Veracode Delivers End-to-End Risk Coverage with New Tools: AI-Powered Dynamic Analysis Security Testing with External Attack Surface Management

Veracode, a global leader in application risk management, today announced new capabilities to help organizations address emerging threats, giving security professionals better visibility and control in one place. The launch includes new AI-powered functionality in the Dynamic Application Security Testing (DAST)product and an External Attack Surface Management (EASM) capability. Together, they enable security teams to discover their entire attack surface and prioritize the most critical risk to streamline and simplify security scanning.

“Security teams need to see and secure everything; not only what is inside their perimeter,” said Derek Maki, Head of Product at Veracode. “With our latest DAST capabilities and Application Risk Management platform enhancements, we’re helping organizations shift from vulnerability scanning to holistic risk management, to better identify risk residing in unidentified external assets.”

Tackling Risk Across a Growing Attack Surface

Modern development cycles and cloud adoption mean organizations are grappling with a rapidly expanding attack surface. According to the 2024 Verizon Data Breach Investigations Report, web applications remain a primary target for cyberattacks, accounting for nearly half of all incidents. Moreover, Veracode’s latest software security research found an alarming increase in the average fix time for flaws once discovered, with organizations taking three months—or 47 percent— longer than five years ago.

Veracode’s latest innovations address these critical challenges head on by offering frictionless integration for comprehensive risk management, faster remediation, and intuitive scans with real-time results. Organizations can more effectively balance the speed of modern development with software security.

Automated Discovery, Risk-based Prioritization, and Real-time Reporting

Veracode EASM capabilities automate external attack surface discovery by identifying and continuously monitoring potential entry points for bad actors. The product automatically tracks internet-exposed systems and services, including APIs, web apps, mobile applications, and cloud-based assets—many of which are often unknown or unmanaged. With automated discovery, EASM uncovers blind spots and delivers:

• Complete Visibility: Consistent identification and monitoring of all external assets to reduce visibility gaps.
• Risk-Based Prioritization: Streamlined focus on the most critical threats to minimize points of entry for an attacker.
• Seamless Security Integration: With a connector to Veracode Risk Manager (VRM) planned for later this year, static (SAST), software composition (SCA), and dynamic analysis findings are prioritized and contextualised in one place, giving a holistic view of risk and control.

Maki said, “In today’s threat landscape, organizations must contend with an unprecedented number of potential entry points,” Maki explained. “Veracode EASM provides security teams with the attacker’s perspective and delivers the capability to continuously identify, analyze, and mitigate risks before exploitation can occur.”

Veracode’s new Enterprise Mode for DAST Essentials is a significant advancement in dynamic application security testing. Leveraging the capability, security teams can more easily prioritize and remediate critical vulnerabilities in web applications and APIs.

With features designed to accommodate large-scale, complex application portfolios, key capabilities include:

• Advanced crawling and auditing for deep, highly customizable, and accurate scanning
• AI-Assisted auto-login to reduce authentication failures and easily implement the DAST program across the organization
• Internal Scan Management (ISM) for scanning behind corporate firewalls
• A Streamlined, intuitive interface for faster, simpler setup and configuration
• Real-time flaw reporting and a panoramic view of risk across projects

"DAST Enterprise Mode empowers security teams to work faster, smarter, and safer,” noted Maki. “With real-time analysis in a unified platform, it eliminates the challenge of fragmented tools and enables mature, resilient risk management with centralized visibility and control.”

Experience the Tools Live at RSAC 2025

Veracode will showcase its latest capabilities at RSAC Conference in San Francisco (April 28 - May 1, 2025). Visit booth #1243 for interactive demos and expert discussions on how to stay ahead of emerging threats and improve security posture.

Learn more about Veracode’s products on the website.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform offers adaptive software security and is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250423385599/en/