Veracode partnership

I don't do a lot of advertising on this blog, but this is a pretty important part of my "walk the talk" campaign.  I have for years been espousing a four part analysis pattern, including manual dynamic analysis (vulnerability analysis), manual static analysis (code review), automatic dynamic analysis (scanning the app with something like ZAP), and automatic static analysis (code scanning).  Well, I have added this last one, automatic static analysis to the list of products that POINT offers, with a partnership with Veracode.  Veracode offers automatic static binary analysis, and is the best product I've found for web applications and mobile applications.  What's more, I can triage the findings for you before delivery. (I'll of course also give you the original test results).  I spoke on this in my talk from a couple of years ago, Developers: Care and Feeding.

https://www.youtube.com/watch?v=_7jsUACnjjM

I also spoke at length on the topic on the Brakeing Down Security podcast

http://brakeingsecurity.com/2015-045-care-and-feeding-of-devs-podcast-edition-with-bill-sempf

So now, I offer this for real.  It's not free, but it's a great addition to a vulnerability analysis, and I'm pleased to be able to add it to the suite of offerings we have here at POINT.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList