2017-11-26 07:43:00 UTC

What do you like most about Veracode?


Hi Everyone,

What do you like most about Veracode?

Thanks for sharing your thoughts with the community!

Guest
3838 Answers

author avatar
Top 5LeaderboardReal User

We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.

2019-06-16 07:23:00 UTC
author avatar
Top 5Consultant

The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs.

2019-06-11 11:10:00 UTC
author avatar
Top 5LeaderboardReal User

I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code.

2019-06-11 11:10:00 UTC
author avatar
Consultant

We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.

2019-05-23 06:10:00 UTC
author avatar
Vendor

It has an easy-to-use interface.

2018-11-12 09:12:00 UTC
author avatar
Real User

One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important.

2018-11-01 11:57:00 UTC
author avatar
Top 20Real User

It has almost completely eliminated the presence of SQLi vulnerabilities.

2018-10-11 01:43:00 UTC
author avatar
Consultant

Veracode provides faster scans compared to other static analysis security testing tools.

2018-10-10 11:01:00 UTC
author avatar
User

We use Veracode static analysis during development to eliminate vulnerability issues

2018-09-01 11:52:00 UTC
author avatar
Real User

The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process.

2018-07-03 06:10:00 UTC
author avatar
User

Allows us to track the remediation and handling of identified vulnerabilities.

2018-07-02 10:13:00 UTC
author avatar
Real User

Because it is a SaaS offering, I do not have to support the infrastructure.

2018-05-23 10:30:00 UTC
author avatar
Real User

Scanning of .war and .jar is key for us.

2018-05-16 08:31:00 UTC
author avatar
Real User

I don't have to have a team of developers behind me that keep up with all the latest threats because the subscription service they provide for me does that.

2018-05-16 06:43:00 UTC
author avatar
Real User

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen.

2018-05-16 06:43:00 UTC
author avatar
Real User

What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire portfolio of applications I have in this program, and I can report out on it.

2018-05-16 06:43:00 UTC
author avatar
Top 5Real User

I can have quick results by just uploading compiled components.

2018-05-04 18:03:00 UTC
author avatar
Real User

The developers' awareness of the security weaknesses within their code has improved. They aren't just mitigating these issues, they are realizing these are, in fact, issues that have to be dealt with.

2018-05-02 07:27:00 UTC
author avatar
Real User

Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components.

2018-04-12 05:42:00 UTC
author avatar
Real User

Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​

2018-04-11 10:47:00 UTC
author avatar
Real User

Ad-hoc scanning during the development cycle and reports for audits are valuable features.

2018-04-11 10:47:00 UTC
author avatar
Real User

It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies.

2018-04-11 10:47:00 UTC
author avatar
Consultant

Provides consistent evaluation and results without huge fluctuations in false positives or negatives.

2018-04-09 13:11:00 UTC
author avatar
Real User

The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications.

2018-03-28 12:05:00 UTC
author avatar
Real User

The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process.

2018-03-28 12:05:00 UTC
author avatar
PopularReal User

With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers.

2018-03-22 09:39:00 UTC
author avatar
Real User

It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.

2018-03-20 11:53:00 UTC
author avatar
Real User

It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report.

2018-03-15 07:51:00 UTC
author avatar
Real User

Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it.

2018-03-14 08:56:00 UTC
author avatar
Real User

The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws.

2018-03-13 06:59:00 UTC
author avatar
Real User

When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them.

2018-03-11 06:55:00 UTC
author avatar
Real User

We use it to get our scan results and see where our software is vulnerable or not vulnerable.

2018-03-08 09:23:00 UTC
author avatar
Real User

For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE.

2018-03-08 09:23:00 UTC
author avatar
Real User

All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing).

2018-03-07 09:02:00 UTC
author avatar
Real User

Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester.

2018-03-06 09:06:00 UTC
author avatar
User

It helps me to detect vulnerabilities.

2018-01-15 19:17:00 UTC
author avatar
Real User

It has the ability to scale, and the fact that it doesn't produce a lot of false positives.

2018-01-07 09:39:00 UTC
author avatar
Real User

The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.

2017-11-26 07:43:00 UTC
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
419,214 professionals have used our research since 2012.