News Stay informed about the latest enterprise technology news and product updates.

Parasoft enhances its Application Security Solution

Parasoft Corp. has enhanced its Application Security Solution to help companies identify run-time security vulnerabilities and monitor security policy compliance.

Parasoft Corp., a provider of solutions and services that deliver quality as a continuous process throughout the...

Software Development Lifecycle (SDLC), has enhanced its Application Security Solution to help companies identify run-time security vulnerabilities and monitor security policy compliance.

What we've done with this release is combine our security analysis with our data analysis engine. So we have a real end-to-end security analysis solution.
Matt Love
Application security architectParasoft Corp.

With this enhancement, Parasoft is leveraging data flow analysis with knowledge of security artifacts to show end-to-end how a hacker's tainted data could infect code, said Matt Love, an application security architect at Parasoft.

"Originally it was a quality tool, because it could do things like identify points in code where null points were assigned and how it might flow," Love said. "What we've done with this release is combine our security analysis with our data analysis engine. So we have a real end-to-end security analysis solution that will start at a point where a hacker might enter tainted data and trace the flow of the data and show how it goes from one file to another and bypass any validation -- and might be passed to a database."

A significant part of the automated solution runs on the server. Vulnerabilities uncovered include SQL injection, cross-site scripting (XSS), and data exposure.

The latest enhancements not only draw upon a knowledge base of common attack patterns, but they also enable organizations to map the data flow logic to their own security policy. And based on the policy that's running, tasks are pushed to the developers' desktops.

"The developer is not fumbling around with an analysis tool. They're working through the prioritized issues that land in their task list. This combination gives them the ability to correct the defects," said Wayne Ariola, vice president of corporate development at Parasoft.

By showing developers how tainted data can flow through an application, it's easier to persuade developers to fix their code, Love added.

More information on application security tools
HP software security suite treats vulnerabilities as defects

Cenzic Web application security tool targets CSRF attacks

Developers get bigger role in software quality, security

"People are hesitant to fix code because think it isn't their responsibility. We can prove that it can get from point A to point B without validation. We can show how it can slip through that hole," he said.

Ariola said this is more than just bug-finding exercises. "It really fits into the policy-based approach," he said.

Neil MacDonald, vice president and Gartner Fellow, said security should be an integral part of the SDLC, not an afterthought.

"The notion of application 'quality' which has traditionally focused on functionality and performance must be expanded to include security," he said in a prepared statement. "Native integration of security testing capabilities into the SDLC environment will increase the likelihood of acceptance by the development organization."

For more information about Parasoft's Application Security Solution, visit Parasoft's Web site.

Dig Deeper on Software Security Testing Tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close