Coming October 25: PeerSpot Awards will be announced! Learn more

Veracode Security Labs OverviewUNIXBusinessApplication

Veracode Security Labs is #1 ranked solution in top Application Security Training Software. PeerSpot users give Veracode Security Labs an average rating of 8.6 out of 10. Veracode Security Labs is most commonly compared to Codebashing: Veracode Security Labs vs Codebashing. Veracode Security Labs is popular among the large enterprise segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Veracode Security Labs Buyer's Guide

Download the Veracode Security Labs Buyer's Guide including reviews and more. Updated: September 2022

What is Veracode Security Labs?

Veracode Security Labs shifts application security knowledge left, training developers to tackle modern threats in the evolving cybersecurity landscape by exploiting and patching real code, and applying DevSecOps principles to deliver secure code on time. Through hands-on labs that use modern web apps written in your chosen languages, developers learn the skills and strategies that are directly applicable to an organization's code. With detailed progress reporting, email assignments, and a leaderboard, developers are encouraged to continuously level up their secure coding skills. When development is empowered to fix security defects and reduce risk, security teams are better supported to scale AppSec programs, meet compliance requirements, and achieve business outcomes.

Veracode Security Labs was previously known as Veracode Developer Training.

Veracode Security Labs Customers
McKESSON, Alfresco
Veracode Security Labs Video

Veracode Security Labs Pricing Advice

What users are saying about Veracode Security Labs pricing:
  • "They have a Community Edition of this product that can be used free of charge."
  • "The pricing for qualified startups should only charge for Veracode Developer Training."
  • Veracode Security Labs Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Tech Lead at Incebo
    Real User
    Top 20
    Helpful hands-on training labs, good IDE integration, and helps to eliminate modern code vulnerabilities
    Pros and Cons
    • "The hands-on training has helped us to tackle modern threats by coding with vulnerabilities in mind from the beginning of a project. It has improved our process overall, and the number of vulnerabilities has been reduced."
    • "It would be good if there were more assignment problems in the inventory, as well as more randomness in the coding examples."

    What is our primary use case?

    My primary use case is secure programming with C++. This product assists with basic security awareness for computer systems.

    How has it helped my organization?

    In general, this product gives us more ways to correctly and securely write code for our projects.

    In terms of how easy it is to write secure code using this solution, we have to put some thought into it but after some consideration, we can easily pass the test and add value to our programming skills.

    The platform is quite good in terms of helping developers apply new skills in interactive threat scenarios. I would rate them an eight or nine out of ten in this regard. We have always had software programming best practices but after working with Veracode Security Labs, I gained insight as to what can go wrong when simple choices are made. As such, our team has been more alert to potential problems and we consider all of the things that we have learned during the Veracode assignments.

    For example, our organization has benefitted by learning to avoid specific attacks, such as "buffer overflows". This is a situation where data should not be written outside certain locations in memory. This is very technical stuff but more generally, the benefit to us comes because we have more accurate and secure coding practices, as well as a better overall strategy.

    This product integrates with our IDE and it proactively makes developers aware of security issues in the code. It will point out common mistakes that in the past have had very bad consequences. Moving forward, we can all avoid these types of problems.

    Veracode very well explains some of the hacking and exploitation techniques that are employed by adversaries, which helps us to focus on certain types of problems.

    This training is now compulsory for my client.

    What is most valuable?

    The most valuable feature is the identification of vulnerabilities in existing programming language functions.

    We use the hands-on training labs and they are very important due to the nature of our software. Our software is mission-critical and for example, the product that I am working with is related to the software development lifecycle, and it's used by a lot of customers around the world. As such, it must work correctly and it must be secure.

    These security assignments help us to enhance our customer experience and instill confidence in our programming practices. We are better able to detect and deal with vulnerabilities in code.

    The hands-on training has helped us to tackle modern threats by coding with vulnerabilities in mind from the beginning of a project. It has improved our process overall, and the number of vulnerabilities has been reduced. 

    Veracode provides examples of code vulnerabilities in different programming languages and this brings about awareness for our developers. When they work on projects, they learn to avoid those types of mistakes. 

    The programming exercises help to illuminate common coding problems and walk developers through how to fix them. This is very important to us because our developers learn what can go wrong, how to spot problems, and how to eliminate them. It helps all developers learn to better avoid problems and related exploits.

    What needs improvement?

    It would be good if there were more assignment problems in the inventory, as well as more randomness in the coding examples.

    At some points, we faced problems because we were not able to complete an assignment. It took a while to understand what was wrong but this is related to the fact that some of the exercises are very difficult in terms of coding. An exercise is only complete when the output exactly matches what is expected. In this regard, I think that the system should be more flexible in terms of what it accepts from the user.

    I had some trouble logging on to the Security Labs service. Direct username passwords are not supported. A single sign-on service is required and I was not able to add my external email address. As such, I was not able to add Veracode's assignments directly to my LinkedIn profile. It's a feature that I was not able to take advantage of. However, it did not matter because I was able to add the certifications to my profile manually.

    Buyer's Guide
    Veracode Security Labs
    September 2022
    Learn what your peers think about Veracode Security Labs. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been working with Veracode Security Labs for approximately two months.

    What do I think about the stability of the solution?

    There are no concerns with stability.

    What do I think about the scalability of the solution?

    Scalability-wise, this solution is very good. I believe that installing new problems into the system is straightforward.

    All of our developers, including senior developers and architects, go through the assignments.

    How are customer service and support?

    I have not been in contact with technical support. The only issue that I had was something that I was able to solve myself.

    Which solution did I use previously and why did I switch?

    I have used similar solutions in the past. However, they were in-house training products. For example, when I was working for a large electronics manufacturer, they had a similar system and it was also very good.

    The main difference was simply that they were private, and not available to the public. The certifications provided by Veracode are issued and you can advertise them, whereas, with an in-house solution, you only know if you passed or not.

    Another difference is that the in-house system that I used had many more test cases that are used to evaluate the user's response. This is something that I didn't see with Veracode.

    How was the initial setup?

    I was not involved in the initial setup.

    What's my experience with pricing, setup cost, and licensing?

    They have a Community Edition of this product that can be used free of charge.

    What other advice do I have?

    When I started with Veracode Security Labs, I began with the mandatory training. Afterward, I completed some of the optional training exercises. I had not read about all of these in advance but I found that the descriptions are well-stated and easy to read. As such, I went ahead and worked on assignments in other programming languages.

    My advice for anybody who is interested in this product is to try the Community Edition, which they can use for free. Try to understand the basic problems and if they're not able to complete them, look at the assignments in more detail. Overall, they will get a lot of value from Veracode Security Labs.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Software Developer at a insurance company with 10,001+ employees
    Real User
    The Greenlight plugin provides you with some examples of how you should implement a required fix for a flaw found in your code
    Pros and Cons
    • "Veracode Security Labs is very good for providing examples of code vulnerabilities in a developer’s chosen language. This is important because if a flaw is found, then they provide me with a few examples of how to implement it. I don't need to go to Google and try to figure it out myself. They already provide me with some good quality examples that I can use to implement the fix."
    • "There are two parts that I think should be improved. Both the web page and the report have the same issue. Both are sometimes messy and very difficult to find information. You need to know where to look and especially where to find information. It can be a bit confusing in both the report and the web page. Quite often, I keep learning new things because some of the information is quite hidden. You need to click this link, then click here, and go here. Then, "Wow," you get so much information that you didn't know existed. Information is a bit hidden and there should be an easier way to access it after a scan is generated."

    What is our primary use case?

    I use it to scan applications to try and find security flaws.

    We have access to the security platform and our applications are updated there. Besides that, we have installed the Greenlight plugin in the IDE. We can run the Veracode scan locally in our laptops thanks to that plugin.

    How has it helped my organization?

    We found some SRS errors, then we checked in Veracode how to fix those errors. Based on that, we let everybody know that when similar errors were happening to implement the same or similar solution. We are taking the pieces of advice that we get for Veracode fixes or remediation to develop better quality software.

    Veracode Security Labs helps our developers get security feedback faster in our integrated development environment. This is very helpful and important for being able to detect errors and get the maximum amount of information and feedback as possible. 

    Every time that an application needs to be deployed to production, it needs to run against the Veracode scan. Then, if an error is detected, it needs to be repaired. 

    What is most valuable?

    When a flaw is discovered, the information that they give and the links to get further information about how to remediate the flaws are actually quite good.

    Using the Greenlight plugin makes everything simpler. It provides you with some examples of how you should implement a required fix for a flaw found in your code.

    Veracode Security Labs is very good for providing examples of code vulnerabilities in a developer’s chosen language. This is important because if a flaw is found, then they provide me with a few examples of how to implement it. I don't need to go to Google and try to figure it out myself. They already provide me with some good quality examples that I can use to implement the fix.

    They provide some links to other pages that have plenty of information. If a developer wants to learn more about a flaw, how to prevent that flaw, or a solution to that flaw, then they can find some information. If it is not directly on the Veracode web page, then they can find that information on links that the Veracode web page contains.

    What needs improvement?

    There are two parts that I think should be improved. Both the web page and the report have the same issue. Both are sometimes messy and very difficult to find information. You need to know where to look and especially where to find information. It can be a bit confusing in both the report and the web page. Quite often, I keep learning new things because some of the information is quite hidden. You need to click this link, then click here, and go here. Then, "Wow," you get so much information that you didn't know existed. Information is a bit hidden and there should be an easier way to access it after a scan is generated.

    You should find out all the places where the information can be stored because sometimes you can test and think that you have all the available information, but often there is more. It would be good if there was a good explanation from Veracode about where exactly to find all the information on how to get the best from the system, since it is a very powerful tool and to use it sometimes requires a bit of knowledge.

    What do I think about the stability of the solution?

    The stability is good. It is one of the most stable third-party applications that we are using.

    How are customer service and support?

    We have called them to mitigate some bots because the scan had some type of flaw. I called them and everything was very fine. They were very helpful. We got a fix. I would rate the support as 10 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We didn't use a similar type of solution before Veracode. 

    How was the initial setup?

    I was not involved in the initial setup.

    What other advice do I have?

    In theory, I shouldn't have to use it more often than what I use it for now, and I probably use it once per week right now.

    From a security point of view, we are using only Veracode.

    I learned a lot about security using Veracode. It definitely has been a tool that opened my eyes regarding flaws and how to fix them. The big lesson that I learnt was how important security is and the benefits of having a good tool for it.

    I would rate the solution as eight out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Veracode Security Labs
    September 2022
    Learn what your peers think about Veracode Security Labs. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.
    Senior Software Developer at a pharma/biotech company with 201-500 employees
    Real User
    Top 5Leaderboard
    Produces reliable software scans but overall database scanning needs to be improved
    Pros and Cons
    • "The deployment didn't take that long."
    • "Its ability to handle more types of files and making it work better with databasing and other API could be improved."

    What is our primary use case?

    I have used it and looked at it from the perspective of its analysis, if you will, of database files, SQL, MCL SQL. I also looked at other components, Java and such, but not as in-depth. Personally, I think it was a little difficult trying to get it to profile those particular files to get them loaded in; however, it was honestly probably user error — just my misunderstanding of how to use the software more than anything else which is why it took a little longer. The Java stuff was a lot more streamlined. The database stuff was not as robust.

    We used this solution to identify vulnerabilities. Essentially, load stuff up, find out what it finds. The next step is (assuming we have enough people to fix the higher priority ones) to look at some of the tips or remediation. Generally, just to find out what's wrong.

    We're a smaller company, we had roughly 10 people or less using this solution. I don't think anyone is actively using it as much now because of project work, etc.

    I am not familiar with how many other people are using it currently. Probably not many because the project work is different. Previously, there were more business needs for us to build more software but things have changed a little bit in the company. That requirement is different now from a corporate perspective.

    How has it helped my organization?

    Mainly it's just quality. The level of comfort that we have now just from using the product. Again, there may be some other people at the company that had used it a lot more than me but just knowing, having another set of eyes, gives you a comfort level. 

    What needs improvement?

    The database portion of it where it's loading and analyzing. That seemed to be a little more laborious compared to the Java stuff which was easier to use and more streamlined.

    Its ability to handle more types of files and making it work better with databasing and other API could be improved. That would be really nice.

    What do I think about the stability of the solution?

    It seemed generally stable. The database stuff didn't seem to be working as well, as fast. It wasn't as responsive. In other words, we'd load something up and then we find out that it loaded everything but there were zero results that it found when it did the analysis. We tried it again and we got the same thing.

    What do I think about the scalability of the solution?

    It seemed like it could handle volumes. It was pretty fast, too.

    How are customer service and technical support?

    When the person I referenced earlier needed help, it seemed like he was able to get the help he needed — they were pretty responsive. He didn't mention that there were any issues with technical support.

    Which solution did I use previously and why did I switch?

    No, I don't think we did. We had looked at the reviews and started using Veracode.

    How was the initial setup?

    I wasn't that involved in the initial setup of it — the bootstrapping and getting it all ready on the cloud. That being said, setting up a profile for it to do its thing was pretty easy to do. That was pretty straightforward.

    The deployment didn't take that long. I don't think it took the guy very long to do it. There was probably some stuff that was done before I started using it. I'm not familiar with what was done but I don't think it was much more than just getting a trial account and such. 

    What about the implementation team?

    I don't recall who deployed it, but one person can look after deployment and maintenance. The CIO looked after it — he was a "Jack of all trades" type.

    What other advice do I have?

    If you're interested in using this solution, you should take advantage of the trial and throw some real-life example code at it and try to figure out how you're going to deal with that. Once you get the results back, just do a trial.

    On a scale from one to ten, I would give this solution a rating of seven.

    It's hard to really put a number on it but it's just mainly because of my experience with the databasing analysis. Databasing is so prevalent and so important, the security of that, it shouldn't be as hard as it seemed to be when we were trying to analyze SQL code as it was, compared to the Java stuff.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Darshan Makhecha - PeerSpot reviewer
    Sr Sales Engineer at a manufacturing company with 10,001+ employees
    Real User
    Top 5Leaderboard
    We are more productive because we work smarter and optimize the reporting pathway
    Pros and Cons
    • "I like the end-to-end learning experience. That also includes SAST. It has a low false positive rate."
    • "I would like the team to make users like me aware of the new features sooner, so we can get the most from this product. Otherwise, there is no disadvantage."

    What is our primary use case?

    I use Veracode on a private cloud. When we implement a new solution, it needs to undergo user review. I was specifically interested in learning how the software works and how it can benefit my organization. Once I can get some clarity on this, I can recommend it to my IT team. I have not used the public cloud application yet because I am in the initial stage, and I am still doing trials on my end. 

    How has it helped my organization?

    The solution provides guidance on how to fix vulnerabilities. Veracode has robust reporting and data analytics. I manage key accounts, and data analysis is essential for anyone in a critical sales role. Veracode gives us a comprehensive analysis and reporting structure. When we input data from different teams, we have different criteria for analysis, like performance over time and performance versus target benchmarks. The reporting works well for these key performance indicators.  

    Veracode developers have maintained an end-to-end security approach. The platform is highly secure. Users can secure their data and access it at any time based on their requirements. It makes data analysis easier and more user-friendly.

    Security Labs has an excellent mechanism for reducing the errors introduced into the system. It also acts as a resistant wall that blocks viruses and rapidly fixes the vulnerable components. It works optimally for my current use. In terms of compliance and governing regulations, this solution works well. It complies with all government norms and global IT documentation.  

    Productivity has slowly improved because the Static Analytic tool helps me save time. In the end, we are more productive because we work smarter and optimize the reporting pathway. Veracode also integrates with our development tools, which is helpful because our IT team is incorporating other functions in their backend. 

    This solution is a firewall for the workflows. It filters your data, and it will block any kind of threat or malware. A warning pops up, and it says you need to take care of the issue. It has raised developer confidence by mitigating risks. It limits access to specific users at a given time. It's a good tool in terms of secure access. 

    What is most valuable?

    I like the end-to-end learning experience. That also includes SAST. It has a low false positive rate.  

    What needs improvement?

    I would like the team to make users like me aware of the new features sooner, so we can get the most from this product. Otherwise, there is no disadvantage.

    For how long have I used the solution?

    I have been using Veracode for less than six months. I'm currently exploring the free version.

    What do I think about the stability of the solution?

    Security Labs is stable so far. 

    What do I think about the scalability of the solution?

    Knowing the various area of their application of this solution, I can say, it is scalable and it will help the industry to grow and solve security issues.

    How are customer service and support?

    I haven't encountered any disadvantages or flaws in this product, so I haven't needed to contact support, but I'm confident that the Veracode team will respond as quickly as possible if there are any difficulties.

    How was the initial setup?

    The installation is straightforward. I've only deployed the free version to try it out, but I'm sure deployment will be smooth in the next phase. 

    What's my experience with pricing, setup cost, and licensing?

    We still use the trial version, but I feel confident that Veracode will offer competitive pricing. 

    Which other solutions did I evaluate?

    I didn't evaluate other options. I found the kind of accessibility and features I was seeking in this solution, so there was no need to look at other options. 

    What other advice do I have?

    I rate Veracode Security Labs nine out of ten. I would recommend it. My advice to future Veracode users is to check every facet of this solution and correlate your requirements with what this solution offers. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    reviewer1491885 - PeerSpot reviewer
    Application Security Engineer at Charles Schwab
    Real User
    Hands-on and effective, practical, and has a web-based interface requiring no installation
    Pros and Cons
    • "The best part is that this is all within the web browser, so the developer doesn't have to install any development environments or download anything to work through the training."
    • "Web application development covers much of the industry, but there are also developers working with these other technologies that could benefit from a learning environment more specific to their technologies."

    What is our primary use case?

    I have used it as part of Veracode's Secure Coding Challenges. The challenges are a competition hosted by Veracode, where community members work through the training in a time-limited fashion. The first members to complete the challenges are deemed the winners.

    The challenge topics range among OWASP's top 10 topics. I am an application developer, so the Veracode Security Labs are directly relevant to my work. They help illuminate common coding problems and walk through the appropriate way to fix them.

    How has it helped my organization?

    Veracode Security Labs walks through a common scenario. A developer inherits a codebase that has issues and has to figure out how to fix them. The platform helps guide the developer through the best way to accomplish this. Learning through a hands-on approach is very effective.

    With the hands-on learning approach developers become more secure coders, which means they are less likely to add bugs to the software they are building. This saves time and money in the long run as the mindset of security is shifted left to earlier in the software development lifecycle.

    What is most valuable?

    The most valuable feature is the guided approach of walking the developer through the best way to fix the issues in the codebase. This approach is hands-on and extremely effective at teaching developers the right way to implement security controls.

    Being able to view the codebase, and edit it in order to remediate the vulnerabilities is extremely powerful.

    The best part is that this is all within the web browser, so the developer doesn't have to install any development environments or download anything to work through the training.

    What needs improvement?

    At this point in time, the platform seems to be focused on web-based applications. For additional features, I can see opportunities for other types of technologies, like mobile applications, batch processing, and backend services or message queue processing. I suspect that these additional types of learning would be difficult to provide through a web-based learning environment, but not impossible.

    Web application development covers much of the industry, but there are also developers working with these other technologies that could benefit from a learning environment more specific to their technologies.

    For how long have I used the solution?

    I have used it as part of Veracode's Secure Coding Challenges, starting in late 2020.

    What do I think about the stability of the solution?

    This is a stable product.

    What do I think about the scalability of the solution?

    My impressions of the scalability are positive.

    Which solution did I use previously and why did I switch?

    I have not used another similar solution.

    How was the initial setup?

    The initial setup is straightforward.

    What about the implementation team?

    It was deployed through the Veracode Secure Coding Challenge.

    Which other solutions did I evaluate?

    I did not evaluate other similar products.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Founder & CEO at a healthcare company with 1-10 employees
    Real User
    Top 5Leaderboard
    Valuable wide-spread features, stable, scalable, easy to install and deploy, with amazing technical support
    Pros and Cons
    • "The features are so extensive, which is why they are ahead of the game, and the reason I continue to use this solution."
    • "The only area of this solution that needs improvement is the pricing for startups."

    What is our primary use case?

    We use Veracode Security Labs along with Veracode Developer Training and other Veracode components in our company for Digitial Health, and security testing.

    How has it helped my organization?

    Veracode and all of its components have helped us in developing a secure product.

    What is most valuable?

    All of the features offered in this solution are valuable.

    The features are extensive, which is why they are ahead of the game, and the reason I continue to use this solution.

    What needs improvement?

    The only area of this solution that needs improvement is the pricing for startups.

    For how long have I used the solution?

    I have been working with Veracode for several years.

    What do I think about the stability of the solution?

    It's a stable solution. We have no issues with stability.

    What do I think about the scalability of the solution?

    It's a scalable product.

    How are customer service and technical support?

    The technical support is amazing! They are very responsive.

    Which solution did I use previously and why did I switch?

    We also use Veracode Developer Training, Manual Penetration Testing, Static Analysis for the same use case.

    How was the initial setup?

    The initial setup is straightforward and extremely easy to install.

    Deployment only took a few hours.

    What about the implementation team?

    We have a team in-house.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for qualified startups should only charge for Veracode Developer Training.

    The licensing cost should be fair, and the use cost when the company or the clients release their product to the market should also be fair.

    What other advice do I have?

    They put together a complete solution that has a number of components. My advice is to take it all. Don't just take just Developer Training or Security Labs or Static Analysis. Rather, take the whole solution and run with it.

    Veracode cannot be taught about security. I would rate Veracode Security Labs a ten out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1561278 - PeerSpot reviewer
    Software Architect at a computer software company with 201-500 employees
    Vendor
    Improves security knowledge for coding, and the approach makes learning more interesting
    Pros and Cons
    • "It provides a complete review of vulnerabilities & possible fixes for OWASP Top 10 in one place."
    • "Veracode Security Labs should cover more than only the OWASP Top 10."

    What is our primary use case?

    We are currently evaluating this platform to see if it would help as a company-wide solution. 

    If Veracode Security Labs is chosen then in the future, it will help developers, DevOps, and testers to better and more deeply understand threats and remediations related to application code.

    In general, Veracode Security Labs will be used to improve the security of the code and help developers in their daily work.

    How has it helped my organization?

    At this point, we do not yet have an organization-wide improvement. The selection process is still underway. However, Veracode Security Labs is better than other evaluated competitor's solutions so far.

    What is most valuable?

    The most valuable features are:

    • Knowledge of how to write a secure application, like OWASP ASVS 4.0, that is spread across the web is gathered into one place. This can save months of learning and search on your own.
    • It is possible to earn Veracode certificate levels one, two, and three, after completion of a defined amount of labs.
    • It provides a complete review of vulnerabilities & possible fixes for OWASP Top 10 in one place.
    • The Hack & Fix learning approach makes the learning process more interesting.
    • Solve vulnerabilities using interactive labs & real applications with the language of your choice.

    What needs improvement?

    The following areas should be improved:

    • Veracode Security Labs should cover more than only the OWASP Top 10. 
    • A more advanced Veracode Security Labs should be added. 
    • More Java-based labs should be added; ideally, all Veracode Security Labs will be available in the Java language.
    • Veracode Security Labs should provide better support for code completion and syntax control (when applied eg. Java) when working on the application code.
    • Some Veracode Security Labs are too easy to complete, although this is a subjective opinion.

    For how long have I used the solution?

    I have been using Veracode Security Labs for two months.

    Which solution did I use previously and why did I switch?

    We did not use another solution prior to this one.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    CristobalRodriguez - PeerSpot reviewer
    Principal Information Security Engineer at Sabre
    Real User
    Top 20Leaderboard
    Good coding challenges, but it needs better auto-completion in the IDE
    Pros and Cons
    • "The coding challenges were well put together and I was happy to see some of the challenges even had a built-in web browser."
    • "I would have liked to see a bit better auto-completion in the IDE, and there was a typo in one of the questions where the code you were supposed to copy was missing a pair of parentheses."

    What is our primary use case?

    We use this eLearning product for our developers. We are working on adding it to our enterprise eLearning solution to help get developers to take it.

    How has it helped my organization?

    We use Veracode Security Labs as our primary security learning platform. It was pretty cool to use for the first time.

    What is most valuable?

    The coding challenges were well put together and I was happy to see some of the challenges even had a built-in web browser. That made them very convenient.

    What needs improvement?

    I would have liked to see a bit better auto-completion in the IDE, and there was a typo in one of the questions where the code you were supposed to copy was missing a pair of parentheses. I'm sure the typo messed up a lot of people. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Fletcher - PeerSpot reviewer
    FletcherDirector, Developer Enablement at Veracode
    Vendor

    Hi there, PM for Security Labs here. If you haven't already, please reach out to support@veracode.com about the IDE autocompletion and lab typo, so that we can gather some more details and follow up to make sure those are fixed + improved. Thank you for the review!