How to Automatically Verify Security Requirements: SD Elements & Veracode Integration

March 22, 2013

We’re really excited about our working integration with Veracode. For the first time, a development team can automatically create a set of tailored security requirements and automatically test the requirements. That’s a huge boost for application security. Here’s how it works:

Start by modeling your application in SD Elements:

veracode1

Generate a set of tailored tasks (i.e. requirements) in SD Elements:

veracode2

Use requirements during development:

veracode3

Run the application through Veracode and import the scanning results:

veracode4

Review the verification status of requirements in SD Elements:

veracode5

You now know:

  • Which requirements have failed verification: A vulnerability was discovered
  • Which requirements have passed verification: A vulnerability was not discovered, and Veracode can generally find this kind of vulnerability in supported languages / frameworks
  • Which requirements have partially passed verification: Veracode can find some but not all instances of a vulnerability
  • Which requirements were not covered by Veracode: These need to be manually tested

Use SD Elements test cases to manually test areas not covered by Veracode:

veracode6

For the first time you can have a comprehensive set of potential risks, the countermeasures to protect them, and understand which specific risks need to be manually verified after using an automated tool. The integration substantially improves the ability for development teams to understand application risk and build secure applications.

Previous Article
Making the Business Case for a Software Security Requirements Program
Making the Business Case for a Software Security Requirements Program

Most of our customers need to justify the costs of implementing a software security requirements program wh...

Next Article
Software Security is a People Problem
Software Security is a People Problem

Learn why software security is a people problem.