News
Veracode Expands Android Mobile App Testing Support
January 2012 by Marc Jacob
Veracode, Inc. detailed recent updates to the Veracode platform that features core static binary scanning, dynamic scanning developer education, and reporting and analytics components. Overall enhancements focus on ease of use and improving the balance between IT productivity and security assurance.
Primary updates include a redesigned platform administration interface and data export capabilities to provide customers with better access to information and intelligence about their application security program. Veracode also added new flaw categories for Android applications, support for the Apache Xerces J2EE framework, and numerous improvements in results quality and API-based results access. Additional details on key focus areas include:
· New Android Flaw Categories: Based on increasing requests for analysis of
applications developed on the Android platform, Veracode expanded scanning
capabilities for new flaw categories including several items on the Mobile App Top
10
· Tracking Common Frameworks and Xerces Prevalence: One of the benefits of running a scanning service in the cloud is the ability for Veracode to learn in an anonymous, aggregated way about the applications it analyzes. For instance, Veracode began tracking the frequency with which it saw frameworks in the applications that are uploaded to the platform and mined that data to prioritize and improve the quality of results. One outcome of this effort was identifying Xerces as the fifth most common Java framework or technology, following JSPs, Spring MVC and Struts 1.x. The benefit to customers is better application scanning coverage, leading to more accurate results.
· Enhanced User Administration Features Encourage Adoption and Scale: To
secure an enterprise, it’s not enough to scan a few applications or educate a few
users. Veracode provides the technology to support a more scalable, holistic
approach. In fact, Veracode has multiple
customers
