Review collected by and hosted on G2.com.

The ease of finding the CVE and possible libraries that needs to be upgrade for security compliance Review collected by and hosted on G2.com.

Ease of console usage is a little challenging Review collected by and hosted on G2.com.

individual code scanning which helps to scan individual code. which is written by each individual and can be scan at the same time Review collected by and hosted on G2.com.

backend support isnt good . there should be a proepr backend support that is needed from the veracode support team Review collected by and hosted on G2.com.

Over the years, Veracode has made the tools much faster and more thorough. Their Support group is very good, too. It's great to be able to schedule a consultation, and most of their consultants have been fantastic. Review collected by and hosted on G2.com.

On the static scan, sometimes a flaw is detected during one scan, not detected during the next, and subsequently detected on a third. The inconsistency makes it hard to track. Also, they do not make it easy to mitigate flaws other than those for a static scan. Review collected by and hosted on G2.com.