Browse archive

Latest news

(IN)SECURE Magazine issue 38 released

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

Hacking charge stations for electric cars

Scanning thousands of Web apps in days, not months

Posted on 05 August 2011.

Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security.

As a result, Veracode announced Veracode DynamicMP, which combines the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a scalable vulnerability detection service that can simultaneously verify application security across thousands of sites.

With its dynamic analysis engine, the service allows companies to rapidly identify SQL Injection or XSS error-related security issues in their running web applications across thousands of externally facing websites before hackers can exploit them.

For one Fortune 100 company, this meant urgently scanning nearly 3,000 sites in what equates to compressing more than a year’s worth of dynamic scanning into only eight days. What’s more, the company was able to reach its goals for this significant project well under budget.

By employing massively parallel cloud-based dynamic scanning architecture, Veracode DynamicMP can produce results within hours or days, versus months or years.

Key deliverables include:

Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws
Detailed remediation information on how to fix the flaws
Guidance on proactive steps to drive longer term strategies that organizations can adopt to improve overall application security across their software portfolio

“Due to cost and time constraints and the imminent threat from attacks, organizations have been forced to prioritize security testing for only their most critical web applications. While pragmatic, this approach to security leaves enterprises at risk with potentially vulnerable untested applications,” said Neil MacDonald, vice president and Gartner Fellow at Gartner Research. “Scaling to test all of an organization’s web applications in a short period of time requires new approaches to dynamic application security testing that balance the need to confidently detect the most serious vulnerabilities with the time and cost required to scan all applications.”