Veracode Security Labs Reviews

We use Veracode Security Labs along with Veracode Developer Training and other Veracode components in our company for Digitial Health, and security testing.

Veracode and all of its components have helped us in developing a secure product.

All of the features offered in this solution are valuable.

The features are extensive, which is why they are ahead of the game, and the reason I continue to use this solution.

The only area of this solution that needs improvement is the pricing for startups.

I have been working with Veracode for several years.

It's a stable solution. We have no issues with stability.

It's a scalable product.

The technical support is amazing! They are very responsive.

We also use Veracode Developer Training, Manual Penetration Testing, Static Analysis for the same use case.

The initial setup is straightforward and extremely easy to install.

Deployment only took a few hours.

We have a team in-house.

The pricing for qualified startups should only charge for Veracode Developer Training.

The licensing cost should be fair, and the use cost when the company or the clients release their product to the market should also be fair.

They put together a complete solution that has a number of components. My advice is to take it all. Don't just take just Developer Training or Security Labs or Static Analysis. Rather, take the whole solution and run with it.

Veracode cannot be taught about security. I would rate Veracode Security Labs a ten out of ten.

Our use cases are for both dynamic and static scanning of web applications. The application is cloud-based in a major cloud provider. We schedule scans at regular intervals that support various compliance efforts within the enterprise. The application has a modern design with a responsive UI that adapts to the display of the device being used. Veracode seems to have little trouble scanning our application. Overall, we are happy with the service that Veracode provides us although the cost does seem quite high in my opinion.

Our developers are more security-aware and are writing better code. The e-learning option allows our developers to dig deeper into the security issues. Topics such as sanitizing input, carefully configured logging output, and other typical sources of vulnerabilities. We have a better understanding of the proper configuration of web servers and web proxies as well. The Atlassian integration has helped manage our compliance paperwork in a more automated way also. Overall, we are happy with the service that Veracode provides to us.

The Atlassian integration is the most valuable aspect of this solution. Many other security platforms don't seem to have this feature or want an exorbitant amount of money to get it. Automated integrations such as these make compliance much easier to track and maintain. Additionally, the integrations help with agile processes such as DevOps. We are able to schedule things like scan submissions to Veracode that aids in automatic, regular scanning of our web application. Veracode also allows for customizing your corporate policy for things such as remediation deadlines.

Developers frequently complain to me about the user interface and the difficulty in navigating the web site. I too have had some very frustrating moments trying to find things. I do not find the dashboards all that helpful though they are pretty and there seem to be plenty of them. I am running out of critiques to say about Veracode but it seems I must use 500 characters regardless of what I need to say. It seems like an arbitrary requirement. I'm still not at 500 yet. Can I say that this requirement should be cut in half?

We have been using Veracode for a little over two years.

Rock solid. I don't think we've ever had issues being able to access the system. Whenever we have needed to log in and look at something in our results, we have always been able to do so. The only stability issues we have had is with the dynamic scan authenticating into our web app. Sometimes for no understandable reason, it will stop authenticating. However this has only happened a couple of times.

Scalability seems fine. Have not noticed any issues.

Service and support is always helpful and knowledgeable. Turnover seems to be an issue. We are frequently being assigned new staff to our account. So far though, the level of service has been great.

We tried to do it manually ourselves with Burp Suite Pro but it was too cumbersome and no integrations with Atlassian.

Straightforward and web-based. 

Configured ourselves with some assistance setting our policy configuration as I recall. Veracode staff is knowledgeable and always helpful. 

Difficult to quantify. What's the cost if you ignore security?

It's expensive. Know that going in. Your organization, your programmers, and your product will be better for it though. 

I spoke with Checkmarx as well. At the time, Veracode seemed to be cheaper.