Hi [[ session.user.profile.firstName ]]

Binary vs Source Code Scanning

The debate between binary versus source code scanning has been an active controversy within the static analysis space since its inception. While source code scanning analyzes un-compiled code, binary scanning analyzes compiled code. However, in the end, the result is the same. Despite this conclusion, this is still an area organizations are compelled to consider during their process of selecting application security solutions.

Join this 20-minute webinar to find out how Veracode approaches this debate on static analysis! See how Veracode focuses not just finding errors, but also on ensuring organizations can fix vulnerabilities in the most efficient way possible. Learn how you can reduce total time to remediate vulnerabilities and how you can make bringing secure software to market fast a competitive advantage.
Recorded Apr 24 2018 15 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Lupita Carabes, CA Veracode Solutions Architect
Presentation preview: Binary vs Source Code Scanning

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • NIST’s Preliminary Guidelines for Enhancing Software Supply Chain Security Nov 15 2021 4:30 pm UTC 60 mins
    Amy DeMartine, Forrester Vice President, Research Director for Security and Risk and Chris Wysopal, Veracode CTO
    President Biden recently released an executive order to improve the nation’s cybersecurity. As part of the order, Biden called for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain. NIST’s preliminary guidelines for enhancing software supply chain security are set to be released on November 8, 2021. To help you break down the guidelines, we will be hosting a webinar with Chris Wysopal, Co-Founder and CTO at Veracode, and Amy DeMartine, Vice President, Research Director for Security and Risk at Forrester.

    You will walk away from the webinar with a better understanding of:
    • What the guidelines mean for your organization.
    • What steps you should start taking to get ahead of the official implementation.
    • Additional information pertaining to the executive order that your organization should keep top of mind.
  • VeraTalks: Raising Good Software: Is It Nature or Nurture? Nov 9 2021 11:00 am UTC 31 mins
    Anne Nielsen, Veracode Product Management
    We know most software is insecure. We also know that organizations are struggling to remediate these flaws in a timely fashion.

    How did we get to this state of software security, and what’s the best way to address it? Are some apps by their very nature simply less secure? Or are we just not nurturing the security of apps correctly? We investigated this question when analyzing our scanning data from 130,000 apps for our annual State of Software Security report.

    During this month’s VeraTalk, we will highlight the findings and examine:
    •What’s more important in application security – nature or nurture?
    •Is software security related to the attributes of the app that the developer inherits – its security debt, its size?
    •Or is software security dependent on the actions of developers – how frequently they are scanning for security or how security is integrated into their processes?
    •And if it is indeed the “nature” of apps that affects security more, is there anything developers or security pros can do to improve security outcomes?

    Join us for an insightful talk on software security today, and practical steps you can take to reduce your risk of breach.
  • How You Can Harness the Power of a Unified AppSec Solution Oct 28 2021 4:30 pm UTC 30 mins
    Brian Roche, Chief Product Officer, Veracode
    Over the past few days, you’ve learned about the benefits of a unified platform as well as the AppSec scans that make up the platform. Now it’s time to learn how to actually harness the power of the unified platform and start securing your applications from start to finish.

    Join us for our final session with Brian Roche, Veracode's Chief Product Officer, to learn more about the Veracode platform and how it can benefit your organization.

    We will discuss:
    • How to build or mature your existing AppSec program
    • The benefits of using multiple different AppSec scans
    • Exclusive tools and training for Veracode customers– like Security Labs
  • The Power of an All-in-One AppSec Platform Oct 28 2021 4:00 pm UTC 30 mins
    Scott Simpson, Vice President of Global Solutions Architecture, Veracode
    Gain insight into the value an all-in-one platform can provide your organization’s application security program. Bringing Security and Development together in a single platform helps with the cultural transformation that most organizations are going through. Addressing the Developer Enablement, Application Security Assessment Techniques, and Security/GRC requirements with a single solution provides cost reduction and dramatically reduces the cost of managing application security risk.
  • Reduce Risk and Maintain Compliance Efforts Oct 28 2021 3:30 pm UTC 30 mins
    Julian Totzek-Hallhuber, Principal Solution Architect, Veracode
    With a unified platform, you’re able to scan your application at every stage of the software development lifecycle. This drastically increases the likelihood of finding a vulnerability before your software is deployed. But that’s not all…When your testing types are on one platform, you can see the scan results in a central location. This makes it easier to report on the health of your application security and prove compliance.
  • How Manhattan Associates have Decreased Risk and Improved Time to Market Oct 28 2021 3:00 pm UTC 30 mins
    George Garza, Director of Risk & Security, Manhattan Associates
    Why is it beneficial to select an AppSec provider with an all-in-one platform? Listen in as Veracode Customer Manhattan Associates discusses the benefits of having all of its AppSec testing scans on one platform, including cost savings, ease-of-adoption, decreased risk, improved time to market, and streamlined reporting.
  • Unifying Developers With an Easy-to-Use Platform Oct 27 2021 4:30 pm UTC 30 mins
    Rey Bango, Senior Director of Developer Relations, Veracode; Mark Merkow, Author and Security Architect
    A unified AppSec platform isn’t just about consolidating testing types, it’s about ease of use. The easier it is for developers to integrate and automate scans into their existing tools and processes, the higher the chance of adoption.

    Join us for a fireside chat as Veracode’s Developer Advocate, Rey Bango, and Veracode customer discuss how a unified platform supports developers and how training tools – like Security Labs – further encourage secure coding best practices.
  • Scale Your AppSec Program and Reduce Costs With a Cloud-Based Platform Oct 27 2021 4:00 pm UTC 30 mins
    Julian Totzek-Hallhuber, Principal Solution Architect, Veracode
    In order to fully secure your application, you need to be scanning code at every stage of the software development lifecycle. But using multiple different scan types can add up. Join us as Julian Totzek-Hallhuber, Principal SA at Veracode, discusses how – with a unified AppSec platform – you can consolidate testing types to save time and money. You will also learn more about the benefits of cloud-based AppSec solutions, including the ability to scale across multiple applications.
  • Automating and Integrating Your AppSec Scans Oct 27 2021 3:30 pm UTC 30 mins
    Tim Jarrett, Senior Director Product Management, Veracode
    Conducting manual AppSec scans is both time-consuming and costly. But by automating your scans and reporting, you can reduce costs and scale your AppSec program.
    Tune in as Tim Jarrett discusses:
    • The benefits of automating and integrating AppSec scans into the developer’s existing tools and processes
    • How to easily integrate Veracode with the development pipeline, security, and risk-tracking systems you already use.
    • Best practices for integrating scan tools into your pipeline.
  • The Importance of a Unified Platform Oct 27 2021 3:00 pm UTC 30 mins
    Brian Roche, Chief Product Officer, Veracode
    In today’s digital landscape, threats don’t slow down or wait for you to secure your code. They find every opportunity at each step of your building, deployment, and management process to infiltrate. But with a single, unified platform in the cloud, you can stay ten steps ahead.

    Join us for our keynote session as Brian Roche, Veracode's Chief Product Officer, discusses the benefits of a unified platform, including:

    Reduced risk
    Cost savings
    Ease of reportingReduce Risk and Maintain Compliance Efforts
  • Security Labs - The Ultimate in Shift Left Oct 27 2021 9:30 am UTC 59 mins
    Tim Jarrett, Sr. Director of Product Management; Dave Ferguson, Solution Architect; Jason Lane, Product Marketing Manager
    One of the biggest challenges in producing secure software is helping developers become more skilled and confident at writing secure code. It's not something that is normally taught in Computer Science programs today. You can offer video-based training, but when it comes to learning there’s no substitute for hands-on practice – and making it fun! Come learn how organizations are using Veracode Security Labs to teach developers secure coding techniques using live applications - by exploiting real vulnerabilities then fixing the code and seeing the results. You’ll also hear stories of successful rollouts and learn what’s coming next in Security Labs.
  • VeraTalks - Mitigating Open Source Risk in your Organization Oct 26 2021 10:00 am UTC 19 mins
    Chris Eng, Chief Research Officer at Veracode
    The data speaks for itself. In our analysis of over 85,000 applications, more than 500,000 open source libraries were in use. This trend is clearly here to stay and only growing, but what does it mean for your organization? In this discussion, Chris tells us what Open source is, the risks involved with some real-life examples and how you can keep your organization secure while also empowering your development teams.
  • Speed vs. Risk: Effective Software Security Doesn’t Choose Recorded: Sep 30 2021 39 mins
    Julian Totzek-Hallhuber: Principal Solutions Architect
    What makes software security effective? Do you have to sacrifice software security speed to truly reduce risk? What if you quickly find a lot of security flaws, but they aren't accurate, or you don't know how to fix them? Ultimately, effective software security needs to integrate and automate both accurate testing and remediation into developer workflows, and train developers to avoid security flaws in the first place – otherwise, you are choosing between speed and risk. Join Rey to get details on what good looks like in software security, including:

    • Automated, integrated, and accurate security testing
    • Prescriptive vs. descriptive security findings
    • Engaging and relevant security training
  • Die Lebenszeit und Nutzung von Open Source Libraries Recorded: Sep 29 2021 29 mins
    Julian Totzek-Hallhuber, Principal Solutions Architect
    Software besteht heute selten vollständig aus ausschließlich selbstgeschriebenem Code und wird häufig aus anderen Quellen „zusammengebaut“. Dieser wiederverwendbare Code und die Funktionalität, auf die Entwickler immer mehr angewiesen sind, bringt auch wiederverwendbare Schwachstellen mit sich. Diese Open-Source-Basis, auf der die meisten Apps jetzt aufbauen, verhält sich nicht wie ein solides Betonfundament, sondern eher wie ein sich bewegender Haufen aus Kies und Sand. Diese Bibliotheken unterliegen einem ständigen Wandel, einschließlich ihres Sicherheitsstatus. Hören Sie sich diesen Vortrag über, die Fakten und Analysen in unserem neuesten Bericht über den Zustand der Softwaresicherheit von frei verfügbaren Bibliotheken an. Wir haben für diesen Bericht über 301.000 Open-Source-Bibliotheken analysiert.

    Nehmen Sie an diesem Webinar teil und erfahren Sie mehr über:
    - Die beliebtesten Bibliotheken mit Sicherheitslücken
    - Wie Entwickler Bibliotheken für ihre Anwendungen auswählen
    - Wie oft Open-Source-Bibliotheken aktualisiert werden und warum das wichtig ist
    - Was hält Entwickler davon ab, Sicherheitslücken in Open-Source-Code zu beheben?
    - Umfang der Fixes, die erforderlich sind, um Schwachstellen in Open-Source-Code zu beheben
    - Best Practices für die Verwaltung von Open-Source-Bibliotheken
  • Innovations Driving the Future of Software Security Recorded: Sep 23 2021 59 mins
    Sandy Carielli, Forrester Research Principal Analyst and Chris Wysopal, Veracode CTO
    From communication and education to commerce and healthcare — every organization, institution, agency, and corporation is transforming digitally — and the transformation continues to accelerate. With more than 50 percent of people worldwide now online, software has become the backbone of modern business and society — and one of its biggest sources of risk. Our own data illustrates both the growth and the risk. In Veracode’s State of Software Security Volume 11 report, we analyzed 130,000 apps and found that 76 percent of applications have at least one vulnerability. As companies transform through software, the digital attack surface is growing exponentially, and fixing defects in software must keep pace with this reality.

    Watch Veracode founder and Chief Technology Officer, Chris Wysopal and guest speaker Forrester Research Principal Analyst, Sandy Carielli in a live webinar as they discuss the trends and innovations shaping software security, and how companies must strategize for this future and prepare their developers to integrate security into their workflows.
  • Le developement applicatif à l'ère des bibliothèques Open Source Recorded: Sep 21 2021 48 mins
    Nabil Bousselham, Sr. Principal Solution Architect chez Veracode
    Les logiciels d'aujourd'hui sont rarement entièrement composés de code propriétaire et sont plus souvent « assemblés » à partir d'autres sources y compris des frameworks et des Bibliothèques Open source.

    Nos recherches et le rapport State of Software Security v11 de cette année ont révélé que près d'un tiers des applications ont plus de vulnérabilités dans les bibliothèques open source tierces que dans leur code propriétaire. Conclusion: Si vous évaluez uniquement la sécurité de votre code propriétaire, votre surface d'attaque est bien plus grande que vous ne le pensez. Mais comment pouvez-vous aborder de manière réaliste la sécurité de tant de code que vous n'avez pas écrit en interne ? Assistez à cette session avec Nabil Bousselham, Sr. Principal Solution Architect chez Veracode, pour en savoir plus sur nos données sur les risques open source et sur les bonnes pratiques de les gérer.

    Rejoignez cette session pour apprendre:
    - Les bibliothèques vulnérables les plus populaires
    - Comment les développeurs choisissent les bibliothèques pour leurs applications
    - À quelle fréquence les bibliothèques open source sont mises à jour et pourquoi cela est important
    - Qu'est-ce qui empêche les développeurs de résoudre les failles de sécurité dans le code open source
    - La portée des correctifs requis pour corriger les vulnérabilités dans le code open source
    - Bonnes pratiques pour la gestion des bibliothèques open source
  • How OneLogin is Empowering Developers with Secure Code Training Recorded: Sep 16 2021 61 mins
    Jim Hebert, OneLogin AppSec Engineer; Jason Lane, Veracode Product Marketing; Rey Bango, Veracode Developer Relations
    35% of organizations say less than half of their development teams participate in formal security training. But if developers are the backbones of creating secure software, why aren’t they getting the secure coding education they need in school and throughout their careers?
    That’s precisely the reason why OneLogin, a cloud-based identity, and access management (IAM) provider, implemented a comprehensive developer security training program to proactively reduce code defects in development.
    Join us on September 16th at 12 PM EST as we sit down with Veracode customer Jim Hebert, Application Security Engineer, OneLogin to discuss how to craft a well-rounded security training program that ensures developers have the skills needed to write secure code and remediate vulnerabilities. OneLogin uses Veracode Security Labs, which offers hands-on training that enables developers to exploit and patch real apps in contained environments so that critical secure coding skills can be practically applied in the software development lifecycle.
    During this session, we’ll cover:
    • Common challenges with integrating security into the development cycle
    • How to build a comprehensive developer security program
    • Why effective security training is a keystone element of all application security
    • Bridging the gap between a theoretical understanding of secure software development to the actual practice with Veracode Security Labs
    • Evaluation process and other types of tools considered
  • Tuning the AppSec Engine, Part 3 Recorded: Sep 15 2021 53 mins
    John Smith, Director, Solution Architects, EMEA and APAC, Veracode and Amanda Lee, Sr Manager CSMs, Veracode
    Building your AppSec engine is only the beginning. You need to continue to improve and optimise the engine by leveraging metrics. Metrics can help you pinpoint where the engine is running smoothly and where it needs an adjustment.
    Metrics can also help you communicate the success of your AppSec programme to senior executives and stakeholders. For example, you can show reduced risk to the business by pointing out a reduction in flaws and vulnerabilities, improved time to remediation, or decreased security debt.
    Join Amanda Lee, EMEA and APJ Services Manager and John Smith, Manager, Solution Architects, who will discuss:
    • Different types of metrics your organisation can track
    • Using metrics to guide your programme
    • How our customers have optimised their approach
    • Communicating with senior executives with data that matters
  • Speed vs. Risk: Effective Software Security Doesn’t Choose Recorded: Sep 9 2021 39 mins
    Julian Totzek-Hallhuber: Principal Solutions Architect
    What makes software security effective? Do you have to sacrifice software security speed to truly reduce risk? What if you quickly find a lot of security flaws, but they aren't accurate, or you don't know how to fix them? Ultimately, effective software security needs to integrate and automate both accurate testing and remediation into developer workflows, and train developers to avoid security flaws in the first place – otherwise, you are choosing between speed and risk. Join Rey to get details on what good looks like in software security, including:

    • Automated, integrated, and accurate security testing
    • Prescriptive vs. descriptive security findings
    • Engaging and relevant security training
  • The Right AppSec Partner Today Keeps the Regulator Away Recorded: Sep 8 2021 27 mins
    Julian Totzek-Hallhuber, Principal Solutions Architect
    Transactions across Europe are progressively changing to digital. Figures show in 2020, the value of transactions reached £703.3 bn with the UK estimated to be responsible for at least 25 percent of this figure. Needless to say, the software supporting these payment systems must be reliable and secure. Without secure payment platforms, payment transactions and data could be compromised.

    Join this Session to learn:

    •How static analysis maps against PCI requirements
    •How to determine which software security controls and features best serveyour organisations specific business needs
    •The importance of automated AppSec as a means of keeping up with the faster and more iterative payment systems of today
    •Best practices in setting up an effective application security program with consideration for both traditional and modern payment platforms and evolving development practices
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Binary vs Source Code Scanning
  • Live at: Apr 24 2018 3:30 pm
  • Presented by: Lupita Carabes, CA Veracode Solutions Architect
  • From:
Your email has been sent.
or close