We are currently evaluating this platform to see if it would help as a company-wide solution.
If Veracode Security Labs is chosen then in the future, it will help developers, DevOps, and testers to better and more deeply understand threats and remediations related to application code.
In general, Veracode Security Labs will be used to improve the security of the code and help developers in their daily work.
At this point, we do not yet have an organization-wide improvement. The selection process is still underway. However, Veracode Security Labs is better than other evaluated competitor's solutions so far.
The most valuable features are:
- Knowledge of how to write a secure application, like OWASP ASVS 4.0, that is spread across the web is gathered into one place. This can save months of learning and search on your own.
- It is possible to earn Veracode certificate levels one, two, and three, after completion of a defined amount of labs.
- It provides a complete review of vulnerabilities & possible fixes for OWASP Top 10 in one place.
- The Hack & Fix learning approach makes the learning process more interesting.
- Solve vulnerabilities using interactive labs & real applications with the language of your choice.
The following areas should be improved:
-
Veracode Security Labs should cover more than only the OWASP Top 10.
- A more advanced Veracode Security Labs should be added.
- More Java-based labs should be added; ideally, all Veracode Security Labs will be available in the Java language.
- Veracode Security Labs should provide better support for code completion and syntax control (when applied eg. Java) when working on the application code.
- Some Veracode Security Labs are too easy to complete, although this is a subjective opinion.
I have been using Veracode Security Labs for two months.
We did not use another solution prior to this one.
