Effective application security assesses applications across the entire software lifecycle – beyond the development phase and into production. Why is this necessary? If you’ve shifted security left, into the development process, why do you need to shift it right into production? To put it bluntly: Because people aren’t perfect, and bad guys never sleep. With the speed of today’s development processes, it would be foolish to assume that every defect has been found and fixed when an app hits production, and likewise, it would be foolish to assume that cyberattackers are done inventing new ways to access your code. In addition, scanning an app dynamically at runtime will find issues and vulnerabilities you simply can’t identify looking at the app statically. The bottom line is that scanning apps in production with dynamic analysis is a critical piece of an effective application security program. However, dynamic analysis solutions have to work with DevOps processes and keep software secure without slowing or stopping releases.
To help you meet this need to dynamically scan apps in production, while ensuring you keep pace in a DevOps world, we’re launching a new and improved DAST solution, CA Veracode Dynamic Analysis. With its automation, depth of coverage, and unmatched scalability, CA Veracode Dynamic Analysis helps you:
Save time and effort on production scanning
With CA Veracode Dynamic Analysis’ recurring scheduling feature, you don’t have to remember to kick off scans. You can easily set up scans on a schedule that you do not have to continuously monitor. In addition, with the automated pause & resume feature, you don’t have to worry about disrupting IT maintenance windows because Dynamic Analysis will automatically pause at maintenance windows and resume where it left off.
Dynamically scan all your apps quickly and accurately
CA Veracode Dynamic Analysis covers all your applications, even difficult-to-scan web apps, such as single page and large web apps. And we will keep your development teams moving both with the speed at which our solution crawls and audits pages, and with our low false-positive rate (<1%), which keeps your developers from spinning their wheels chasing down non-existent threats.
Easily onboard apps and scale to cover your entire application landscape
You can set up a CA Veracode Dynamic Analysis scan with just the URL; you don’t need to coordinate with the development team to hunt down code or binaries. And when you need to scan multiple applications, you don’t have to upload them one at a time. You simply upload a .csv document to Dynamic Analysis with all of the URLs. In addition, you can schedule a group of applications into a batch scan and assess multiple applications concurrently. No matter the size of your organization, concurrent scanning means you don’t have to wait for a scan to complete before starting the next one.
Get all your testing results in one place
With CA Veracode, you’ll find results from all your AppSec tests – static, dynamic, SCA, pen testing – in one central location. This single view of test results makes it easy to coordinate remediation between multiple teams and track your progress.
Keep your code secure across the software lifecycle, without slowing development cycles; get more details on the new CA Veracode Dynamic Analysis.
*** This is a Security Bloggers Network syndicated blog from RSS | Veracode Blog authored by firstname.lastname@example.org (bsarathy). Read the original post at: http://www.veracode.com/blog/managing-appsec/announcing-new-ca-veracode-dynamic-analysis