Parasoft's Application Security Solution helps enterprises secure applications throughout the software development life cycle.
Parasoft, a software quality enhancement and error detection
tool maker, is expected to announce a new application security package with
enhanced data flow analysis capabilities.
The package helps organizations rapidly identify high-risk run-time
security vulnerabilities and monitor security policy compliance.
Parasoft's Application Security Solution is slated to be announced on July
15 and aims to help enterprises establish a continuous process to
ensure that security verification and remediation tasks
are deployed across every stage of the SDLC (Software Development
Life Cycle) and also ingrained into the system workflow.
"Security should be an integral part of the SDLC, not an afterthought, "said
Neil MacDonald, vice president and fellow at research firm Gartner. "The
notion of application 'quality,' which has traditionally focused on
functionality and performance, must be expanded to include security. Native
integration of security testing capabilities into the SDLC environment will increase
the likelihood of acceptance by the development organization."
Parasoft officials said the new Parasoft Application Security Solution
expands traditional data flow analysis from software quality to application
security. And the server-based solution simulates complex application
execution paths to help development teams find vulnerabilities that
might otherwise take weeks to find-or remain unnoticed until exploited.
These include vulnerabilities such as SQL injection, cross-site
scripting, exposure of sensitive data and other potential issues. The tests are
done automatically, with no need for the teams to create or design test cases.
The Parasoft tool draws on an extensive knowledge base of common
attack patterns and also enables organizations to map the data flow logic
to their own security policies, the company said.
Parasoft officials said the company has 20 years
of experience in helping Fortune 500 companies incorporate security and
quality practices across the SDLC. Parasoft's products have supported
application security verification for years through rule-based static analysis,
data flow static analysis, security metrics and peer code review process
automation, the company said.