Veracode Security Labs Reviews

I use Veracode on a private cloud. When we implement a new solution, it needs to undergo user review. I was specifically interested in learning how the software works and how it can benefit my organization. Once I can get some clarity on this, I can recommend it to my IT team. I have not used the public cloud application yet because I am in the initial stage, and I am still doing trials on my end. 

The solution provides guidance on how to fix vulnerabilities. Veracode has robust reporting and data analytics. I manage key accounts, and data analysis is essential for anyone in a critical sales role. Veracode gives us a comprehensive analysis and reporting structure. When we input data from different teams, we have different criteria for analysis, like performance over time and performance versus target benchmarks. The reporting works well for these key performance indicators.  

Veracode developers have maintained an end-to-end security approach. The platform is highly secure. Users can secure their data and access it at any time based on their requirements. It makes data analysis easier and more user-friendly.

Security Labs has an excellent mechanism for reducing the errors introduced into the system. It also acts as a resistant wall that blocks viruses and rapidly fixes the vulnerable components. It works optimally for my current use. In terms of compliance and governing regulations, this solution works well. It complies with all government norms and global IT documentation.  

Productivity has slowly improved because the Static Analytic tool helps me save time. In the end, we are more productive because we work smarter and optimize the reporting pathway. Veracode also integrates with our development tools, which is helpful because our IT team is incorporating other functions in their backend. 

This solution is a firewall for the workflows. It filters your data, and it will block any kind of threat or malware. A warning pops up, and it says you need to take care of the issue. It has raised developer confidence by mitigating risks. It limits access to specific users at a given time. It's a good tool in terms of secure access. 

I use it to scan applications to try and find security flaws.

We have access to the security platform and our applications are updated there. Besides that, we have installed the Greenlight plugin in the IDE. We can run the Veracode scan locally in our laptops thanks to that plugin.

We found some SRS errors, then we checked in Veracode how to fix those errors. Based on that, we let everybody know that when similar errors were happening to implement the same or similar solution. We are taking the pieces of advice that we get for Veracode fixes or remediation to develop better quality software.

Veracode Security Labs helps our developers get security feedback faster in our integrated development environment. This is very helpful and important for being able to detect errors and get the maximum amount of information and feedback as possible. 

Every time that an application needs to be deployed to production, it needs to run against the Veracode scan. Then, if an error is detected, it needs to be repaired. 

My primary use case is secure programming with C++. This product assists with basic security awareness for computer systems.

In general, this product gives us more ways to correctly and securely write code for our projects.

In terms of how easy it is to write secure code using this solution, we have to put some thought into it but after some consideration, we can easily pass the test and add value to our programming skills.

The platform is quite good in terms of helping developers apply new skills in interactive threat scenarios. I would rate them an eight or nine out of ten in this regard. We have always had software programming best practices but after working with Veracode Security Labs, I gained insight as to what can go wrong when simple choices are made. As such, our team has been more alert to potential problems and we consider all of the things that we have learned during the Veracode assignments.

For example, our organization has benefitted by learning to avoid specific attacks, such as "buffer overflows". This is a situation where data should not be written outside certain locations in memory. This is very technical stuff but more generally, the benefit to us comes because we have more accurate and secure coding practices, as well as a better overall strategy.

This product integrates with our IDE and it proactively makes developers aware of security issues in the code. It will point out common mistakes that in the past have had very bad consequences. Moving forward, we can all avoid these types of problems.

Veracode very well explains some of the hacking and exploitation techniques that are employed by adversaries, which helps us to focus on certain types of problems.

This training is now compulsory for my client.

I have used it as part of Veracode's Secure Coding Challenges. The challenges are a competition hosted by Veracode, where community members work through the training in a time-limited fashion. The first members to complete the challenges are deemed the winners.

The challenge topics range among OWASP's top 10 topics. I am an application developer, so the Veracode Security Labs are directly relevant to my work. They help illuminate common coding problems and walk through the appropriate way to fix them.

Veracode Security Labs walks through a common scenario. A developer inherits a codebase that has issues and has to figure out how to fix them. The platform helps guide the developer through the best way to accomplish this. Learning through a hands-on approach is very effective.

With the hands-on learning approach developers become more secure coders, which means they are less likely to add bugs to the software they are building. This saves time and money in the long run as the mindset of security is shifted left to earlier in the software development lifecycle.

Our use cases are for both dynamic and static scanning of web applications. The application is cloud-based in a major cloud provider. We schedule scans at regular intervals that support various compliance efforts within the enterprise. The application has a modern design with a responsive UI that adapts to the display of the device being used. Veracode seems to have little trouble scanning our application. Overall, we are happy with the service that Veracode provides us although the cost does seem quite high in my opinion.

Our developers are more security-aware and are writing better code. The e-learning option allows our developers to dig deeper into the security issues. Topics such as sanitizing input, carefully configured logging output, and other typical sources of vulnerabilities. We have a better understanding of the proper configuration of web servers and web proxies as well. The Atlassian integration has helped manage our compliance paperwork in a more automated way also. Overall, we are happy with the service that Veracode provides to us.

We use Veracode Security Labs along with Veracode Developer Training and other Veracode components in our company for Digitial Health, and security testing.

Veracode and all of its components have helped us in developing a secure product.

We use this eLearning product for our developers. We are working on adding it to our enterprise eLearning solution to help get developers to take it.

We use Veracode Security Labs as our primary security learning platform. It was pretty cool to use for the first time.

I have used it and looked at it from the perspective of its analysis, if you will, of database files, SQL, MCL SQL. I also looked at other components, Java and such, but not as in-depth. Personally, I think it was a little difficult trying to get it to profile those particular files to get them loaded in; however, it was honestly probably user error — just my misunderstanding of how to use the software more than anything else which is why it took a little longer. The Java stuff was a lot more streamlined. The database stuff was not as robust.

We used this solution to identify vulnerabilities. Essentially, load stuff up, find out what it finds. The next step is (assuming we have enough people to fix the higher priority ones) to look at some of the tips or remediation. Generally, just to find out what's wrong.

We're a smaller company, we had roughly 10 people or less using this solution. I don't think anyone is actively using it as much now because of project work, etc.

I am not familiar with how many other people are using it currently. Probably not many because the project work is different. Previously, there were more business needs for us to build more software but things have changed a little bit in the company. That requirement is different now from a corporate perspective.

Mainly it's just quality. The level of comfort that we have now just from using the product. Again, there may be some other people at the company that had used it a lot more than me but just knowing, having another set of eyes, gives you a comfort level.