Veracode Security Labs Review

Produces reliable software scans but overall database scanning needs to be improved

What is our primary use case?

I have used it and looked at it from the perspective of its analysis, if you will, of database files, SQL, MCL SQL. I also looked at other components, Java and such, but not as in-depth. Personally, I think it was a little difficult trying to get it to profile those particular files to get them loaded in; however, it was honestly probably user error — just my misunderstanding of how to use the software more than anything else which is why it took a little longer. The Java stuff was a lot more streamlined. The database stuff was not as robust.

We used this solution to identify vulnerabilities. Essentially, load stuff up, find out what it finds. The next step is (assuming we have enough people to fix the higher priority ones) to look at some of the tips or remediation. Generally, just to find out what's wrong.

We're a smaller company, we had roughly 10 people or less using this solution. I don't think anyone is actively using it as much now because of project work, etc.

I am not familiar with how many other people are using it currently. Probably not many because the project work is different. Previously, there were more business needs for us to build more software but things have changed a little bit in the company. That requirement is different now from a corporate perspective.

How has it helped my organization?

Mainly it's just quality. The level of comfort that we have now just from using the product. Again, there may be some other people at the company that had used it a lot more than me but just knowing, having another set of eyes, gives you a comfort level. 

What needs improvement?

The database portion of it where it's loading and analyzing. That seemed to be a little more laborious compared to the Java stuff which was easier to use and more streamlined.

Its ability to handle more types of files and making it work better with databasing and other API could be improved. That would be really nice.

What do I think about the stability of the solution?

It seemed generally stable. The database stuff didn't seem to be working as well, as fast. It wasn't as responsive. In other words, we'd load something up and then we find out that it loaded everything but there were zero results that it found when it did the analysis. We tried it again and we got the same thing.

What do I think about the scalability of the solution?

It seemed like it could handle volumes. It was pretty fast, too.

How are customer service and technical support?

When the person I referenced earlier needed help, it seemed like he was able to get the help he needed — they were pretty responsive. He didn't mention that there were any issues with technical support.

Which solution did I use previously and why did I switch?

No, I don't think we did. We had looked at the reviews and started using Veracode.

How was the initial setup?

I wasn't that involved in the initial setup of it — the bootstrapping and getting it all ready on the cloud. That being said, setting up a profile for it to do its thing was pretty easy to do. That was pretty straightforward.

The deployment didn't take that long. I don't think it took the guy very long to do it. There was probably some stuff that was done before I started using it. I'm not familiar with what was done but I don't think it was much more than just getting a trial account and such. 

What about the implementation team?

I don't recall who deployed it, but one person can look after deployment and maintenance. The CIO looked after it — he was a "Jack of all trades" type.

What other advice do I have?

If you're interested in using this solution, you should take advantage of the trial and throw some real-life example code at it and try to figure out how you're going to deal with that. Once you get the results back, just do a trial.

On a scale from one to ten, I would give this solution a rating of seven.

It's hard to really put a number on it but it's just mainly because of my experience with the databasing analysis. Databasing is so prevalent and so important, the security of that, it shouldn't be as hard as it seemed to be when we were trying to analyze SQL code as it was, compared to the Java stuff.

Which deployment model are you using for this solution?

Public Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Veracode Security Labs reviews from users
Learn what your peers think about Veracode Security Labs. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,773 professionals have used our research since 2012.
Add a Comment
ITCS user