Veracode Manual Penetration Testing Overview

What is Veracode Manual Penetration Testing?

Veracode Manual Penetration Testing leverages the skills of experiencedpenetration testers combined with automated application security testing scan results to dramatically reduce risk in an application. Penetration testing is necessary to catch vulnerability classes -such as authorization issues and business logic flaw -that cannot be found through automated assessments alone. Veracode’s serviceuses a proven process to provide extensive and comprehensive security testing results, including attack simulations,for web, mobile, desktop, back-end, IoT applications, and DevOps environments. Results from all assessmentscan be found within Veracode’sSaaS portal, simplifying reporting for internal stakeholders, regulating bodies, customers, and prospects.

Veracode Manual Penetration Testing Customers

Security Design & Eng in the Finance Industry

Veracode Manual Penetration Testing Video

Pricing Advice

What users are saying about Veracode Manual Penetration Testing pricing:

"Its cost for what we needed it for was too high. It wasn't too high for other companies and it was competitively priced, but for us, it just didn't fit. We did plan to use it and increase the usage. In the end, it may have been abandoned because of the cost, but I'm not a hundred percent sure. So, even though we had planned on using it more and more, because of the cost and the business conditions of things, we didn't have the opportunity to really use it more."

Veracode Manual Penetration Testing Reviews

reviewer1345386

Senior Software Developer at a pharma/biotech company with 201-500 employees

Dec 4, 2020

Download

A robust and full-featured solution that provides a good analysis of the vulnerabilities

What is our primary use case?

We used it for initial discovery and analysis and for reviewing the product. We were doing a trial. We had uploaded code on the Veracode server for analysis. We used the cloud service or the cloud website where you could interact and identify the artifacts that you wanted to be reviewed, analyzed, and reported on. There was a plugin that we used with some of our IDs. It probably was Greenlight.

Pros and Cons

"The analysis of the vulnerabilities and the results are the most valuable features."

"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."

What other advice do I have?

It is a robust software service for security analysis. It seemed to be pretty full-featured. We didn't exercise every single thing. Just a few of the features didn't seem to be up to snuff for our needs. I would rate Veracode Manual Penetration Testing an eight out of ten.

See Entire Veracode Manual Penetration Testing Review (796 Words) »