TMCnet News

Veracode Provides Enterprise Customers with Application-Layer Analysis to Address Long-Term Threat Caused by Heartbleed Vulnerability
[April 15, 2014]

Veracode Provides Enterprise Customers with Application-Layer Analysis to Address Long-Term Threat Caused by Heartbleed Vulnerability


BURLINGTON, Mass. --(Business Wire)--

Veracode, the application security company, today announced that the company is offering to use its cloud-based platform to analyze all previously scanned customer applications and publically facing websites for the Heartbleed vulnerability. Using the software composition analysis functionality and web application perimeter analysis service, Veracode will provide customers with reports detailing all application that may possess the OpenSSL vulnerability.

When patching applications, businesses focus first on their main, publicly-facing applications. Often, the patching initiatives do not extend beyond these initial applications, as the business may not be aware of all the applications. This leaves thousands of applications vulnerable, and creates a long-term security threat. For one client, Veracode analyzed more than 26,000 websites in less than 2 minutes and found multiple sites still containing the Heartbleed vulnerability. /p>



In addition, development teams embed OpenSSL deeply into their mission-critical client-server applications, making it difficult for traditional security tools to root out and identify the library. Using data mined from Veracode's cloud-based platform, Veracode analyzed thousands of applications and found over 12 percent were at risk of having the OpenSSL vulnerability. Unlike other services, Veracode uses both static and dynamic analysis techniques to quickly identify and mitigate the risk from the wide-spread OpenSSL vulnerability in all applications.

"When new vulnerabilities are identified it is crucial for large enterprises to react quickly to mitigate the risk to their infrastructure and customers' data. However, we recognize how difficult it can be for companies to develop an appropriate response in a timely manner," said Bob Brennan, CEO, Veracode. "These offerings are meant to assist customers in their Heartbleed mitigation efforts. It is our hope that by harnessing the full power of Veracode's cloud-based platform, customers are able to prevent this vulnerability from having a long-term effect on their businesses."


Veracode is offering the following cloud-based services to current customers, giving them visibility into their hidden perimeter and embedded apps:

  • Heartbleed Component Analysis: The Veracode software composition analysis engine searches static code for evidence of OpenSSL and produces a report detailing at risk applications.
  • Heartbleed Web Perimeter Analysis: Through the use of Veracode's massively parallel Discovery technology, Veracode will discover all sites in the customer's domain, detect the use of OpenSSL in all company owned websites, and produce a report identifying vulnerable websites.

Current customers interested in learning more should contact [email protected], while prospective customers can contact [email protected].

About Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster - without sacrificing security.

Veracode's powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

Recognized as a Gartner (News - Alert) Magic Quadrant Leader since 2010, Veracode secures hundreds of the world's largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world's top 100 brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.


[ Back To TMCnet.com's Homepage ]