Security testing has hit the cloud, as Veracode enhanced its cloud-based testing service, SecurityReview. Using new APIs, developers can now access the automated static binary and Web application-testing service from their build tools, defect trackers and IDEs.
Using SecurityReview’s Upload APIs, tests can be run at any point in the development life cycle. For example, applications can be automatically pushed to the hosted service once it is built, said Roger Oberg, Veracode’s senior vice president of marketing.
After testing, results are sent about the line of code specific to vulnerability identification, along with instructions for remediation. These results can then be integrated into defect-tracking systems using SecurityReview’s Results APIs and XML-formatted output. Once the flaws are sent back, the vulnerable line of code is automatically identified and the developer can mouse over the line to see the remediation advice.
A full year’s subscription of SecurityReview, including unlimited static and dynamic testing, and access to other services, costs from US$2,000 to $5,000, depending on volume.
By hosting this service in the cloud, security testing also becomes easier and more accessible because development teams don’t have to become experts in managing on-site testing tools, Oberg said.