Veracode Dynamic Analysis
Dynamic application security testing (DAST) software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Veracode Dynamic Analysis and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Agriculture, fishing, and forestry
- Energy and utilities
- Banking and insurance
What is Veracode Dynamic Analysis
Veracode Dynamic Analysis is a dynamic application security testing (DAST) product that scans running web applications to identify exploitable security issues such as injection flaws and misconfigurations. It is used by application security teams and DevSecOps programs to validate security in staging or production-like environments and to support remediation workflows. The product is part of the broader Veracode application security platform, which commonly pairs DAST results with other testing and governance capabilities for centralized reporting and policy management.
Platform-integrated AppSec workflows
Dynamic Analysis fits into Veracode’s broader application security platform, which helps teams centralize findings, reporting, and remediation tracking across multiple testing types. This can reduce fragmentation compared with using standalone scanners and separate ticketing/reporting processes. Organizations that standardize on one vendor for multiple AppSec controls can simplify access management, governance, and audit reporting.
Designed for running applications
DAST targets applications in an executing state, which helps identify issues that depend on runtime behavior, configuration, and deployed components. This complements code-focused approaches by validating what is actually exposed over HTTP/S. It is particularly useful for regression testing of web apps after releases and for validating fixes in a staging environment.
Enterprise governance and reporting
Veracode products commonly emphasize enterprise controls such as role-based access, standardized policies, and portfolio-level visibility. These capabilities support larger programs that need consistent metrics across many applications and teams. Centralized reporting can also help security teams prioritize remediation and demonstrate progress to stakeholders.
Limited coverage for APIs
DAST tools are often strongest on traditional web applications and may require additional configuration or separate tooling to thoroughly test modern APIs (REST/GraphQL) and complex authentication flows. If an organization’s attack surface is primarily APIs, a DAST-centric approach may leave gaps without complementary API-focused testing. Teams may need extra effort to model auth, tokens, and request sequences to achieve meaningful coverage.
Scan setup and tuning effort
Effective DAST typically requires environment readiness, stable test data, and careful configuration to avoid incomplete crawling or excessive false positives/negatives. Applications with heavy client-side rendering, multi-step workflows, or strict rate limiting can be harder to scan reliably. This can increase operational overhead compared with simpler, agentless checks.
Runtime scanning constraints
Because it tests live endpoints, DAST can be constrained by environment availability, performance impact considerations, and change windows. Some organizations avoid scanning production or must throttle scans, which can reduce frequency and depth. Findings may also be harder to reproduce if the application behavior changes between scan time and triage.
Seller details
Veracode, Inc.
Burlington, Massachusetts, USA
2006
Private
https://www.veracode.com/
https://x.com/veracode
https://www.linkedin.com/company/veracode/
