Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security. As a result, Veracode, Inc., provider of the world’s only independent, cloud-based application risk management platform, today announced Veracode DynamicMP for critical vulnerabilities. Veracode will be discussing the benefits of Veracode DynamicMP, its new massively parallel application security verification service, at Black Hat USA 2011 this week in Las Vegas.
The only service of its kind, Veracode DynamicMP signals a welcomed, cost-effective shift from approaches that simply examine one or a small number of applications at a time. Veracode becomes the first company to combine the power of automated web application vulnerability scanning with the benefits of elastic computing in the cloud to provide a massively scalable, inexpensive vulnerability detection service that can simultaneously verify application security across thousands of sites. In fact, with Veracode DynamicMP’s massively parallel deployment architecture, no other on-premise tool or service provider can achieve this level of scalability with their core technologies.
With its dynamic analysis engine, Veracode DynamicMP empowers companies to rapidly identify SQL Injection or XSS error-related security issues in their running web applications across thousands of externally facing websites before hackers can exploit them. For one Fortune 100 company, this meant urgently scanning nearly 3,000 sites in what equates to compressing more than a year’s worth of dynamic scanning into only eight days. What’s more, the company was able to reach its goals for this significant project well under budget.
“Due to cost and time constraints and the imminent threat from attacks, organizations have been forced to prioritize security testing for only their most critical web applications.  While pragmatic, this approach to security leaves enterprises at risk with potentially vulnerable untested applications,” said Neil MacDonald, vice president and Gartner Fellow at Gartner Research. “Scaling to test all of an organization’s web applications in a short period of time requires new approaches to dynamic application security testing that balance the need to confidently detect the most serious vulnerabilities with the time and cost required to scan all applications.”
Massive Scalability, Vast Improvements in Application Security
By employing massively parallel cloud-based dynamic scanning architecture, Veracode DynamicMP can produce results within hours or days, versus months or years. Key deliverables include:
· Report of critical vulnerabilities discovered, complete with accompanying information to enable development and QA teams to recreate flaws
· Detailed remediation information on how to fix the flaws
· Guidance on proactive steps to drive longer term strategies that organizations can adopt to improve overall application security across their software portfolio
“Software application security has risen as a top priority on C-level and Board of Director agendas, especially given the onslaught of high-profile attacks like Sony, Toshiba and others that originated via undetected application vulnerabilities that were exploited by hackers,” said Maria Cirino, chairperson, Veracode Board of Directors and managing director, .406 Ventures. “If your Board is asking whether a Sony-like breach can happen in your organization, you can’t take eight months or even eight weeks to respond. Not knowing is simply inexcusable. With Veracode DynamicMP, the answer can be delivered in days, and at a scale and cost not possible with any other security solution.”
Pricing and Availability
Veracode DynamicMP for critical vulnerabilities is available now. Pricing is $150 per website (with a minimum of 500 sites). Accelerated discounts apply based on volume.