Reviewing Flaws as a Team

Results and Reports

Understanding Scan Results
About Summarized Results
Reviewing Scan Results
Video: Review Scan Results
Reviewing Static Flaws
Video: Review Static Analysis Flaws
Using the TSRV Format in Mitigation Proposals
View Accelerated Results for Static Scans
About Custom Cleansers
Annotate Java Code
Annotate .NET Code
About Supported Cleansing Functions
Supported .NET Cleansing Functions
Supported Java Cleansing Functions
Supported C Cleansing Functions
Supported Classic ASP Cleansing Functions
Supported ColdFusion Cleansing Functions
Supported Perl Cleansing Functions
Supported PHP Cleansing Functions
Supported Ruby Cleansing Functions
Understanding Manual Penetration Testing Results
Improving Application Security
About Mitigating Flaws
Reviewing Flaws as a Team
Comment on Flaws
Reviewing All User Feedback on a Flaw
Propose Mitigating Factors for a Flaw
Accepting and Rejecting Mitigations
Accept or Reject Mitigations from the Triage Flaws Page
Accept or Reject Mitigations from the Mitigated Flaws Page
Managing Mitigations for Several Flaws at the Same Time
Perform Multiple Changes from the Triage Flaws Page
Perform Multiple Changes from the Mitigated Flaws Page
View Mitigated Flaws in Reports
Understanding Veracode Mitigation Proposal Reviews
Developing a Remediation Plan
Schedule a Consultation
Schedule a Next-Day Consultation
Searching for a Specific Flaw in the Triage Flaws Page
Generate Link to Latest Instance of a Flaw
Matching Flaws Between Scans of the Same Application
Working Collaboratively in Triage Flaws
Tracking Mitigation Comments from Multiple Reviewers
Flagging a Flaw as a Potential False Positive
Reviewing Mitigation Activities of Other Users
Review a Third-party Application as the Vendor
Verifying Your Fixes
Accessing Veracode Reports
Summarized Results
Reviewing the Assessment Summary
Understanding the Customizable Report
Download a Customizable Report
Download the Detailed Veracode Report
Download a Summary Report
Download the PCI Report
Download an XML Report
Understanding Data in the XML Report
Sharing Reports from the Veracode Platform
Understanding Veracode Scoring and Methodology
Flaw Methodology
Reviewing Flaw Sources
Business Criticality
Scoring Methodology
Understanding Veracode and the CWE
Understanding Severity, Exploitability, and Effort to Fix
Best Practice Findings
Policy Evaluation
Appendix: CWEs That Violate Security Standards
CWEs That Violate the OWASP 2021 Standard
CWEs That Violate the OWASP 2017 Standard
CWEs That Violate the OWASP Mobile Standard
CWEs That Violate the 2020 CWE Top 25 Standard
CWEs That Violate the 2019 CWE Top 25 Standard
CWEs That Violate the CERT Standard

After a scan completes, members of the application security and development teams can review the list of flaws and:

Provide collaborative comments
Propose mitigating factors
Review all feedback

Back to home page