Parasoft’s unique automated infrastructure unobtrusively drives the development process to ensure that secure software is delivered on time and on budget.
Blue Turtle, the Parasoft reseller in southern Africa, adds Parasoft’s unique Application Security Compliance solution to its arsenal. Parasoft, a leading provider of solutions and services that deliver quality as a continuous process, announced the availability of enhanced data flow analysis capabilities that help organizations rapidly identify high-risk runtime security vulnerabilities as well as monitor security policy compliance.
With its newly integrated features, Parasoft’s Application Security Compliance now offers the following additional capabilities:
Security as a Continuous Process
Parasoft’s Application Security Solution establishes a continuous process that ensures security verification and remediation tasks are deployed across every stage of the SDLC and ingrained into the team’s workflow.
Establish, Apply, and Monitor Adherence to Policies
Parasoft’s policy-driven approach defines the organization’s expectations around quality while ensuring consistent, unobtrusive policy application. The automated infrastructure automatically monitors policy compliance for visibility and auditability.
Out-of-the-box Support for Critical Security Standards and Initiatives
Achieve compliance with industry best-practices, standards, and guidelines, including PCI DSS, OWASP, CWE/SANS, NIST SAMATE, and more
Easily Configure Custom Rules for Enforcing Coding Best Practices
The extensive, continually-expanding knowledge base of rules can be easily customized (graphically, without coding) to enable automated monitoring of custom best practices. The result is more realistic and accurate validation that is aligned with the team’s security priorities.
Robust Security Validation and Verification Practices
Parasoft automates a broad spectrum of application security activities for C/C++, Java, .NET, SOA, Web, and RIA– the most comprehensive in the industry, including:
- Static code analysis – Coding standards, data flow, metrics–including preconfigured PCI DSS 6 and OWASP configurations.
- Peer review – Workflow management and automation.
- Penetration testing – Message layer and web interface.
- Message Layer Policy Validation – Authentication, encryption, and access control.
- Runtime analysis – Buffer overflows and other memory errors.
- Unit testing – Verification of input validation methods.
Facilitates Remediation—Not Just Detection
To promote rapid remediation, each vulnerability detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing more secure code as a matter of habit.
Extensive Centralized Reports
Parasoft’s centralized reporting system provides real-time visibility into overall security status and processes, documents improvements, and helps you determine what additional actions are needed to safeguard security.