SlideShare a Scribd company logo

Shifting Left…AND Right to Ensure Full Application Security Coverage

DevOps.com, profile picture
DevOps.com

The document outlines the role of Dynamic Application Security Testing (DAST) in identifying vulnerabilities during application development and production. It highlights the automation and scalability features of Veracode's DAST solutions, which enable efficient and comprehensive scanning, focusing on issues that static testing may miss. The closing remarks emphasize the importance of integrating DAST into application security programs for ongoing protection against potential threats.

Technology
Related topics:
Cloud Security Insights
1 of 14
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Market Overview – Application Security
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 The CA Veracode Portfolio Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Dynamic Analysis CA Veracode Software Composition Analysis Developer Training Application Security Consulting Security Program Management CA Veracode Manual Penetration Testing CA Veracode Discovery
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 What is DAST? Crawls Audits Reports A Dynamic Application Security Testing (DAST) solution will crawl the web app and inventory a series of links DAST then audits each link found by the automated crawler. If the audit phase identifies a vulnerability, it is reported to the Veracode Platform for verification/scrubbing. Crawling and auditing occur at the same time.
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 What does DAST find? • Dynamic Analysis has the ability to capture exploitable issues at run-time such as certification issues, server configuration, deployment issues, etc. which Static Analysis is not able to capture. • These run-time issues can include vulnerabilities that may only be found because the web interface interacts with a web service and the dynamic link between these two software layers results in a vulnerability when analyzed as one entity.
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Survey Demographics – DAST Use Cases • How do you use your DAST solution today? Years in AppSec Count Percent Occasional scans in a pre- production environment 8 27.6% Regular scans in a pre- production environment 19 65.6% To discover all websites owned by my organization 4 13.8% Occasional scans in a production environment 8 27.6% Regular scans in a production environment 10 34.5% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% Occasional scans in a pre- production environment Regular scans in a pre- production environment To discover all websites owned by my organization Occasional scans in a production environment Regular scans in a production environment
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 CA Veracode Web Application Scanning
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 CA Veracode Dynamic Analysis Automation Easy to Onboard & Scale Quality of Results • Scheduling Automation Recurring Scanning • IT Maintenance Window Automation – Automated Pause & Resume • Scan Stop • Time Savings – less time managing • All you need is a URL • Batch Upload Configuration • Batch Scanning • Concurrent Scanning • Security Program Management • Time Savings – less time spent configuring • Broad Coverage of Apps incl. Single Page Apps • Breadth of CWEs • Low FP Rate • Actionable Results • Remediation Consultation • Time Savings – faster remediation
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 Automate Your Scans • Scheduling Automation Recurring Scanning • IT Maintenance Window Automation – Automated Pause & Resume • Scan Stop
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Easy to Onboard & Scale • All you need is a URL • Batch Upload Configuration • Batch Scanning • Concurrent Scanning • Security Program Management
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 High Quality of Results • Broad Coverage of Apps incl. Single Page Apps • Breadth of CWEs • Low FP Rate • Actionable Results • Remediation Consultation
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 • Remediation Consultation – Provide guidance in understanding the results • Security Program Management – Setup and help manage an AppSec program • Operational Assistance – Login Script Assistance – False Positive Removal Dynamic Analysis Services SERVICES
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Closing Thoughts • DAST Scanning is an integral part of a well rounded Application Security program and covers applications in pre-prod and production (runtime) environments. • DAST Scanning helps ensure the continued security of your applications and finds exploitable vulnerabilities that static testing alone cannot find. • DAST solutions should provide users with automation, ease of onboarding, scalability, speed, and coverage.
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 LEARN MORE KEEP THE CONVERSATION GOING! Join the Veracode Community https://community.veracode.com Web Application (Dynamic) Scanning Group

More Related Content

PDF
Deploy + Destroy Complete Test Environments
Parasoft
 
PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
PDF
Automating OWASP Tests in your CI/CD
rkadayam
 
PDF
Addressing the Challenges of Mobile Test Automation
TechWell
 
PPTX
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
PDF
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
PDF
Running a High-Efficiency, High-Visibility Application Security Program with...
Denim Group
 
PDF
The DevOps Challenge: Open Source Security at Scale
DevOps.com
 
Deploy + Destroy Complete Test Environments
Parasoft
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Automating OWASP Tests in your CI/CD
rkadayam
 
Addressing the Challenges of Mobile Test Automation
TechWell
 
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
Running a High-Efficiency, High-Visibility Application Security Program with...
Denim Group
 
The DevOps Challenge: Open Source Security at Scale
DevOps.com
 

What's hot (20)

PPTX
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 
PPTX
DevSecOps-OWASP Indonesia Day 2017
Suman Sourav
 
PDF
Evolving from Automated to Continous Testing for Agile and DevOps
Parasoft
 
PDF
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
DevOps.com
 
PDF
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
Denim Group
 
PDF
Rx for FDA Software Compliance
Parasoft
 
PDF
DevSecOps - Building continuous security into it and app infrastructures
Priyanka Aash
 
PPTX
Accelerate Web and Mobile Testing for Continuous Integration and Delivery
SOASTA
 
PDF
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...
Dárcio Takara
 
PDF
Veracode - Overview
Stephen Durrant
 
PDF
Practical appsec lessons learned in the age of agile and DevOps
Priyanka Aash
 
PDF
EuroSPI 2016 - Software Safety and Security Through Standards
Arthur Hicken
 
PPTX
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
SOASTA
 
PDF
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Software Integrity Group
 
PDF
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
PDF
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
PDF
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
PDF
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
PDF
Driving Risks Out of Embedded Automotive Software
Parasoft
 
PDF
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 
DevSecOps-OWASP Indonesia Day 2017
Suman Sourav
 
Evolving from Automated to Continous Testing for Agile and DevOps
Parasoft
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
DevOps.com
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
Denim Group
 
Rx for FDA Software Compliance
Parasoft
 
DevSecOps - Building continuous security into it and app infrastructures
Priyanka Aash
 
Accelerate Web and Mobile Testing for Continuous Integration and Delivery
SOASTA
 
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...
Dárcio Takara
 
Veracode - Overview
Stephen Durrant
 
Practical appsec lessons learned in the age of agile and DevOps
Priyanka Aash
 
EuroSPI 2016 - Software Safety and Security Through Standards
Arthur Hicken
 
O'Reilly Webcast: How Nordstrom Prepares Its Site for Holidays and Major Events
SOASTA
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Software Integrity Group
 
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
Driving Risks Out of Embedded Automotive Software
Parasoft
 
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Ad

Similar to Shifting Left…AND Right to Ensure Full Application Security Coverage (20)

PPTX
Veracode - Inglês
DeServ - Tecnologia e Servços
 
PPTX
The Dynamic Application Security Testing Process A Step-by-Step Guide.pptx
Dev Software
 
PPTX
The Dynamic Application Security Testing Process: A Step-by-Step Guide
Dev Software
 
PPTX
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
PDF
Veracode Corporate Overview - Print
Andrew Kanikuru
 
PDF
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Perforce
 
PPTX
[OPD 2019] AST Platform and the importance of multi-layered application secu...
OWASP
 
PDF
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
PDF
How to Integrate AppSec Testing into your DevOps Program
Denim Group
 
PDF
Web Application Security Testing (1).pptx.pdf
apurvar399
 
PDF
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
PPTX
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Deborah Schalm
 
PDF
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps.com
 
PPTX
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps for Enterprise Systems
 
PDF
Automated Pentesting vs Dynamic Application Security Testing
Prancer Io
 
PDF
Automated pentesting vs dynamic application security testing (dast) (2)
Prancer Io
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
PPTX
Overcoming Challenges in Dynamic Application Security Testing (DAST)
Dev Software
 
PDF
Positive Technologies Application Inspector
qqlan
 
PDF
Ast in CI/CD by Ofer Maor
DevSecCon
 
Veracode - Inglês
DeServ - Tecnologia e Servços
 
The Dynamic Application Security Testing Process A Step-by-Step Guide.pptx
Dev Software
 
The Dynamic Application Security Testing Process: A Step-by-Step Guide
Dev Software
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Veracode Corporate Overview - Print
Andrew Kanikuru
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Perforce
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
OWASP
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
 
How to Integrate AppSec Testing into your DevOps Program
Denim Group
 
Web Application Security Testing (1).pptx.pdf
apurvar399
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Deborah Schalm
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps.com
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps for Enterprise Systems
 
Automated Pentesting vs Dynamic Application Security Testing
Prancer Io
 
Automated pentesting vs dynamic application security testing (dast) (2)
Prancer Io
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
Overcoming Challenges in Dynamic Application Security Testing (DAST)
Dev Software
 
Positive Technologies Application Inspector
qqlan
 
Ast in CI/CD by Ofer Maor
DevSecCon
 
Ad

More from DevOps.com (20)

PDF
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
PPTX
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
PDF
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
PPTX
Vulnerability Discovery in the Cloud
DevOps.com
 
PDF
A New Year’s Ransomware Resolution
DevOps.com
 
PPTX
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
PDF
Don't Panic! Effective Incident Response
DevOps.com
 
PDF
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
PDF
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
PDF
Monitoring Serverless Applications with Datadog
DevOps.com
 
PDF
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
PPTX
Securing medical apps in the age of covid final
DevOps.com
 
PDF
How to Build a Healthy On-Call Culture
DevOps.com
 
PPTX
The Evolving Role of the Developer in 2021
DevOps.com
 
PDF
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
PPTX
Secure Data Sharing in OpenShift Environments
DevOps.com
 
PPTX
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
PDF
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
PDF
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Vulnerability Discovery in the Cloud
DevOps.com
 
A New Year’s Ransomware Resolution
DevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
Monitoring Serverless Applications with Datadog
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
Securing medical apps in the age of covid final
DevOps.com
 
How to Build a Healthy On-Call Culture
DevOps.com
 
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Secure Data Sharing in OpenShift Environments
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 

Shifting Left…AND Right to Ensure Full Application Security Coverage

  • 1. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1
  • 2. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Market Overview – Application Security
  • 3. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 The CA Veracode Portfolio Code Commit Build Test Release Deploy Operate CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Dynamic Analysis CA Veracode Software Composition Analysis Developer Training Application Security Consulting Security Program Management CA Veracode Manual Penetration Testing CA Veracode Discovery
  • 4. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 What is DAST? Crawls Audits Reports A Dynamic Application Security Testing (DAST) solution will crawl the web app and inventory a series of links DAST then audits each link found by the automated crawler. If the audit phase identifies a vulnerability, it is reported to the Veracode Platform for verification/scrubbing. Crawling and auditing occur at the same time.
  • 5. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 What does DAST find? • Dynamic Analysis has the ability to capture exploitable issues at run-time such as certification issues, server configuration, deployment issues, etc. which Static Analysis is not able to capture. • These run-time issues can include vulnerabilities that may only be found because the web interface interacts with a web service and the dynamic link between these two software layers results in a vulnerability when analyzed as one entity.
  • 6. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Survey Demographics – DAST Use Cases • How do you use your DAST solution today? Years in AppSec Count Percent Occasional scans in a pre- production environment 8 27.6% Regular scans in a pre- production environment 19 65.6% To discover all websites owned by my organization 4 13.8% Occasional scans in a production environment 8 27.6% Regular scans in a production environment 10 34.5% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% Occasional scans in a pre- production environment Regular scans in a pre- production environment To discover all websites owned by my organization Occasional scans in a production environment Regular scans in a production environment
  • 7. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 CA Veracode Web Application Scanning
  • 8. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 CA Veracode Dynamic Analysis Automation Easy to Onboard & Scale Quality of Results • Scheduling Automation Recurring Scanning • IT Maintenance Window Automation – Automated Pause & Resume • Scan Stop • Time Savings – less time managing • All you need is a URL • Batch Upload Configuration • Batch Scanning • Concurrent Scanning • Security Program Management • Time Savings – less time spent configuring • Broad Coverage of Apps incl. Single Page Apps • Breadth of CWEs • Low FP Rate • Actionable Results • Remediation Consultation • Time Savings – faster remediation
  • 9. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 Automate Your Scans • Scheduling Automation Recurring Scanning • IT Maintenance Window Automation – Automated Pause & Resume • Scan Stop
  • 10. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Easy to Onboard & Scale • All you need is a URL • Batch Upload Configuration • Batch Scanning • Concurrent Scanning • Security Program Management
  • 11. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 High Quality of Results • Broad Coverage of Apps incl. Single Page Apps • Breadth of CWEs • Low FP Rate • Actionable Results • Remediation Consultation
  • 12. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 • Remediation Consultation – Provide guidance in understanding the results • Security Program Management – Setup and help manage an AppSec program • Operational Assistance – Login Script Assistance – False Positive Removal Dynamic Analysis Services SERVICES
  • 13. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Closing Thoughts • DAST Scanning is an integral part of a well rounded Application Security program and covers applications in pre-prod and production (runtime) environments. • DAST Scanning helps ensure the continued security of your applications and finds exploitable vulnerabilities that static testing alone cannot find. • DAST solutions should provide users with automation, ease of onboarding, scalability, speed, and coverage.
  • 14. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 LEARN MORE KEEP THE CONVERSATION GOING! Join the Veracode Community https://community.veracode.com Web Application (Dynamic) Scanning Group