How to Automatically Verify Security Requirements: SD Elements & Veracode Integration

March 22, 2013

We’re really excited about our working integration with Veracode. For the first time, a development team can automatically create a set of tailored security requirements and automatically test the requirements. That’s a huge boost for application security. Here’s how it works:

Start by modeling your application in SD Elements:


Generate a set of tailored tasks (i.e. requirements) in SD Elements:


Use requirements during development:


Run the application through Veracode and import the scanning results:


Review the verification status of requirements in SD Elements:


You now know:

  • Which requirements have failed verification: A vulnerability was discovered
  • Which requirements have passed verification: A vulnerability was not discovered, and Veracode can generally find this kind of vulnerability in supported languages / frameworks
  • Which requirements have partially passed verification: Veracode can find some but not all instances of a vulnerability
  • Which requirements were not covered by Veracode: These need to be manually tested

Use SD Elements test cases to manually test areas not covered by Veracode:


For the first time you can have a comprehensive set of potential risks, the countermeasures to protect them, and understand which specific risks need to be manually verified after using an automated tool. The integration substantially improves the ability for development teams to understand application risk and build secure applications.

Previous Article
Avoiding a Checklist Approach to PCI Compliance Training
Avoiding a Checklist Approach to PCI Compliance Training

It is easy to be skeptical about PCI Compliance and the requirement to deploy Training to satisfy a checkli...

Next Article
4 Reasons Why Developers Don’t Read Secure Programming Guides
4 Reasons Why Developers Don’t Read Secure Programming Guides

At Security Compass, we had the experience of building secure programming guideline documents for a number ...

Equilibrium Conference | June 24, 2021. Virtually Meet DevSecOps Leaders & Professionals

Register Now