Veracode Security Labs Overview

Veracode Security Labs is the #1 ranked solution in our list of top Application Security Training Software. It is most often compared to Codebashing: Veracode Security Labs vs Codebashing

What is Veracode Security Labs?

Veracode Security Labs shifts application security knowledge left, training developers to tackle modern threats in the evolving cybersecurity landscape by exploiting and patching real code, and applying DevSecOps principles to deliver secure code on time. Through hands-on labs that use modern web apps written in your chosen languages, developers learn the skills and strategies that are directly applicable to an organization's code. With detailed progress reporting, email assignments, and a leaderboard, developers are encouraged to continuously level up their secure coding skills. When development is empowered to fix security defects and reduce risk, security teams are better supported to scale AppSec programs, meet compliance requirements, and achieve business outcomes.

Veracode Security Labs is also known as Veracode Developer Training.

Veracode Security Labs Buyer's Guide

Download the Veracode Security Labs Buyer's Guide including reviews and more. Updated: May 2021

Veracode Security Labs Customers
McKESSON, Alfresco
Veracode Security Labs Video

Pricing Advice

What users are saying about Veracode Security Labs pricing:
  • "It's expensive. Know that going in. Your organization, your programmers, and your product will be better for it though."
  • "The pricing for qualified startups should only charge for Veracode Developer Training."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JS
Senior Software Developer at a pharma/biotech company with 201-500 employees
Real User
Top 5Leaderboard
Produces reliable software scans but overall database scanning needs to be improved

What is our primary use case?

I have used it and looked at it from the perspective of its analysis, if you will, of database files, SQL, MCL SQL. I also looked at other components, Java and such, but not as in-depth. Personally, I think it was a little difficult trying to get it to profile those particular files to get them loaded in; however, it was honestly probably user error — just my misunderstanding of how to use the software more than anything else which is why it took a little longer. The Java stuff was a lot more streamlined. The database stuff was not as robust. We used this solution to identify vulnerabilities… more »

Pros and Cons

  • "The deployment didn't take that long."
  • "Its ability to handle more types of files and making it work better with databasing and other API could be improved."

What other advice do I have?

If you're interested in using this solution, you should take advantage of the trial and throw some real-life example code at it and try to figure out how you're going to deal with that. Once you get the results back, just do a trial. On a scale from one to ten, I would give this solution a rating of seven. It's hard to really put a number on it but it's just mainly because of my experience with the databasing analysis. Databasing is so prevalent and so important, the security of that, it shouldn't be as hard as it seemed to be when we were trying to analyze SQL code as it was, compared to the…
Chief Technology Officer at a tech services company with 11-50 employees
Real User
E-learning option enables our developers to dig deeper into the security issues

What is our primary use case?

Our use cases are for both dynamic and static scanning of web applications. The application is cloud-based in a major cloud provider. We schedule scans at regular intervals that support various compliance efforts within the enterprise. The application has a modern design with a responsive UI that adapts to the display of the device being used. Veracode seems to have little trouble scanning our application. Overall, we are happy with the service that Veracode provides us although the cost does seem quite high in my opinion.

Pros and Cons

  • "Our developers are more security-aware and are writing better code. The e-learning option allows our developers to dig deeper into the security issues. Topics such as sanitizing input, carefully configured logging output, and other typical sources of vulnerabilities."
  • "Developers frequently complain to me about the user interface and the difficulty in navigating the web site."
Learn what your peers think about Veracode Security Labs. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
510,534 professionals have used our research since 2012.
Application Security Engineer at Charles Schwab
Real User
Top 20Leaderboard
Hands-on and effective, practical, and has a web-based interface requiring no installation

What is our primary use case?

I have used it as part of Veracode's Secure Coding Challenges. The challenges are a competition hosted by Veracode, where community members work through the training in a time-limited fashion. The first members to complete the challenges are deemed the winners. The challenge topics range among OWASP's top 10 topics. I am an application developer, so the Veracode Security Labs are directly relevant to my work. They help illuminate common coding problems and walk through the appropriate way to fix them.

Pros and Cons

  • "The best part is that this is all within the web browser, so the developer doesn't have to install any development environments or download anything to work through the training."
  • "Web application development covers much of the industry, but there are also developers working with these other technologies that could benefit from a learning environment more specific to their technologies."
RR
Founder & CEO at a healthcare company with 1-10 employees
Real User
Top 5Leaderboard
Valuable wide-spread features, stable, scalable, easy to install and deploy, with amazing technical support

What is our primary use case?

We use Veracode Security Labs along with Veracode Developer Training and other Veracode components in our company for Digitial Health, and security testing.

Pros and Cons

  • "The features are so extensive, which is why they are ahead of the game, and the reason I continue to use this solution."
  • "The only area of this solution that needs improvement is the pricing for startups."

What other advice do I have?

They put together a complete solution that has a number of components. My advice is to take it all. Don't just take just Developer Training or Security Labs or Static Analysis. Rather, take the whole solution and run with it. Veracode cannot be taught about security. I would rate Veracode Security Labs a ten out of ten.
Software Architect at a computer software company with 201-500 employees
Vendor
Top 20Leaderboard
Improves security knowledge for coding, and the approach makes learning more interesting

What is our primary use case?

We are currently evaluating this platform to see if it would help as a company-wide solution. If Veracode Security Labs is chosen then in the future, it will help developers, DevOps, and testers to better and more deeply understand threats and remediations related to application code. In general, Veracode Security Labs will be used to improve the security of the code and help developers in their daily work.

Pros and Cons

  • "It provides a complete review of vulnerabilities & possible fixes for OWASP Top 10 in one place."
  • "Veracode Security Labs should cover more than only the OWASP Top 10."
Senior Information Security Engineer at Sabre
Real User
Top 20Leaderboard
Good coding challenges, but it needs better auto-completion in the IDE

What is our primary use case?

We use this eLearning product for our developers. We are working on adding it to our enterprise eLearning solution to help get developers to take it.

Pros and Cons

  • "The coding challenges were well put together and I was happy to see some of the challenges even had a built-in web browser."
  • "I would have liked to see a bit better auto-completion in the IDE, and there was a typo in one of the questions where the code you were supposed to copy was missing a pair of parentheses."
Chief Executive Officer at Cybrella
Real User
Top 5Leaderboard
Intuitive developer training, simple and concise installation

What is our primary use case?

It is one of the best solutions in the market to help train the developers. We mostly use AWS as a server with the solution.

How has it helped my organization?

We are satisfied with the solutions ability to train developers.

What needs improvement?

There could be better integration between the API and the pipeline systems. For example, if you do penetration tests and you want to share the results with the DevOp team's pipeline, you cannot do it automatically because the API is not good enough. 

For how long have I used the solution?

We have been using the solution for approximately three years.

How was the initial setup?

The installation is straightforward.

What other advice do I have?

I rate Veracode Developer Training a nine out of ten.…