Veracode Adds Advanced Dynamic Analysis Capability With Acquisition of Crashtest Security Solution

Acquisition Provides Enhanced Offering for Customers Looking to Secure their Web Application Attack Surface

BURLINGTON, Mass.--()--Veracode, a leading global provider of modern application security testing solutions, today announced it has acquired Germany-based software security tool, Crashtest Security, a rising developer-oriented dynamic application security testing (DAST) product. The investment will enhance the existing DAST capabilities available as part of Veracode’s Continuous Software Security Platform and broaden customer access globally.

Web applications are fast becoming the most exploited attack vector for cyber threat actors looking to infiltrate enterprises and critical infrastructure. In fact, web apps now account for 40 percent of breaches*. The Crashtest Security product makes it even easier to get started with web application scanning in runtime environments to find vulnerabilities that static analysis is not best suited for. This developer-friendly solution complements Veracode’s platform capabilities as part of a complete modern application security program that secures the entire software development life cycle (SDLC).

Brian Roche, Chief Product Officer at Veracode, said, “Our customers have never been under greater pressure to secure their web applications in response to heightened risk. They seek simple-to-use products that can be onboarded quickly and seamlessly. The Crashtest Security product offers just the solution—it is a highly innovative DAST tool and already has deep roots in the European market. This acquisition supports the growing demand for run-time scanning and allows customers to quickly and easily experience the latest developments in DAST.”

Crashtest Security Dynamic Analysis

Crashtest Security, based in Munich, Germany, was founded in 2017. The solution can be used to analyze JavaScript-based apps, REST (Representational state transfer) APIs, and traditional web apps, and automate security testing via integration in the software development pipeline.

Veracode will incorporate the Crashtest tool into its existing portfolio, allowing customers to use the same login credentials across both products. Users will be able to leverage the most powerful aspects of the integrated technology for a 360-degree view of scanning and reporting architecture across all applications utilizing a DAST product.

Felix Brombacher, CEO and Co-founder of Crashtest Security, said, “We are thrilled to extend advanced DAST capability to a broader market. We have invested heavily in our plug-and-play solution to meet the demands of customers in Europe and enable continuous testing throughout the development process. The acquisition of our dynamic analysis technology and resources by Veracode will enable us to deliver the next generation of DAST to customers globally.”

To learn more about the dynamic analysis solution and how to take software security to the next level, click here.

* 2022 Verizon Data Breach Investigations Report, May 2022

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at, on the Veracode blog, on LinkedIn, and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.


For more information:
Katy Gwilliam

Release Summary

Veracode acquires Crashtest Security, a Germany-based developer-oriented dynamic application security testing (DAST) tool.

Social Media Profiles


For more information:
Katy Gwilliam