Parasoft Enhances its Application Security Solution
Parasoft has announced the availability of enhanced data flow analysis capabilities that help organizations rapidly identify high-risk runtime security vulnerabilities as well as monitor security policy compliance. This capability is available in Parasoft’s Application Security Solution, which establishes a continuous process that ensures security verification and remediation tasks are not only deployed across every stage of the SDLC, but also ingrained into workflow.
Parasoft’s Application Security Solution expands traditional data flow analysis from software quality to application security. This server-based technology statically simulates complex application execution paths to help teams effortlessly find vulnerabilities that might otherwise take weeks to find—or remain unnoticed until exploited. Vulnerabilities detected include SQL injection, cross-site scripting, exposure of sensitive data, and other potential issues. Since tests are performed completely automatically (there are no test cases to design, implement, execute, or maintain), teams significantly increase the scope of their security testing without slowing project progress.
The latest enhancements not only draw upon an extensive knowledge base of common attack patterns, but also enable organizations to map the data flow logic to their own security policy. The result is realistic and accurate validation that is closely aligned with the team’s security priorities. “Security should be an integral part of the SDLC, not an afterthought, “said Neil MacDonald, Vice President and Gartner Fellow.” The notion of application ‘quality’ which has traditionally focused on functionality and performance must be expanded to include security. Native integration of security testing capabilities into the SDLC environment will increase the likelihood of acceptance by the development organization.”
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)