Parasoft Jtest Static Application Security Testing for Java Platform

Home , Development testing, Jtest, Parasoft, Parasoft DTP, SOAtest, System testing

Parasoft

Parasoft (officially Parasoft Corporation) is an independent software vendor with headquarters in Monrovia, California, USA. It was founded in 1987. The most recent awards/recognitions received were being named "leader" in Forrester's Functional Test Automation Tools evaluation, Jolt Grand Prize Award for Parasoft Virtualize, Parasoft's service virtualization technology and the Embeddy Award for most cutting edge product for embedded software developers & engineers. Parasoft develops automated defect prevention technologies that support the Automated Defect Prevention methodology.These technologies automate a number of defect prevention practices for Java, C and C++, and .NET. The static code analysis practice identifies coding issues that lead to security, reliability, performance, and maintainability issues later on. The original static analysis technology has been extended to include security static analysis, data flow analysis, and software metrics. Company also possess technology that automatically generates unit test cases, now has been extended to include code coverage analysis, regression testing, and traceability. The peer code review practice involves manually inspecting source code to examine algorithms, review design, and search for subtle errors that automated tools cannot detect. Although the peer inspection itself cannot be automated, peer code reviews preparation, notification, and tracking can be automated. For cloud, SOA, APIs, and enterprise IT environments, Parasoft technologies automate practices such as API testing, integration testing, system testing, load testing, and penetration testing. Parasoft also develops memory error detection technology that finds run-time errors in C and C++ programs. For service virtualization, Parasoft technologies are used to automatically capture and emulate dependent system behavior of mainframes, third-party components, or any system component that is unavailable or difficult to access for development and testing purposes.

E-SPIN and Parasoft

E-SPIN have actively in promoting Parasoft full range of products and technologies since 2016 as part of the company Security, Vulnerability Management, Application Security, Software Assessment, Application Lifecycle Management (ALM) solution portfolio. E-SPIN is active in provide consulting, supply, training and maintaining Parasoft products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do businesses. The enterprise range from university, corporate, government agencies to IT security professionals / analysts, developer on the application security or cyber security / cyber warfare /military defense applications. Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs. The following content is dynamic prepare and sort based on newest date to show first, and old content auto push behind. Please surf in the backward manner for content you look for.

Parasoft Jtest

Parasoft® Jtest® is an integrated Development Testing solution for automating a broad range of practices proven to improve development team productivity and software quality. Jtest also seamlessly integrates with Parasoft SOAtest, which enables end-to-end functional and load testing for complex distributed applications and transactions.

Capabilities

STATIC ANALYSIS ● Broad support for languages and standards: Security | C/C++ | Java | .NET | FDA | Safety-critical ● Static analysis tool industry leader since 1994 ● Simple out-of-the-box integration into your SDLC ● Prevent and expose defects via multiple analysis techniques ● Find and fix issues rapidly, with minimal disruption ● Integrated with Parasoft's suite of development testing capabilities, including unit testing, code coverage analysis, and code review

CODE COVERAGE ANALYSIS ● Track coverage during unit test execution and the data merge with coverage captured during functional and manual testing in Parasoft Development Testing Platform to measure true test coverage. ● Integrate with coverage data with static analysis violations, unit testing results, and other testing practices in Parasoft Development Testing Platform for a complete view of the risk associated with your application ● Achieve test traceability to understand the impact of change, focus testing activities based on risk, and meet compliance objectives.

UNIT TESTING ● Unit testing industry leader since 1997 ● Rapidly build a high-coverage test suite ● Easily extend and customize generated tests ● Expose functional problems and crash-causing defects ● Remove barriers to creating/maintaining robust test suites ● Integrated with static analysis, code review — more

TRACEABILITY Bidirectional requirements traceability with Parasoft ● Take control of requirements definition, management and testing ● Link requirements with code, code changes, code analysis, manual and automated tests ● Prevent unexpected changes and regression ● Satisfy industry standard requirements, such as FDA, DO-178C and ISO 26262.

RUNTIME ERROR DETECTION ● Expose critical defects as the application is exercised ● Works from unit testing through application/system testing ● Reports only defects that actually occur ● Lightweight and suitable for embedded testing ● Integrated with static analysis, unit testing, code review & more

Supported Environments

Infrastructure Support Operating System ● Eclipse IDE ● Windows ● IntelliJ IDEA ● Red Hat Enterprise ● IBM Rational Application Linux Developer ● Mac OS ● Ant ● Solaris (SPARC) ● Maven ● Gradle ● Jenkins ● CruiseControl

Coding Standards

CODING STANDARDS COMPLIANCE WITH PARASOFT Parasoft’s code analysis monitors whether code meets uniform expectations around security, reliability, performance, and maintainability. We provide a foundation for producing solid code by exposing structural errors and preventing entire classes of errors. An automated framework is provided to ensure consistency across development languages, development teams, and third-party partners.

Parasoft uses a blended approach to implementing coding standards that includes:

● prevention patterns ● bug detection patterns ● code metrics patterns ● runtime error detection

REDUCE NOISE WITH PROCESS INTELLIGENCE Parasoft merges analysis results with data generated throughout the development lifecycle to deliver meaningful, actionable information. This enables you to eliminate false positives, pinpoint business risk in the code, and incrementally improve processes that result in more faster delivery without affecting quality.

TYPES OF DEFECTS DETECTED ● API usage errors ● Integer handling issues ● Best practice coding errors ● Integer overflows ● Build system issues ● Memory – corruptions ● Buffer overflows ● Memory – illegal accesses ● Class hierarchy inconsistencies ● Null pointer dereferences ● Code maintainability issues ● Path manipulation ● Concurrent data access violations ● Performance inefficiencies ● Control flow issues ● Program hangs ● Cross-site scripting (XSS) ● Race conditions ● Cross-site request forgery (CSRF) ● Resource leaks ● Deadlocks ● Rule violations ● Error handling issues ● Security best practices violations ● Hard-coded credentials ● Security misconfigurations ● Incorrect expression ● SQL Injection ● Insecure data handling ● Uninitialized members

Application Security security Parasoft enables development teams to build security into your application by facilitating code-hardening practices based on accepted industry standards, such as OWASP Top 10, CWE/SANS Top 25, and PCI DSS. Defend your software from security breaches and cyberattacks by preventing vulnerabilities where they occur--in the source code.

FDA and Medical Device Software Development FDA Parasoft Development Testing Platform (DTP) for medical device software development helps organizations achieve compliance with submitted and approved processes. Parasoft DTP also assists organizations to continuously improve software quality practices as documented by the General Principles of Software Validation.

PCI DSS Compliance Security02_PCI Parasoft's unique automated infrastructure unobtrusively drives the development process to help you achieve Payment Card Industry Data Security Standards (PCI DSS) compliance.

CWE Compliance CWE Parasoft supports the Common Weakness Enumeration (CWE) guidelines with dedicated code analysis configurations that map to best practices outlined in the standard.

DISA STIG Compliance US_Defense_Information_Systems Ensure that your development processes and resulting code meet the Defense Information System Agency's (DISA) Security Technical Information Guides (STIG), which defines how applications should be developed to meet the U.S. governments cybersecurity standards.

Why Jtest

Comprehensive Code Quality Tools for Java Development Jtest helps development teams produce better code, test it more efficiently, and consistently monitor progress toward quality goals. Automate proven Development Testing practices—such as static analysis, unit testing, metrics analysis, coverage analysis, and runtime error detection—on the desktop early in the SDLC. This helps the team identify and fix problems as soon as they are introduced.

Advanced Code Analysis Continuous “on-the-fly” static analysis automatically checks code against hundreds of built-in or custom rules as developers review, add, and modify code. This helps eliminate entire classes of programming errors by establishing preventive coding conventions, while facilitating regulatory compliance (FDA, PCI, etc.)—ensuring that code meets uniform expectations around security, reliability, performance, and maintainability.

Unit, Integration, and Regression Testing Automatically generate complete tests, including test drivers and test cases for individual functions, and use them for initial validation of the code’s functional behavior. A multi-metric coverage analyzer enables you to assess test suite efficacy and completeness—helping you demonstrate compliance with test and validation requirements. Jtest also generates and executes regression test cases to detect if incremental code changes break existing functionality or impact application behavior.

Find Runtime Bugs without Executing Software Automatically exposes defects that occur as the application is exercised, including race conditions, exceptions, resource and memory leaks, and security attack vulnerabilities. Jtest also provides a complete path for each potential defect in the IDE and cross-links it to the code, enabling users to quickly jump to any point in the highlighted analysis path.

© E-SPIN Group. All Right Reserved. * E-SPIN is the leading technology solution and outsourcing vendor in providing enterprise solutions consulting, buying facilitation, network and system integration, software development and customization, product training and certification testing, share service and outsourcing.

More information available at www.e-spincorp.com

Malaysia No. 21-2, Jalan PJU 8/3B, Perdana Business Centre, Damansara Perdana 47820 Petaling Jaya, Selangor Malaysia Tel: +603 2168 3687 / +603 7728 2866

Hong Kong Hong Kong Island Room 1104, Crawford House, 70 Queen Road Central, Central, Hong Kong Tel: +852 2165 4773, +852 8199 9799

Singapore 10 Anson Road #18-17 International Plaza Singapore 079903 Tel: +65 6223 2069 / +65 3158 2203

Indonesia Office 8, Level 18-A, Jalan Jend Sudirman Kav. 52-53 Sudirman Central Business District (SCBD) Jakarta Selatan Daerah Khusus Ibukota Jakarta 12190 Indonesia Tel: +6221 2960 8334

Thailand 195 Unit 4703, 47th Floor, Empire Tower, South Sathorn Road, Yannawa, Sathorn, Bangkok 10120 Thailand Tel: +66 60 002 4168

China 15/F L`Avenue, 99 Xianxia Road, Chang Ning District, E-SPIN SDN BHD Shanghai 200051 E-SPIN INTERNATIONAL PTE LTD China Tel: +86 21 60577047 E-SPIN INTERNATIONAL LIMITED

Philippines Penthouse Level, Mavenue Building, E: [email protected] 7844 Makati Avenue, Makati City, Metro Manila, W: http://www.e-spincorp.com 1209 Philippines Tel: +63 (2) 9170256