New Static Analysis Features for Veracode

Veracode, a leader in securing the world’s software and recently acquired by CA Technologies, has announced four new features in its industry-leading Veracode Application Security Platform: Accelerated Results, Custom Cleansers, Greenlight Auto-Scan and Perl language support. With these new features, Veracode is further enabling developers to work faster and more securely across more applications.

To keep up with the growing demand for applications, the nature of software development is changing. Developers are moving to more rapid development cycles and application security needs to keep pace. According to the Puppet State of DevOps Report, the highest performing development teams are addressing security at every stage of the software development and delivery cycle rather than retrofitting security at the end — and they’re spending 50 percent less time remediating security issues as a result.

In alignment with the continuous development mindset, the new features within the Veracode Application Security Platform help developers reduce risk in their applications with improved time to results, accuracy and portfolio coverage:
* Accelerated Results provides developers with security findings as each application module finishes scanning. This new feature empowers developers to address security issues sooner in the software development lifecycle (SDLC) by providing results up to eight-times faster than previous methods.
* Custom Cleansers lets security architects and teams extend Veracode Static Analysis to recognize custom cleansing functions for common vulnerabilities including SQL injection, URL redirection, log forging, and header injection. This new feature allows developers to secure code faster with more accurate findings and actionable results.
* Veracode Greenlight Auto-Scan is a hands-free feature that automatically scans a file the moment it is saved, eliminating the manual step for developers.
* Perl language support helps security teams ensure that more of their portfolio, particularly web applications built using legacy languages, is secure.