Veracode launches service to detect cross-site scripting and SQL injection flaws

Veracode has launched a service designed to help companies root out security flaws such as cross-site scripting (XSS) and SQL injection vulnerabilities in web-based applications.

The Dynamic MP service allows customers to quickly scan web applications for the vulnerabilities commonly used by attackers to exploit servers and steal data.

Sam King, senior vice president of product marketing at Veracode, told V3 that corporate interest in SQL and XSS vulnerabilties increased after hacking groups such as LulzSec used the flaws to execute major data breaches.

"They don't want to become the next Sony. As a result of all these breaches in recent months, there is a heightened sense of concern about the highest risk vulnerabilities in forward-facing web applications," he said.

The challenge many firms encounter is the testing process itself, according to King. Testing applications for vulnerabilities can require large amounts of time and resources, making full scanning of all applications all but impossible for many firms.

Veracode hopes to address this by moving its security analysis engine to the cloud, offering a parallel system that can scan code for vulnerabilties far more efficiently.

"Scanning activities that would have taken weeks or months can now be done in hours or days," King said. "You cannot achieve this scale and this efficiency if you have an on-premise solution."

Veracode is offering Dynamic MP at $150 per web site for a minimum of 500 sites.