CaaS

TMCnet - The World's Largest Communications and Technology Community
TMC Launches New Sites ::  NGC  |  4GWE  |  Green Tech  |  Satellite  |  IT |  ITEXPO  |  Healthcare  |  Smart Grid  |  M2M  |  Smart Products  |  AstriCon News  |  SATCON News
TMCnet CHANNELS
#1 VoIP Enabler: Risk-free, Quick & Easy Deployment
Advanced Carrier Services
Advanced IP Carrier
Answering Service
Appliance Deployment
ATCA
Auto Dialer
BPA (3rd Party Remote Call Monitoring)
Broadcast Modulator
Business Phone Systems
Business Process Automation
Business VoIP
Call Center
Call Center Certification
Call Center Digital Signage
Call Center Furniture
Call Center Hiring
Call Center Management
Call Center On Demand
Call Center Outsourcing
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Center Workforce Management
Call Monitoring
Call Recording
Communications Enabled Business Processes
Conference Call
Conferencing
Contact Center Headsets
Contact Center Software
CRM Cloud Computing
CRM Software
CRM Solutions
DID/DDI
Digital Signage
e911
E911 Hosted Solutions
Email Archiving
Email Server
Enterprise Fax over IP
Enterprise VoIP
Ethernet Extender
Fax
Fax Over IP
FoIP
HD Conference
Hosted Contact Center
Hosted Exchange
Hosted PBX
Integrated Communications
IP Fax
IP Multimedia
IP Phone Maker
IP Phone System
IP Phones
IVR
Lead Management Software
Master Agent
Mobile Management
Mobile Unified Communications
Mobile Video
NEBS
Network Installation
Open Source CRM
PBX PCI Adapter
Phone Systems
Portable Satellite Antenna
Predictive Dialer
Sales Software
SATCON
SIP
Speech Recognition and Text to Speech
Telecom Cost Management
Telecom Expense Management
Telecom Lifecycle Management
Telemarketing Software
Telepresence
Testing IP Services
Virtual Call Center
Virtual Office
Virtual PBX
Virtual Receptionist
Voice Broadcast
Voice Management
Voice Over IP
Voice Peering
Voicemail Replacement
VoIP Call Recording
VoIP Contact Center
VoIP Developer
VoIP Gateways
VoIP Monitoring
VoIPSwitch
Web Conferencing
Web Meeting
Wholesale VoIP
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Optimization
Share

CaaS Global Online Community

Communications-as-a-Service… driving innovation and new business models
Welcome to the CaaS Global Online Community, sponsored by IntelePeer and powered by TMCnet. Today’s savvy enterprise decision maker is constantly looking to improve their communications infrastructure. This community is designed to serve as an educational resource for users looking to learn more about Communications-as-a-Service and how to use this model of software deployment to benefit their business.
» More CaaS / SaaS Feature Articles

CaaS / SaaS Featured Article


March 06, 2009

Veracode Expands Backdoors and Malicious Code Detection

By Jai C.S., TMCnet Contributor


Veracode, a provider of on-demand application security testing solutions, has expanded its coverage for detecting backdoors and malicious code embedded in legitimate software as part of its SecurityReview solution for developers and purchasers of software.

 
Software security vulnerabilities have been a large threat to several businesses. Addressing this issue, Veracode’s on-demand model allows organizations to benefit from their application security testing technologies through an independent, standards-based security rating all through a simple, automated and cost-effective service.
 
Veracode's SecurityReview is provided as an on-demand Software-as-a-Service (SaaS (News - Alert)) solution that requires no on-premises hardware or software to upgrade or additional maintenance fees.
 
The SecurityReview application security testing service is used for measuring the security of commercial-of-the-shelf (COTS) software; analyzing your internally developed applications for security quality; reviewing offshore or outsourced code before acceptance; achieving compliance with standards such as PCI, FISMA, GLBA, SOX or HIPAA; and developing secure applications.
 
Veracode SecurityReview uses patented binary code analysis and dynamic web analysis to assess any application security threats, including vulnerabilities such as cross-site scripting (XSS), SQL injection, buffer overflows and malicious code.
 
"As organizations increasingly use third party service providers to design, build and manage their software applications, application security becomes ever more critical," said Stan Lepeak, managing director of Global Research for EquaTerra (News - Alert).
 
"Veracode's application security testing services can help fill a hole that exists in too many enterprises' testing and acceptance programs for third party developed code," added Lepeak.
 
The SANS Institute recently issued "Application Security (News - Alert) Procurement Language" which requires organizations to certify that their software does not contain malicious code, backdoors and time bombs. The State of New York and the Depository Trust and Clearing Corporation (DTCC) have adopted this language as a pre-requisite for vendors to do business with them.
 
The current announcement on the expansion of Veracode’s testing service builds upon the company’s well recognized technology and research.
 
Added to the current testing, Veracode has added the ability to detect growing threats commonly known as Time Bombs, Hardcoded Cryptographic Constants and Credentials, Deliberate Information and Data Leakage, Rootkits and Anti-Debugging techniques in applications.
 
These targeted threats, according to the company, are hidden in software and mask their presence to evade detection by traditional security technologies.
 
"Modern software development is complex and comprised of outsourced code, open source and third party libraries, which makes the insertion of backdoors and malicious code difficult to detect by traditional source code analysis and thus, an attractive attack vector," said Matt Moynahan, chief executive officer at Veracode.
 
"Veracode inspects the application binary, which is the only way to cover 100% of the application code. Verifying the binaries as part of the SDLC or purchase process is the easiest and most effective way to manage risk from backdoor and malicious code vulnerabilities," added Moynahan.
 
Company officials also stated that the new scanning technology to identify additional backdoors and malicious code will be available in Q2 2009.
 
Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users. Today’s featured white paper is Fixed Service Strategies for Mobile Network Operators, brought to you by Comverse (News - Alert).

Jai C.S. is a contributing editor for TMCnet. To read more of Jai's articles, please visit his columnist page.

Edited by Michelle Robart

» More CaaS / SaaS Feature Articles


CaaS in Action:

Ask the CaaS Experts:

Getting Started with CaaS:

Contact Sales
Request a Demo
Register now for the bimonthly CaaS Community eNewsletter
Sign up today for daily news alerts on CaaS
CaaS White Papers
CaaS Videos
CaaS Datasheet
Company Brochure
Discussions:
 

Participate in the Community:
Add Your Thoughts and Comments Now 		 
 
By  
TMCnet
+ Add to the Discussion