Parasoft, a Monrovia, Calif. company that helps track possible software vulnerabilities, has released an enhanced data flow analysis system that can help organizations identify high-risk security problems as well as monitor security policy compliance.
This new capability is available in Parasoft’s Application Security Solution, which expands traditional data flow analysis from software quality to application security. This server-based technology statically simulates application execution paths to help teams find vulnerabilities that might otherwise take weeks to locate, or remain unnoticed until exploited.
Vulnerabilities detected include SQL injection, cross-site scripting, exposure of sensitive data, and other potential issues. Since tests are performed completely automatically (there are no test cases to design, implement, execute, or maintain), teams significantly increase the scope of their security testing without slowing project progress. The latest enhancements not only draw upon an extensive knowledge base of common attack patterns, but also enable organizations to map the data flow logic to their own security policy.
“Security should be an integral part” of software development, “not an afterthought,” said Parasoft Vice President Neil MacDonald. “The notion of application ‘quality’ which has traditionally focused on functionality and performance must be expanded to include security. Native integration of security testing capabilities…will increase the likelihood of acceptance by the development organization.”
Parasoft solutions have supported application security verification for years through rule-based static analysis, data flow static analysis, security metrics, and peer code review process automation. ![[end]](/resources/bullet/archive-4.gif)
