Veracode, a global leader in application risk management, announced new capabilities to help organizations address emerging threats, giving security professionals better visibility and control in one place. The launch includes new AI-powered functionality in the Dynamic Application Security Testing (DAST) product and an External Attack Surface Management (EASM) capability. Together, they enable security teams to discover their entire attack surface and prioritize the most critical risk to streamline and simplify security scanning.
“Security teams need to see and secure everything; not only what is inside their perimeter,” said Derek Maki, Head of Product at Veracode. “With our latest DAST capabilities and Application Risk Management platform enhancements, we’re helping organizations shift from vulnerability scanning to holistic risk management, to better identify risk residing in unidentified external assets.”
Tackling Risk Across a Growing Attack Surface
Modern development cycles and cloud adoption mean organizations are grappling with a rapidly expanding attack surface. According to the 2024 Verizon Data Breach Investigations Report, web applications remain a primary target for cyberattacks, accounting for nearly half of all incidents. Moreover, Veracode’s latest software security research found an alarming increase in the average fix time for flaws once discovered, with organizations taking three months—or 47 percent— longer than five years ago.
Also Read: Skyfire and Cequence Partner to Enable Secure, Autonomous Access for AI Agents
Veracode’s latest innovations address these critical challenges head on by offering frictionless integration for comprehensive risk management, faster remediation, and intuitive scans with real-time results. Organizations can more effectively balance the speed of modern development with software security.
Automated Discovery, Risk-based Prioritization, and Real-time Reporting
Veracode EASM capabilities automate external attack surface discovery by identifying and continuously monitoring potential entry points for bad actors. The product automatically tracks internet-exposed systems and services, including APIs, web apps, mobile applications, and cloud-based assets—many of which are often unknown or unmanaged. With automated discovery, EASM uncovers blind spots and delivers:
- Complete Visibility: Consistent identification and monitoring of all external assets to reduce visibility gaps.
- Risk-Based Prioritization: Streamlined focus on the most critical threats to minimize points of entry for an attacker.
- Seamless Security Integration: With a connector to Veracode Risk Manager (VRM) planned for later this year, static (SAST), software composition (SCA), and dynamic analysis findings are prioritized and contextualised in one place, giving a holistic view of risk and control.
Maki said, “In today’s threat landscape, organizations must contend with an unprecedented number of potential entry points,” Maki explained. “Veracode EASM provides security teams with the attacker’s perspective and delivers the capability to continuously identify, analyze, and mitigate risks before exploitation can occur.”
Veracode’s new Enterprise Mode for DAST Essentials is a significant advancement in dynamic application security testing. Leveraging the capability, security teams can more easily prioritize and remediate critical vulnerabilities in web applications and APIs.
With features designed to accommodate large-scale, complex application portfolios, key capabilities include:
- Advanced crawling and auditing for deep, highly customizable, and accurate scanning
- AI-Assisted auto-login to reduce authentication failures and easily implement the DAST program across the organization
- Internal Scan Management (ISM) for scanning behind corporate firewalls
- A Streamlined, intuitive interface for faster, simpler setup and configuration
- Real-time flaw reporting and a panoramic view of risk across projects
“DAST Enterprise Mode empowers security teams to work faster, smarter, and safer,” noted Maki. “With real-time analysis in a unified platform, it eliminates the challenge of fragmented tools and enables mature, resilient risk management with centralized visibility and control.”
Source: BusinessWire