Amazon Web Services Case Studies Veracode Helps Developers Find Security Flaws Faster Using AWS

Edit This Case Study Record

	Veracode Helps Developers Find Security Flaws Faster Using AWS Amazon Web Services

Veracode Helps Developers Find Security Flaws Faster Using AWS

Amazon Web Services

Technology Category	Infrastructure as a Service (IaaS) - Cloud Computing Application Infrastructure & Middleware - API Integration & Management Infrastructure as a Service (IaaS) - Cloud Middleware & Microservices
Applicable Functions	Discrete Manufacturing Product Research & Development
Use Cases	Cybersecurity Intrusion Detection Systems Computer Vision
Services	Cloud Planning, Design & Implementation Services Software Design & Engineering Services
Challenge	Veracode, a CA Technologies company, is on a mission to secure software applications so developers don’t release software that could be susceptible to breaches. As part of this mission, the company created Greenlight, a tool that helps developers discover and fix security-related defects while they are writing code. Because Greenlight is designed to find security flaws quickly, Veracode must ensure strong performance. “We need to deliver security vulnerability results in under a minute,” says Patrick Day, principal cloud engineer for Veracode. “If developers wait too long for the data, they’ll move on to a different product.” Veracode also needs to scale its solution to accommodate growth. “As we were building the application, we needed to plan for increases in code-scan volume,” Day says. As an application-development company, Veracode also strives to reduce the amount of time employees spend managing the IT environment. Day says, “We’re focused on developing and deploying products, so we don’t want to put our resources and energy into managing and provisioning.” Read More
About Customer	Veracode, a CA Technologies company based in Burlington, Massachusetts, is a growing application-security company. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile, and third-party enterprise applications. The company has around 100 employees and operates in the United States. Veracode's main product is Greenlight, a tool that helps developers discover and fix security-related defects while they are writing code. The company's mission is to secure software applications so developers don’t release software that could be susceptible to breaches. Read More
Solution	Veracode chose to meet its needs for speed, scalability, and time savings by building Greenlight on the Amazon Web Services (AWS) Cloud. “I had used AWS in previous jobs, and I was very confident in its ability to provide reliability and scalability,” Day says. “At Veracode, we were also excited because we saw that AWS would enable rapid prototyping without a lot of backend management.” Veracode initially ran its Greenlight application on numerous Amazon Elastic Compute Cloud (Amazon EC2) instances. Recently, the company started using AWS Lambda, a managed service that gives Veracode the ability to run code without provisioning and managing servers. Veracode also uses Amazon API Gateway to access data and functionality for Greenlight. Additionally, the company uses Auto Scaling to automatically scale Greenlight up or down based on scan-volume growth. To enhance application security, Veracode takes advantage of AWS Key Management Service (AWS KMS), a managed service that helps the company create and control encryption keys to encrypt Greenlight data. Read More Log in to view content
Contents

Technology Category

Infrastructure as a Service (IaaS) - Cloud Computing

Application Infrastructure & Middleware - API Integration & Management

Infrastructure as a Service (IaaS) - Cloud Middleware & Microservices

Applicable Functions

Discrete Manufacturing

Product Research & Development

Use Cases

Cybersecurity

Intrusion Detection Systems

Computer Vision

Services

Cloud Planning, Design & Implementation Services

Software Design & Engineering Services

Challenge

Veracode, a CA Technologies company, is on a mission to secure software applications so developers don’t release software that could be susceptible to breaches. As part of this mission, the company created Greenlight, a tool that helps developers discover and fix security-related defects while they are writing code. Because Greenlight is designed to find security flaws quickly, Veracode must ensure strong performance. “We need to deliver security vulnerability results in under a minute,” says Patrick Day, principal cloud engineer for Veracode. “If developers wait too long for the data, they’ll move on to a different product.” Veracode also needs to scale its solution to accommodate growth. “As we were building the application, we needed to plan for increases in code-scan volume,” Day says. As an application-development company, Veracode also strives to reduce the amount of time employees spend managing the IT environment. Day says, “We’re focused on developing and deploying products, so we don’t want to put our resources and energy into managing and provisioning.”

About Customer

Veracode, a CA Technologies company based in Burlington, Massachusetts, is a growing application-security company. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile, and third-party enterprise applications. The company has around 100 employees and operates in the United States. Veracode's main product is Greenlight, a tool that helps developers discover and fix security-related defects while they are writing code. The company's mission is to secure software applications so developers don’t release software that could be susceptible to breaches.

Solution

Veracode chose to meet its needs for speed, scalability, and time savings by building Greenlight on the Amazon Web Services (AWS) Cloud. “I had used AWS in previous jobs, and I was very confident in its ability to provide reliability and scalability,” Day says. “At Veracode, we were also excited because we saw that AWS would enable rapid prototyping without a lot of backend management.” Veracode initially ran its Greenlight application on numerous Amazon Elastic Compute Cloud (Amazon EC2) instances. Recently, the company started using AWS Lambda, a managed service that gives Veracode the ability to run code without provisioning and managing servers. Veracode also uses Amazon API Gateway to access data and functionality for Greenlight. Additionally, the company uses Auto Scaling to automatically scale Greenlight up or down based on scan-volume growth. To enhance application security, Veracode takes advantage of AWS Key Management Service (AWS KMS), a managed service that helps the company create and control encryption keys to encrypt Greenlight data.

Impact #1	Veracode can reliably deliver fast vulnerability scans by relying on AWS.
Impact #2	Veracode was able to support a jump in vulnerability-scan volume from 100 scans to 55,000 scans in a very short time frame due to the scalability provided by AWS.
Impact #3	Veracode developers can focus on building new features instead of spending time managing the application’s backend systems.

Impact #1

Veracode can reliably deliver fast vulnerability scans by relying on AWS.

Impact #2

Veracode was able to support a jump in vulnerability-scan volume from 100 scans to 55,000 scans in a very short time frame due to the scalability provided by AWS.

Impact #3

Veracode developers can focus on building new features instead of spending time managing the application’s backend systems.

Benefit #1	Veracode saves about one day of testing time each week due to the automation, reliability, and scalability of the AWS Cloud.
Benefit #2	Veracode can deploy new features every 15 minutes, compared to a few times a day previously.

Benefit #1

Veracode saves about one day of testing time each week due to the automation, reliability, and scalability of the AWS Cloud.

Benefit #2

Veracode can deploy new features every 15 minutes, compared to a few times a day previously.

Download PDF Version

Overview

Veracode Helps Developers Find Security Flaws Faster Using AWS

Operational Impact

Quantitative Benefit