at Financial Technnology Year
This content is provided by FinTechBenchmarker.com who are responsible for the content. Please contact them if you have any questions.
Veracode Application Security Platform from Veracode
A cloud-based platform that provides multiple security testing technologies to identify vulnerabilities in banking applications. Features include static analysis, dynamic analysis, software composition analysis, and secure coding guidance specifically for financial software development.
Product analysis by function
Cybersecurity Solutions for IT and Infrastructure
Systems that protect the bank's information assets from cyber threats and ensure secure banking operations.
More Cybersecurity Solutions
More IT and Infrastructure ...
Access Control
(1 Yes /1 Known /11 Possible features)
|
Multi-factor Authentication Requires multiple forms of verification before granting access. |
No information available | |
|
Role-Based Access Control Grants permissions based on user roles and responsibilities. |
No information available | |
|
Single Sign-On (SSO) Allows users to authenticate once for multiple applications. |
No information available | |
|
Access Logging Records all access attempts for audit trails. |
No information available | |
|
Privileged Account Management Controls and monitors elevated permissions. |
No information available | |
|
User Session Timeout Automatically terminates inactive sessions. |
No information available | |
|
Device Whitelisting Restricts access to approved devices only. |
No information available | |
|
Granular Permission Levels Supports fine-grained permissions per function. |
No information available | |
|
API Key Management Secures and controls access to APIs. |
Veracode offers API key management to integrate automated security tests into CI/CD pipelines and allow secure API-based access to test results. | |
|
Geolocation-based Access Restrictions Limits access based on user's physical or network location. |
No information available | |
|
Number of Supported Authentication Methods The total number of different authentication methods available (e.g., biometric, SMS OTP, hardware key, etc.). |
No information available |
Data Protection
(3 Yes /3 Known /10 Possible features)
|
End-to-End Encryption Encrypts data during all states and transfers. |
Veracode SaaS platform uses encryption in transit and at rest as part of its secure software development lifecycle (source: Veracode documentation). | |
|
Database Encryption Encrypts stored data in databases. |
Veracode stores customer scan results and artifacts in encrypted databases, as stated in their security whitepapers. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
No information available | |
|
Data Masking Obfuscates sensitive data in non-production environments. |
No information available | |
|
Tokenization Replaces sensitive information with random tokens. |
No information available | |
|
Data Loss Prevention (DLP) Prevents unauthorized data transfer or loss. |
No information available | |
|
Data Backup Frequency Frequency at which backups of critical data are performed. |
No information available | |
|
Audit Logging Maintains comprehensive logs of data access and changes. |
Veracode maintains audit trails for user actions, scan activity, and results for compliance and audit readiness (Veracode documentation). | |
|
Automated Key Rotation Automatically rotates cryptographic keys at defined intervals. |
No information available | |
|
Retention Policy Management Controls how long data is kept and when it is deleted. |
No information available |
Network Security
(2 Yes /2 Known /10 Possible features)
|
Firewall Provides perimeter security by filtering incoming and outgoing network traffic. |
No information available | |
|
Intrusion Detection System (IDS) Monitors and detects malicious network activity. |
No information available | |
|
Intrusion Prevention System (IPS) Blocks and prevents detected threats. |
No information available | |
|
Virtual Private Network (VPN) Secures remote access to banking resources. |
No information available | |
|
Network Segmentation Divides the network into separate zones for better security. |
No information available | |
|
Distributed Denial of Service (DDoS) Protection Detects and mitigates DDoS attacks. |
No information available | |
|
Deep Packet Inspection Examines traffic for threats beyond simple packet headers. |
Veracode Dynamic Analysis (DAST) performs deep packet inspection by simulating web application traffic and inspecting payloads for vulnerabilities. | |
|
Encrypted Network Traffic Ensures all internal and external communication is encrypted. |
Veracode encrypts all network traffic between customer endpoints and Veracode cloud; encryption is mandated for all communications (official Veracode compliance docs). | |
|
Bandwidth Monitoring Monitors bandwidth utilization for anomalies. |
No information available | |
|
Network Traffic Analysis Capability The number of simultaneous connections that can be analyzed. |
No information available |
Threat Detection and Response
(3 Yes /3 Known /10 Possible features)
|
Security Information and Event Management (SIEM) Aggregates, analyzes, and alerts on security events. |
No information available | |
|
Automatic Threat Remediation Responds to detected threats without manual intervention. |
No information available | |
|
Real-time Alerting Notifies security personnel immediately upon threat detection. |
Veracode platform provides real-time alerting to users for new and critical vulnerabilities, and issues notifications during scan completion. | |
|
Threat Intelligence Integration Ingests external threat intelligence feeds. |
No information available | |
|
Incident Response Playbooks Provides pre-defined procedures for common security incidents. |
Veracode provides secure application incident response guidance and templates (playbooks) to customers in regulated industries. | |
|
Threat Simulation and Red Team Testing Supports simulated attacks for evaluation. |
No information available | |
|
False Positive Rate The percentage of security alerts that are determined to be benign. |
No information available | |
|
Time to Detect Average time between threat occurrence and detection. |
No information available | |
|
Time to Respond Average time between detection and mitigation. |
No information available | |
|
Automated Compliance Reporting Generates regulatory and incident response reports automatically. |
Veracode offers automated compliance reporting features including audit-friendly documentation for PCI DSS, SOC 2, and other regulations. |
Endpoint Security
(0 Yes /0 Known /10 Possible features)
|
Endpoint Detection and Response (EDR) Monitors endpoints for threats and suspicious activity. |
No information available | |
|
Anti-malware Protection Prevents malicious software from infecting endpoints. |
No information available | |
|
Device Control Restricts usage of external devices like USB drives. |
No information available | |
|
Patch Management Automates the distribution of security updates. |
No information available | |
|
Mobile Device Management (MDM) Secures and manages mobile endpoints. |
No information available | |
|
Remote Wipe Capability Erases data from lost or stolen devices remotely. |
No information available | |
|
Application Whitelisting/Blacklisting Controls which applications can be installed or run. |
No information available | |
|
Endpoint Isolation Allows quick quarantine of compromised devices. |
No information available | |
|
Number of Devices Supported Maximum number of endpoints protected by the solution. |
No information available | |
|
Endpoint Policy Enforcement Automatically enforces security policies on all endpoints. |
No information available |
Fraud Detection and Prevention
(4 Yes /4 Known /10 Possible features)
|
Behavioral Analytics Analyzes user behavior for anomalies indicative of fraud. |
No information available | |
|
Transaction Monitoring Monitors transactions in real time for suspicious patterns. |
Veracode monitors application behavior during runtime through DAST and generates alerts on suspicious or anomalous transactions in web applications. | |
|
Machine Learning Models Uses AI models to identify emerging fraud techniques. |
Veracode incorporates machine learning to enhance static and dynamic analysis, including pattern recognition for new and unknown threats. | |
|
Geolocation Verification Checks if transactions originate from expected regions. |
No information available | |
|
Device Fingerprinting Identifies repeat or suspicious devices. |
No information available | |
|
Case Management Tracks fraud investigation from detection to closure. |
No information available | |
|
Rule-based Alerts Generates alerts based on pre-set fraud rules. |
Veracode allows creation and management of rule-based alerts for different vulnerability categories and compliance rules. | |
|
False Positive Rate Percentage of transactions erroneously flagged as fraud. |
No information available | |
|
Detection Speed Average time taken to detect suspicious activities. |
No information available | |
|
Integration with Core Banking Systems Supports real-time integration with existing banking infrastructure. |
Veracode provides real-time API integration with SDLC and core banking development lifecycle for immediate vulnerability feedback. |
Application Security
(8 Yes /8 Known /10 Possible features)
|
Web Application Firewall (WAF) Protects web applications from common exploits. |
Veracode includes a Web Application Firewall (WAF) integration feature and partners with WAF vendors for runtime application self-protection. | |
|
Vulnerability Scanning Regularly scans for known security weaknesses. |
Platform provides regular vulnerability scanning during static and dynamic analysis phases as part of SDLC. | |
|
Secure Coding Standards Enforcement Ensures adherence to secure development practices. |
Veracode provides secure coding guidance, enforcement, and automated checks for secure coding standard adherence. | |
|
Regular Penetration Testing Conducts simulated attacks to find weaknesses. |
Veracode conducts both manual and automated (scheduled) penetration tests via its platform and services. | |
|
Automated Patch Deployment Deploys application security patches automatically. |
Automated patch deployment is supported through integration with DevOps tools and remediation tracking. | |
|
Code Obfuscation Makes application source code harder to reverse-engineer. |
No information available | |
|
Session Management Security Protects active user sessions against hijacking. |
Session management security is part of application security testing scope and is explicitly checked during DAST. | |
|
API Security Controls Protects and monitors API endpoints. |
API security controls are tested and reported as part of Veracode SAST/DAST service. | |
|
Number of Supported Programming Languages The range of programming frameworks or languages natively supported for secure app development. |
No information available | |
|
Dynamic Application Security Testing (DAST) Integration Integrates tools for runtime security testing of applications. |
Veracode integrates with DAST (dynamic application security testing) and offers runtime security scanning. |
Regulatory Compliance
(4 Yes /4 Known /10 Possible features)
|
Prebuilt Compliance Reporting Offers reports tailored for key banking regulations. |
Out-of-the-box compliance templates for PCI DSS, SOC2, GDPR, etc., are available for the banking sector. | |
|
Automated Policy Management Automates the application and monitoring of compliance policies. |
The policy management module lets users set and enforce either standard or custom compliance rules in an automated fashion. | |
|
Audit Trail Management Maintains immutable logs for audit purposes. |
All audit logs regarding scan and remediation activity are immutable and stored for auditing. | |
|
Regulatory Change Monitoring Tracks changes in relevant regulations and standards. |
No information available | |
|
Self-assessment Tools Allows internal audits for compliance readiness. |
No information available | |
|
Compliance Workflow Automation Automates workflows to meet compliance requirements. |
No information available | |
|
Data Residency Controls Specifies where data can be stored based on regulations. |
No information available | |
|
Regulatory Coverage Number of major regulations covered out-of-the-box. |
No information available | |
|
Retention Policy Automation Automatically applies data retention and deletion policies. |
No information available | |
|
Secure Document Management Secure storage and retrieval of compliance documentation. |
Secure document management is available for compliance documentation and test reports. |
Identity and Access Management (IAM)
(0 Yes /0 Known /10 Possible features)
|
Centralized User Directory Maintains a single source of truth for user authentication. |
No information available | |
|
Self-service Password Reset Allows users to reset passwords without admin assistance. |
No information available | |
|
User Provisioning and Deprovisioning Automates onboarding and offboarding staff access. |
No information available | |
|
Federated Identity Support Allows use of external identity providers (SAML, OAuth, etc.). |
No information available | |
|
Access Certification Regularly reviews and certifies user privileges. |
No information available | |
|
Credential Encryption Ensures user credentials are encrypted at rest and in transit. |
No information available | |
|
Group Management Supports management of user groups and access policies. |
No information available | |
|
Identity Federation Integrations Number of external identity federations supported. |
No information available | |
|
Password Policy Enforcement Automatically applies strong password requirements. |
No information available | |
|
User Access Review Automation Automates periodic reviews of user access rights. |
No information available |
Monitoring and Reporting
(8 Yes /8 Known /10 Possible features)
|
Real-time Dashboards Visualizes live security and system data. |
Platform offers real-time dashboards for tracking vulnerability status, remediation progress, and compliance status. | |
|
Customizable Reports Allows users to define and schedule security and compliance reports. |
Reports are highly customizable by timeframe, project, vulnerability type, and regulatory requirements. | |
|
Alert Threshold Customization Enables setting of specific alert thresholds. |
Alert threshold settings are available for criticality, risk ranking, and compliance alignment. | |
|
Historical Data Retention Keeps historical security data for analysis. |
Veracode retains historical scan and security data for analytics and compliance. | |
|
Audit Log Integration Centralizes logs from various sources. |
Audit logs from multiple sources can be integrated and centralized within the platform. | |
|
Automated Reporting Frequency How often reports are automatically generated. |
No information available | |
|
User Activity Monitoring Tracks user activities for policy violations. |
Monitors and logs all user activity within the platform for auditing and compliance. | |
|
Custom Alert Channels Supports multiple channels for alerting (email, SMS, app). |
Platform supports multiple alert channels, including email, dashboard notifications, and integrations with ticketing systems. | |
|
Third-party Log Integration Integrates with external log and monitoring providers. |
Veracode supports integration with third-party SIEM, log, and monitoring solutions. | |
|
Report Retention Period Length of time reports are stored and accessible. |
No information available |
Resilience and Recovery
(0 Yes /0 Known /10 Possible features)
|
Disaster Recovery Planning Provides tools for planning and testing disaster recovery. |
No information available | |
|
Business Continuity Management Ensures continued operations during disruptions. |
No information available | |
|
Automated System Failover Automatically switches to backup systems on failure. |
No information available | |
|
Backup and Restore Automation Automates data and system backup/restore processes. |
No information available | |
|
Ransomware Recovery Supports fast recovery from ransomware attacks. |
No information available | |
|
Recovery Time Objective (RTO) Target time to restore function after disruption. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable amount of data loss after an incident. |
No information available | |
|
Resilience Testing Support Enables regular testing of resilience and recovery plans. |
No information available | |
|
Automated System Health Checks Monitors backup and resilience readiness automatically. |
No information available | |
|
Service Level Agreement (SLA) Monitoring Tracks compliance with recovery SLAs. |
No information available |
This data was generated by an AI system. Please check
with the supplier. While you are talking to them, remind them that they need
to update their entry.