Skip to main content

Request security tests

Contact Veracode to request security tests of your assets, such as client applications, web applications, and APIs. You can also request tests of third-party assets that you, as a vendor, provide to your customers.

Manual Penetration Testing

Request Veracode Manual Penetration Testing (MPT) to have Veracode perform real-world attacks on your applications in runtime environments.

Third-party application testing

Request third-party application security testing for applications you are purchasing, or have purchased, from a third-party vendor. The security tests identify any risks the applications pose to an organization. The test results list the detected security findings (flaws and vulnerabilities) in the application's code and are available to the vendor for review.

Because the vendor has access to the source code, and retains ownership of the intellectual property, they are responsible for remediating the security findings. The enterprise receives a summary report that includes a security rating and a list of the top flaw categories. The vendor receives a detailed flaw report with remediation guidance.

About enterprise and vendor users

For third-party testing, an enterprise is the Veracode customer that owns the Veracode license, and the requester of a security test or software security attestation.

A vendor develops and maintains the application, and is the receiver of a request for a security test or software security attestation. The same Veracode account may have both roles in different contexts.

Vendor Application Security Testing

Use the Vendor Application Security Testing (VAST) program to request that a vendor share the scan results of their application.

As a vendor, scan your application and share the results.

As an enterprise, access the shared scan results.

Enterprise Application Security Testing

Use Enterprise Application Security Testing to send a scan request to a third-party application vendor.

As an enterprise, complete the following tasks to send a third-party scan request to a vendor.

  1. Request a third-party scan
  2. Choose a scan type
  3. Check the scan status

As a vendor, complete the following tasks to respond to the third-party scan request.

  1. Review and accept a third-party scan request
  2. Scan your application using the requested scan type. For example, Static Analysis, SCA, or Dynamic Analysis.
  3. Rescan and publish results
Last updated on