Comparative Analysis of Veracode and BlackDuck for Enhancing Application Security in Cloud Environments

  IJCTT-book-cover
 
         
 
© 2024 by IJCTT Journal
Volume-72 Issue-3
Year of Publication : 2024
Authors : Somasundaram Kumarasamy, Mageshkumar Naaryanasamy Varadarajan, Lakshmana Rao Koppada
DOI :  10.14445/22312803/IJCTT-V72I3P101

How to Cite?

Somasundaram Kumarasamy, Mageshkumar Naaryanasamy Varadarajan, Lakshmana Rao Koppada , "Comparative Analysis of Veracode and BlackDuck for Enhancing Application Security in Cloud Environments," International Journal of Computer Trends and Technology, vol. 72, no. 3, pp. 1-6, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I3P101

Abstract
Cloud computing comes with complexities of attack surfaces and associated threats. Additionally, the very design of the cloud architecture poses additional challenges to application security. This analysis compares the relative merits of two leading application security solutions, Veracode and BlackDuck, as critical enablers for securing cloud-based applications. On the one hand, it is a suite of tools from Veracode for conducting application security assessment, offering alternative techniques of both static and dynamic analysis. These techniques can be applied independently of the programming environment and are easily integrated into the Software Development Life Cycle (SDLC) without significantly altering existing workflows. On the other hand, it is an offering from BlackDuck specifically for identifying risks within open-source components and maintaining compliance with the licensing of freeware. A critical review of the security features, the integration capabilities, the user experience and the cost-effectiveness of each tool are performed in this paper to provide a reference for businesses in selecting the appropriate security solution that best fits their cloud application security requirements. This analysis has found sharp advantages and critical issues for each to help organizations make informed decisions to improve their security stance in cloud environments

Keywords
Application Security Testing, Cloud Integration, License Compliance Management, Open-Source Vulnerability Management, Software Composition Analysis (SCA).

Reference

[1] For Developers & Security, Veracode. [Online]. Available: https://www.veracode.com/why-veracode/for-outcomes
[2] The Veracode Continuous Software Security Platform, Veracode. [Online]. Available: https://www.veracode.com/platform
[3] Black Duck Software Composition Analysis (SCA), Synopsys. [Online]. Available: https://www.synopsys.com/software-integrity/software-composition-analysis-tools/black-duck-sca.html
[4] Tirosh, Ayal, Mark Horvath, and Dionisio Zumerle, “Magic Quadrant for Application Security Testing,” Gartner, pp. 1-32, 2019.
[Google Scholar] [Publisher Link]
[5] Eliminating Vulnerabilities Early in the SDLC for Société Française du Radiotelephone, Synopsys. [Online]. Available: https://www.synopsys.com/software-integrity/customers/sfr.html
[6] MEGA International: Holistic Application Security with Coverity and Black Duck, Synopsys. [Online]. Available: https://www.synopsys.com/software-integrity/customers/mega-international.html
[7] How Scanning Code from Veracode is Different from Scanning Code from Black Duck, Stack Overflow. [Online]. Available: https://stackoverflow.com/questions/57490625/how-scanning-code-from-veracode-is-different-from-scanning-code-from-black-duck
[8] Veracode/Veracode-Pipeline-Scan-Results-to-Sarif, GitHub. [Online]. Available: https://github.com/veracode/veracode-pipeline-scan-results-to-sarif
[9] Market Share of Black Duck Hub, 6sense. [Online]. Available: https://6sense.com/tech/encryption/black-duck-hub-market-share
[10] Market Share of Veracode, 6sense. [Online]. Available: https://6sense.com/tech/security-analytics/veracode-market-share
[11] Evan Wade, 10 Common Security Vulnerabilities, VeraCode, 2015. [Online]. Available: https://www.veracode.com/blog/2015/09/10- common-security-vulnerabilities-and-markets-they-impact-sw