Application security firm Veracode just landed $40 million in funding — and it’s not just because security companies are hot right now.

The company focuses on building security infrastructure into mobile and web applications. Veracode works with developers as the app is being constructed to make sure it’s built securely from the get go rather than trying to secure the app after it’s been developed. The company can also test the security of any third-party applications exchanging information with the app being developed, for possible security holes.

“You take an application upload it to us, we scan the application, look at the way data flows, and understand where the vulnerabilities are,” CEO Bob Brennan told VentureBeat.

Once the app is built, the company will try to hack it to see how it holds up against potential threats. One of Veracode’s main goals is to make the security process less of a hassle for developers, who typically see security as slowing down the development process.

“You can’t transform a society of developers,” says Brennan. “ Instead, we make sure that we’re part of the build process.”

The company is part of a growing number of security companies like Palo Alto Networks and FireEye that are taking a software-as-a-service approach to securing applications and enterprises.

Veracode was first formed eight-and-a-half years ago by members of security startup @stake, which Symantec acquired in 2004. Since the company’s founding in 2006 it has raised over a $100 million dollars in funding. In 2012 it acquired mobile app security firm Marvin Mobile, which undoubtedly helped fuel its expansion into mobile app security.

This late stage round was led by Wellington Management Company. Flush with a new round of cash, Veracode is focused on bulking up its sales, marketing, and research and development teams so it can expand its global reach. During my meeting with Brennan he hinted that Veracode may also have an interest in going public — though there’s no word on when that might happen.