Parasoft, a software quality enhancement and error detection tool maker, is expected to announce a new application security package with enhanced data flow analysis capabilities.
The package helps organizations rapidly identify high-risk run-time security vulnerabilities and monitor security policy compliance.
Parasoft's Application Security Solution is slated to be announced on July 15 and aims to help enterprises establish a continuous process to ensure that security verification and remediation tasks are deployed across every stage of the SDLC (Software Development Life Cycle) and also ingrained into the system workflow.
"Security should be an integral part of the SDLC, not an afterthought, "said Neil MacDonald, vice president and fellow at research firm Gartner. "The notion of application 'quality,' which has traditionally focused on functionality and performance, must be expanded to include security. Native integration of security testing capabilities into the SDLC environment will increase the likelihood of acceptance by the development organization."
Parasoft officials said the new Parasoft Application Security Solution expands traditional data flow analysis from software quality to application security. And the server-based solution simulates complex application execution paths to help development teams find vulnerabilities that might otherwise take weeks to find-or remain unnoticed until exploited.
These include vulnerabilities such as SQL injection, cross-site scripting, exposure of sensitive data and other potential issues. The tests are done automatically, with no need for the teams to create or design test cases. The Parasoft tool draws on an extensive knowledge base of common attack patterns and also enables organizations to map the data flow logic to their own security policies, the company said.
Parasoft officials said the company has 20 years of experience in helping Fortune 500 companies incorporate security and quality practices across the SDLC. Parasoft's products have supported application security verification for years through rule-based static analysis, data flow static analysis, security metrics and peer code review process automation, the company said.