How to Automatically Verify Security Requirements: SD Elements & Veracode Integration

March 22, 2013

We’re really excited about our working integration with Veracode. For the first time, a development team can automatically create a set of tailored security requirements and automatically test the requirements. That’s a huge boost for application security. Here’s how it works:

Start by modeling your application in SD Elements:

veracode1

Generate a set of tailored tasks (i.e. requirements) in SD Elements:

veracode2

Use requirements during development:

veracode3

Run the application through Veracode and import the scanning results:

veracode4

Review the verification status of requirements in SD Elements:

veracode5

You now know:

  • Which requirements have failed verification: A vulnerability was discovered
  • Which requirements have passed verification: A vulnerability was not discovered, and Veracode can generally find this kind of vulnerability in supported languages / frameworks
  • Which requirements have partially passed verification: Veracode can find some but not all instances of a vulnerability
  • Which requirements were not covered by Veracode: These need to be manually tested

Use SD Elements test cases to manually test areas not covered by Veracode:

veracode6

For the first time you can have a comprehensive set of potential risks, the countermeasures to protect them, and understand which specific risks need to be manually verified after using an automated tool. The integration substantially improves the ability for development teams to understand application risk and build secure applications.

Previous Article
Avoiding a Checklist Approach to PCI Compliance Training
Avoiding a Checklist Approach to PCI Compliance Training

It is easy to be skeptical about PCI Compliance and the requirement to deploy Training to satisfy a checkli...

Next Article
Be a part of our social community!
Be a part of our social community!

We love meeting up with security people within the local Toronto community, but there’s a big world out the...

×

Schedule a live demo

First Name
Last Name
Company Name
!
Thank you!
Error - something went wrong!