Parasoft: software security and compliance testing for DevSecOps
Parasoft announced the latest releases of Parasoft Jtest and Parasoft dotTEST, their Java and .NET development testing solutions that combine static analysis, security testing, unit testing, and code coverage analysis to help users maximize application quality and security, while minimizing business risks. The new releases (10.4.2) focus on enabling DevSecOps to make security a part of the development process, and help organizations achieve continuous security and compliance with more support for security standards than ever seen before. Parasoft’s security solutions integrate into the daily development workflow from the start, providing teams with continuous visibility into security standards compliance, and helping them remediate vulnerabilities earlier and continuously throughout the DevSecOps journey.
Parasoft’s solutions provide pre-configured, out-of-the-box, and fully-customizable test configurations for security standards, including CWE Top 25, CWE CUSP, OWASP Top 10, PCI-DSS, and UL 2900. Developers can execute real-time security and compliance scans, directly within their development workflows in the IDE, to see potential security vulnerabilities right where they can understand and fix them prior to check-in.
In this release, Parasoft has also built into the product a broad array of context-specific training and tutorials for vulnerabilities identified in the code, to help developers learn about and address security issues as they work, enhancing their security expertise. The same security configuration or policy can also be leveraged by scans executed as part of the CI/CD pipeline, providing a safety-net to gate the delivery pipeline and ensure that insecure code does not get promoted to later stages. Bringing everything together is Parasoft’s centralized reporting dashboard that dynamically demonstrates the application’s security and compliance status in real-time, with widgets that directly correlate to the security standard’s risk assessment framework being used, and automatic report generation for auditing.