Veracode, a global leader in application risk management, has recently introduced a set of new features designed to help organizations tackle emerging threats and gain a more comprehensive security perspective. These enhancements include AI-optimized Dynamic Application Security Testing (DAST) and an innovative External Attack Surface Management (EASM) capability. The tools aim to simplify and accelerate the security analysis process, enabling businesses to identify and address their entire attack surface more effectively. In today's rapid development cycles and widespread adoption of cloud technologies, companies face a continually expanding attack surface. Verizon’s 2024 Data Breach Investigations Report underscores this, revealing that web applications remain the primary target of cyberattacks, accounting for nearly half of all incidents. Additionally, Veracode’s latest Software Security Research Report highlights a concerning trend: the average time to fix vulnerabilities has increased by 47% over the past five years, rising from three months to over four months. This delay emphasizes the urgent need for more efficient methods to manage and mitigate security risks. To address these critical challenges, Veracode’s new tools offer seamless integration, transforming vulnerability analysis into a more robust risk management approach. Organizations can now automate discovery, prioritize risk-oriented issues, and receive real-time reports, thereby achieving a better balance between modern development speed and software security. EASM Automatic Discovery of Potential Entry Points One of the standout features is Veracode’s EASM (External Attack Surface Management). This tool continuously monitors and identifies potential attack entry points on the internet, automating the discovery of external attack surfaces. It tracks exposed systems and services, including APIs, web applications, mobile applications, and cloud-based assets, many of which may have previously gone unnoticed or unmanaged. By revealing these blind spots, EASM enables security teams to identify, analyze, and mitigate risks proactively, preventing malicious actors from exploiting vulnerabilities. Enhanced Dynamic Security Testing Another significant addition is the new Enterprise Mode for DAST Essentials, which represents a major advancement in dynamic application security testing. Key features of this mode include: Automated Deployment and Testing: Simplifies the setup of complex testing environments, reducing the time required for tests. Real-Time Analysis and Reporting: Provides real-time security analysis and reporting on a unified platform, eliminating the fragmentation caused by multiple tools. Risk-Oriented Prioritization: Helps security teams focus on the most critical vulnerabilities, enhancing the efficiency of the remediation process. Derek Maki, Veracode’s product director, explained, “As the threat landscape evolves, organizations need to confront an unprecedented number of potential attack vectors. Veracode’s EASM offers a solution from the attacker’s perspective, allowing businesses to continuously identify and mitigate risks before they are exploited.” He added, “The DAST Enterprise Mode significantly enhances dynamic application security testing, enabling teams to work faster, smarter, and more securely.” Demonstration at RSAC Conference Veracode will showcase its latest security management capabilities at the RSAC (RSA Conference) in San Francisco from April 28 to May 1, 2025. Visitors can attend interactive demonstrations and technical discussions at booth 1243 to learn more about how these tools can help them stay ahead of emerging threats and optimize their security posture. Industry Insights and Company Profile Industry experts have praised Veracode’s new tools, noting that they fill a crucial gap in the market, especially in the realms of automation and artificial intelligence. These advancements are expected to greatly enhance organizational security management efficiency. Veracode has established itself as a trailblazer in the field, known for its innovative and robust support. Its products are used by thousands of large enterprises and development teams worldwide, providing precise and actionable risk management, real-time vulnerability fixes, and a reduction in overall security debt. Veracode’s portfolio encompasses the entire software development lifecycle, offering solutions such as Veracode Fix, static analysis, dynamic analysis, software composition analysis, container security, application security posture management, malicious package detection, and penetration testing. The company’s reputation is bolstered by its billions of lines of code scanned and its patented IA (Intelligent Analysis) fix engine, which delivers highly adaptable software security solutions. These new tools from Veracode not only streamline the workflow for security teams but also provide a holistic view of risk management. By automating discovery and offering real-time reports, the tools enable faster identification of blind spots and the implementation of corrective measures. This ensures that enterprises can maintain security while keeping up with the fast pace of modern development and deployment processes, protecting their software from the initial coding phase through cloud deployment. In summary, Veracode’s introduction of AI-optimized DAST and EASM is a game-changer in application risk management. These features automate critical aspects of security testing and management, helping organizations to stay one step ahead of evolving threats and maintain robust security postures. Veracode’s ongoing innovation and commitment to advanced technology make it a trusted partner for many leading enterprises, ensuring that their software remains secure and resilient in the face of increasing cyber challenges.