DOCSLIB.ORG

Your Source for Security Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Your Source for Security Solutions YOUR SOURCE FOR SECURITY SOLUTIONS Congress: 4-6 July 2017 | Exhibition: 5-7 July 2017 Suntec Singapore Convention & Exhibition Centre EVENT OWNER SUPPORTED BY YOU ARE CORDIALLY INVITED to visit INTERPOL World Law enforcement officials today are facing a challenging and demanding operating environment. As society is increasingly connected and the world becomes borderless, technologies can help law enforcement to prevent, detect and investigate more efficiently, but at the same time, they open up possibilities for criminalities. INTERPOL believes that its vision of a safer world is possible through a multi-stakeholder approach to innovation in policing. Autonomous cars, artificial intelligence, robotics, drones and crypto-currencies in the Darkweb; these are becoming part of today’s reality which intensifies the challenge of securing our cities, major world events, borders and INTERPOL World is a unique cyberspace. opportunity for law enforcement Come to INTERPOL World 2017, where experts and and industry to build partnerships practitioners will share how they deploy successful solutions and leverage on technologies to shape the future of for developing innovative policing. Learn, share and experience the technological solutions to the global security possibilities and state-of-the-art policing solutions in action. challenges of tomorrow Jürgen Stock, INTERPOL Secretary General WHY YOU SHOULD ATTEND INTERPOL World 2017 is the leading networking and information exchange WHAT TO EXPECT platform for law enforcement, government bodies, academia, security professionals and solution providers. The event allows the security community to foster mutually beneficial collaboration and share innovation and solutions 300 10,000 to ensure faster and more accurate responses for future-ready security, international solution professionals and providers and buyers from public ensuring more secure, resilient, and safer cities for people around the world. manufacturers and private sectors Fighting the increasingly sophisticated criminal organizations of the 21st century demands greater collaboration on a global front with multiple 30% 20 hours stakeholders. international visitors of informative sessions with topics on cybercrime, safe INTERPOL World is your unique opportunity to gain knowledge on how to cities, and identity management. address security challenges, protect your cities, and safeguard their international reputation. Bolster your networks with leading professionals across the multi-faceted security disciplines. With over 300 international solution providers and manufacturers showcasing their leading innovations, this is the place to source and evaluate solutions for your city’s challenges. REGISTER YOUR VISIT TODAY www.interpol-world.com EVENTS-AT-A-GLANCE 4 July 2017 Tuesday 5 July 2017 Wednesday 6 July 2017 Thursday 7 July 2017 Friday Exhibition Exhibition Exhibition 09.30 - 18.00 Level 4 09.30 - 18.00 Level 4 09.30 - 17.00 Level 4 CONGRESS CONGRESS CONGRESS INTERPOL World Dialogue INTERPOL World Dialogue INTERPOL World Dialogue 09.00 - 10.30 09.00 - 10.30 09.00 - 10.30 Panel session to establish risks and Panel session to shed new light on Panel session to establish current opportunities in emerging technology ways to overcome emerging and projected challenges of in Cyberspace; and correlation security and public safety issues identification, verification and validation between technology, connectivity affecting the international of identity of people, goods and vehicles and crime. community. in our borderless world COFFEE BREAK COFFEE BREAK COFFEE BREAK CONGRESS CONGRESS CONGRESS Strategic Perspective Strategic Perspective Strategic Perspective on Future Security on Future Security on Future Security 10.45 - 12.15 10.45 - 12.15 10.45 - 12.15 Shedding light on the “Dark side”– Prevention – Smarter, faster and more Identity management and detection in Cyberspace and the future of precise. Preparing policing strategies, a borderless world. Law enforcement, policing. Managing cyber threats to approach and tactics for managing urban migration and border management in society from the “hidden” internet. centers and global cities of the future. an age of globalization. LUNCH LUNCH LUNCH CONGRESS CONGRESS CONGRESS Operational Insights Operational Insights Operational Insights on Future Security on Future Security on Future Security 14.00 - 15.30 14.00 - 15.30 14.00 - 15.30 Technologies and solutions to counter Leveraging on big data analytics, IoT How can technologies, such as cyber threats, for example, and artificial intelligence technologies biometrics, genetics and synthetic de-anonymization tools, Darknet-use such as robotics to detect and prepare biology, better manage identification, analytics, solutions to counter online for threats, extract knowledge and verification, validation and detection of radicalization or identify “at-risk” enhance situational awareness for better crimes (of people, goods and vehicles) communities. crisis management and coordination. in our cyber-enabled environment? COFFEE BREAK COFFEE BREAK COFFEE BREAK CONGRESS CONGRESS CONGRESS Case Studies Case Studies Case Studies 15.45 - 16.15 15.45 - 16.15 15.45 - 16.15 CONGRESS CONGRESS CONGRESS Closing Session Closing Session Closing Session 16.15 - 16.45 16.15 - 16.45 16.15 - 17.30 Official Launch & Industry Reception Welcome Reception Dinner 17.30 – 19.30 18.00 – 21.00 (by invitation only) Programme is subject to change. (by invitation only) Updated as at 1 March 2017. PREVENT. DETECT. INVESTIGATE. Discover the latest threats and discuss solutions to problems that you may have yet to identify. Managing cyber threats to Managing urban centers and Identity management and society from the ‘hidden’ internet global cities of the future detection in a borderless globalized world • Do you really understand the impact • How to make use of big data and of Darknet marketplaces, which are Internet of Things (IoT) to detect and • How to prevent identity theft in increasingly used to profit from prepare for threats? cyberspace? proceeds of crime and procure illicit • How artificial intelligence • How can technologies such as drugs, weapons and counterfeit technologies such as robotics can biometrics better manage identities in identity documents, benefiting the play a key role in extracting a borderless and cyber-enabled perpetrators of terrorism, illicit markets, knowledge and intelligence from big world? organised crime and a myriad of data to improve situational • How to create solutions to help law ? ? other transnational crimes awareness enforcement in the identification, • How do criminals exploit the Darknet • Can drones be the solution for event verification and validation of identity to enhance their criminality, surveillance for major national, of people, goods and vehicles? coordinate, recruit and spread their regional and international events • Why is a coordinated approach ? ? ideology hosted by global cities critical for improving border security? • What risks and opportunities lie in ? • How to better regulate crypto emerging technology in Cyberspace currencies? • How to leverage blockchain for security applications? • How to better manage internet restrictions for public services? NATIONAL GROUPS AT INTERPOL WORLD 2017 FRANCE ISRAELITALY JAPAN SINGAPORE USA PRELIMINARY EXHIBITOR LIST Company Name Country/Region Company Name Country/Region Ace Computers/Ace Tech Partners, LLC United States Kaymera Israel ADDER Technology Singapore Keesing Technologies Netherlands Agent V Israel Lai Yew Seng Pte Ltd Singapore AJA Singapore Leadspotting Israel Altrus Pte Ltd Singapore Microsoft Operations Pte Ltd Singapore AMIYA Corporation Japan Nan Jing Wu Qi Technology Ltd Co China Arbor Networks United Kingdom National Computing and Information Service Republic of Korea AREA SpA Italy National Security Ventures FZC United Arab Emirates ATG Access United Kingdom NEC Corporation Japan Ayonix Japan NF Global Singapore Business France France NRI Secure Technologies Japan Canon Singapore Pte Ltd Singapore Oberthur Technologies France Chainalysis Inc United States Oneberry Technologies Singapore Checkpoint Technologies Israel Opgal Israel Chubb Singapore Pte Ltd Singapore Oracle United States CLS France OVD Kinegram (Asia Pacific) Pte Ltd Singapore Communitake Israel oVio Technologies, Inc. United States Concorde Security Singapore Paclin Singapore Cornerstone Technica Pte Ltd Singapore Parafoil Design & Engineering Pte Ltd Singapore Coronet Israel Parasoft South East Asia Pte Ltd Singapore Coselec Pte Ltd Singapore Quantum Storage Singapore Criterion Solutions Australia Quarklab France CyberInt Israel ReaQta Ltd Malta Dalian Everspry Science & Technology China Rigaku Raman Technologies United States Darktrace Ltd United Kingdom Sasa Software Israel Datacard Asia Pacific Limited (Singapore Branch) Singapore SecureAge Technology Singapore Datumstruct Singapore Securiport United States dit Co., Ltd Japan SICPA Switzerland Elid Singapore Sierra Solutions Pte Ltd Singapore Elyctis HK Limited Hong Kong SAR Simulation Software & Technology (S2T) Pte Ltd Singapore Foster+Freeman United Kingdom Singapore infocomm Technology Federation Singapore Funayama Japan Singapore Manufacturing Federation Singapore Gemalto Singapore Smartstripe Marketing Pte Ltd Singapore Genetec Asia Pacific Pte Ltd Singapore SPS France Green Bit Italy Streamlight, Inc United States Group 2000 Nederland B.V. Netherlands Surys France Hayagriva Software Pvt Ltd India Swiss Business Hub ASEAN Switzerland Heimdal
Load more

Recommended publications
  • A Framework and Tool Supports for Generating Test Inputs of Aspectj Programs
    A Framework and Tool Supports for Generating Test Inputs of AspectJ Programs Tao Xie Jianjun Zhao Department of Computer Science Department of Computer Science & Engineering North Carolina State University Shanghai Jiao Tong University Raleigh, NC 27695 Shanghai 200240, China [email protected] [email protected] ABSTRACT 1. INTRODUCTION Aspect-oriented software development is gaining popularity with Aspect-oriented software development (AOSD) is a new tech- the wider adoption of languages such as AspectJ. To reduce the nique that improves separation of concerns in software develop- manual effort of testing aspects in AspectJ programs, we have de- ment [9, 18, 22, 30]. AOSD makes it possible to modularize cross- veloped a framework, called Aspectra, that automates generation of cutting concerns of a software system, thus making it easier to test inputs for testing aspectual behavior, i.e., the behavior imple- maintain and evolve. Research in AOSD has focused mostly on mented in pieces of advice or intertype methods defined in aspects. the activities of software system design, problem analysis, and lan- To test aspects, developers construct base classes into which the guage implementation. Although it is well known that testing is a aspects are woven to form woven classes. Our approach leverages labor-intensive process that can account for half the total cost of existing test-generation tools to generate test inputs for the woven software development [8], research on testing of AOSD, especially classes; these test inputs indirectly exercise the aspects. To enable automated testing, has received little attention. aspects to be exercised during test generation, Aspectra automati- Although several approaches have been proposed recently for cally synthesizes appropriate wrapper classes for woven classes.
    [Show full text]
  • Parasoft Dottest REDUCE the RISK of .NET DEVELOPMENT
    Parasoft dotTEST REDUCE THE RISK OF .NET DEVELOPMENT TRY IT https://software.parasoft.com/dottest Complement your existing Visual Studio tools with deep static INCREASE analysis and advanced PROGRAMMING EFFICIENCY: coverage. An automated, non-invasive solution that the related code, and distributed to his or her scans the application codebase to iden- IDE with direct links to the problematic code • Identify runtime bugs without tify issues before they become produc- and a description of how to fix it. executing your software tion problems, Parasoft dotTEST inte- grates into the Parasoft portfolio, helping When you send the results of dotTEST’s stat- • Automate unit and component you achieve compliance in safety-critical ic analysis, coverage, and test traceability testing for instant verification and industries. into Parasoft’s reporting and analytics plat- regression testing form (DTP), they integrate with results from Parasoft dotTEST automates a broad Parasoft Jtest and Parasoft C/C++test, allow- • Automate code analysis for range of software quality practices, in- ing you to test your entire codebase and mit- compliance cluding static code analysis, unit testing, igate risks. code review, and coverage analysis, en- abling organizations to reduce risks and boost efficiency. Tests can be run directly from Visual Stu- dio or as part of an automated process. To promote rapid remediation, each problem detected is prioritized based on configur- able severity assignments, automatical- ly assigned to the developer who wrote It snaps right into Visual Studio as though it were part of the product and it greatly reduces errors by enforcing all your favorite rules. We have stuck to the MS Guidelines and we had to do almost no work at all to have dotTEST automate our code analysis and generate the grunt work part of the unit tests so that we could focus our attention on real test-driven development.
    [Show full text]
  • Parasoft Static Application Security Testing (SAST) for .Net - C/C++ - Java Platform
    Parasoft Static Application Security Testing (SAST) for .Net - C/C++ - Java Platform Parasoft® dotTEST™ /Jtest (for Java) / C/C++test is an integrated Development Testing solution for automating a broad range of testing best practices proven to improve development team productivity and software quality. dotTEST / Java Test / C/C++ Test also seamlessly integrates with Parasoft SOAtest as an option, which enables end-to-end functional and load testing for complex distributed applications and transactions. Capabilities Overview STATIC ANALYSIS ● Broad support for languages and standards: Security | C/C++ | Java | .NET | FDA | Safety-critical ● Static analysis tool industry leader since 1994 ● Simple out-of-the-box integration into your SDLC ● Prevent and expose defects via multiple analysis techniques ● Find and fix issues rapidly, with minimal disruption ● Integrated with Parasoft's suite of development testing capabilities, including unit testing, code coverage analysis, and code review CODE COVERAGE ANALYSIS ● Track coverage during unit test execution and the data merge with coverage captured during functional and manual testing in Parasoft Development Testing Platform to measure true test coverage. ● Integrate with coverage data with static analysis violations, unit testing results, and other testing practices in Parasoft Development Testing Platform for a complete view of the risk associated with your application ● Achieve test traceability to understand the impact of change, focus testing activities based on risk, and meet compliance
    [Show full text]
  • Case Study Test the Untestable: Alaska Airlines Solves
    CASE STUDY Testing the Untestable Alaska Airlines Solves the Test Environment Dilemma Case Study Testing the Untestable Alaska Airlines Solves the Test Environment Dilemma OVERVIEW Alaska Airlines is primarily a West Coast carrier that services the states of Alaska and Hawaii with mid-continent and destinations in Canada and Mexico. Alaska Airlines received J.D. Powers' “Highest in Customer Satisfaction Among Traditional Carriers” recognition for twelve years in a row even recently winning first in all but one of the seven categories. A large part of the credit belongs to their software testing team. Their industry-leading, proactive approach to disrupting the traditional software testing process ensures that testers can test faster, earlier, and more completely. Learn how Ryan Papineau and his team used advanced automation in concert with service virtualization to rigorously test their complex flight operations manager software. The result: operations that run smoothly— even if they encounter a snowstorm in July. RELIABLE & ON-DEMAND FALSE REPEATABLE TESTS AUTOMATED TEST CASES POSITIVES 100欥 500 ELIMINATED 2 Case Study Testing the Untestable Alaska Airlines Solves the Test Environment Dilemma THE CHALLENGES At Alaska Airlines, the flight operations manager software is ultimately responsible for transporting 46 million customers to 115 global destinations via approximately 440,000 flights per year, safely and efficiently. This software coordinates a highly complex set of inputs from systems around the organization to ensure flights are on time while evaluating and managing fuel, cargo, baggage, and passenger requirements. In addition to the previously mentioned requirements, the system considers many factors including weather, aircraft characteristics, market, and fuel costs.
    [Show full text]
  • Parasoft Named an Omnichannel Functional Test Automation Leader
    Parasoft Corp. Headquarters 101 E. Huntington Drive Monrovia, CA 91016 USA www.parasoft.com [email protected] Press Release Parasoft Named an Omnichannel Functional Test Automation Leader, Recognized by major analyst firm for Impressive Roadmap Parasoft shines in evaluation specifically around effective test maintenance, strong CI/CD and application lifecycle management (ALM) platform integration MONROVIA (USA) – July 30, 2018 – Parasoft, the global leader in automated software testing, today announced its position as a leader in The Forrester Wave™: Omnichannel Functional Test Automation Tools, Q3 2018, where it received the highest scores possible in the API Testing and Automation and Product Road Map criteria. The report notes Parasoft’s “impressive and concrete road map to increase test automation from design to execution, pushing autonomous testing.” Parasoft will be showcasing its technology and discussing the future of testing in an upcoming webinar, The Future of Test Automation: Next- Generation Technologies to Use Today on August 23rd. To register, click here. According to the report, conducted by Forrester’s Diego Lo Giudice, “Parasoft shined in our evaluation specifically around effective test maintenance, strong CI/CD and application lifecycle management (ALM) platform integration, as well as reporting through its analytics system PIE. Clients like the recent changes, and all reference customers reported achieving test automation of more than 50% in the past 12 months.” After examining past research, user need assessments, and vendor and expert interviews, Forrester evaluated 15 omnichannel functional test automation tool vendors across a comprehensive 26-criteria to help organizations working on enterprise, mobile, and web applications select the right tool.
    [Show full text]
  • Devsecops DEVELOPMENT & DEVOPS INFRASTRUCTURE
    DevSecOps DEVELOPMENT & DEVOPS INFRASTRUCTURE CREATE SECURE APPLICATIONS PARASOFT’S APPROACH - BUILD SECURITY IN WITHOUT DISRUPTING THE Parasoft provides tools that help teams begin their security efforts as DEVELOPMENT PROCESS soon as the code is written, starting with static application security test- ing (SAST) via static code analysis, continuing through testing as part of Parasoft makes DevSecOps possible with API and the CI/CD system via dynamic application security testing (DAST) such functional testing, service virtualization, and the as functional testing, penetration testing, API testing, and supporting in- most complete support for important security stan- frastructure like service virtualization that enables security testing be- dards like CWE, OWASP, and CERT in the industry. fore the complete application is fully available. IMPLEMENT A SECURE CODING LIFECYCLE Relying on security specialists alone prevents the entire DevSecOps team from securing software and systems. Parasoft tooling enables the BENEFIT FROM THE team with security knowledge and training to reduce dependence on PARASOFT APPROACH security specialists alone. With a centralized SAST policy based on in- dustry standards, teams can leverage Parasoft’s comprehensive docs, examples, and embedded training while the code is being developed. ✓ Leverage your existing test efforts for Then, leverage existing functional/API tests to enhance the creation of security security tests – meaning less upfront cost, as well as less maintenance along the way. ✓ Combine quality and security to fully understand your software HARDEN THE CODE (“BUILD SECURITY IN”) Getting ahead of application security means moving beyond just test- ✓ Harden the code – don’t just look for ing into building secure software in the first place.
    [Show full text]
  • A Brief History of Parasoft Jtest
    A Brief History of Parasoft Jtest The static analysis technology for Jtest is invented The test generation technology for Jtest is invented The patent for Jtest’s test generation technology is First public release filed The patent for Jtest’s static analysis technology is filed Jtest patents awarded Jtest TM awarded Jtest introduces security rule set Jtest wins Best in Show at DevCon Jtest wins Software Magazine’s Productivity award Jtest nominated for JavaWorld Editors’ Choice awards Jtest becomes first product to use Design by Contract (Jcontract) comments to verify Java Automated JUnit test case generation is introduced classes/components at the system level Jtest wins Jolt Product Excellence Award Jtest wins Writer’s Choice Award from Java Report Jtest Tracer becomes the first tool to generate Jtest wins Software Business Magazines’s Best functional unit test cases as the user exercises the Development Tool Award working application Jtest wins Software and Information Industry Association’s Codie award for Best Software Testing Jtest wins JDJ Editors’ Choice Award Product or Service Jtest wins Software Development Magazines’s Jtest receives “Excellent” rating from Information World Productivity Award Jtest security edition released Flow-based static analysis is introduced Automated peer code review is introduced Cactus test generation is introduced Jtest is integrated into Development Testing Platform Jtest wins InfoWorld’s Technology of the Year award (DTP) Jtest wins Codie award for Best Software Testing DTP static analysis components
    [Show full text]
  • Inovytec Achieves FDA Certification with Customized Static Code Analysis Solution Case Study Leading Insurance Company Modernizes Applications with Software Testing
    CASE STUDY Inovytec Achieves FDA Certification With Customized Static Code Analysis Solution Case Study Leading Insurance Company Modernizes Applications With Software Testing OVERVIEW Inovytec is an innovative medical device company that develops cutting- edge solutions for respiratory and cardiac failures. During the COVID-19 crisis, Inovytec has been a vital supplier of ventilators around the world, delivering critical care to patients suffering respiratory symptoms from the contagious disease. The embedded development team at Inovytec delivers medical devices with safety-critical software like the Ventway Sparrow, which is a groundbreaking family of transport and emergency ventilators designed to stand up to the harshest of conditions while providing reliable high- performance ventilation at all times. 100% FDA 510(k) Certification Rules & Guidelines 2 Case Study Leading Insurance Company Modernizes Applications With Software Testing CHALLENGE On a mission to deliver clean code and be compliant with the FDA 510(k) regulation inspection, Inovytec started using Parasoft's C/C++ static code analysis solution. APPROACH To satisfy the FDA 510(k) certification, the embedded software development team customized a set of rules in Parasoft C/C++test to the standard. "Every time we are going to release a new software version of the Ventway Sparrow ventilator, we make sure that the static analysis from Parasoft is configured to run according to the FDA regulation definitions. We not only noticed improvements in code quality, but C/C++test has really helped us in our static analysis verification activities and goal of achieving FDA 510(k) certification,” said Roi Birenshtok, solution architect and team leader of embedded software.
    [Show full text]
  • Parasoft Named a Leader in 2020 Continuous Functional Test
    Parasoft Corp. Headquarters 101 E. Huntington Drive Monrovia, CA 91016 USA www.parasoft.com [email protected] Press Release Parasoft Named a Leader in 2020 Continuous Functional Test Automation in Independent Research Report Parasoft's Suite of Software Testing Tools With Added Smarts Recognized Monrovia (USA)/Berlin, 23 June 2020 — Parasoft, the global leader in automated software testing for over 30 years, today announced it has been named a Leader in The Forrester Wave™: Continuous Functional Test Automation Suites, Q2 2020, conducted by Forrester Research. Parasoft’s functional testing suite, including SOAtest, Virtualize, and Selenic, was included in Forrester’s evaluation process. According to the report, "Parasoft’s continuous testing shines in API testing, service virtualization and integration testing, and the combined automation context. Finally, Parasoft has very strong continuous integration/continuous delivery (CI/CD) and application lifecycle management (ALM) platform integration as well as reporting through its analytics system PIE (Process Intelligence Engine)." Forrester evaluated the 15 most significant continuous functional test automation (CFTA) providers. They researched, analyzed, and scored each one using their 26-criterion evaluation. In the report, Parasoft is recognized as the "go-to testing platform for developers and still is one of their preferred choices," while also adding capabilities targeted for less technical teammates. "We're honored to be recognized by Forrester as a leader in this evaluation. We believe this acknowledgment demonstrates our continued commitment to bring innovations that drive high levels of test automation and build long- standing partnerships with our clients," said Elizabeth Kolawa, President and CEO of Parasoft. Parasoft continues to invest in enhancements for their automated testing tools.
    [Show full text]
  • Accelerate Software Innovation Through Continuous Quality
    Accelerate Software Innovation Through Continuous Quality 1 Software quality is recognized as the #1 issue IT executives are trying to mitigate. Enterprise organizations strive to accelerate the delivery of a compelling user experience to their customers in order to drive revenue. Software quality is recognized as the #1 issue IT executives are trying to mitigate. QA teams know they have issues and are actively looking for solutions to save time, increase quality, improve security, and more. The most notable difficulties are in identifying the right areas to test, the availability of flexible and reliable test environments and test data, and the realization of benefits from automation. You may be facing many challenges with delivering software to meet the high expectations for quality, cost, and schedule driven by the business. An effective software testing strategy can address these issues. If you’re looking to improve your software quality while achieving your business goals, Parasoft can help. With over 30 years of making testing easier for our customers, we have the innovation you need and the experience you trust. Our extensive continuous quality suite spans every testing need and enables you to reach new heights. 3 QUALITY-FIRST APPROACH You can’t test quality into an application at the end of the software development life cycle (SDLC). You need to ensure that your software development process and practices put a priority on quality- driven development and integrate a comprehensive testing strategy to verify that the application’s functionality meets the requirements. Shift testing left to the start of your development process to bring quality to the forefront.
    [Show full text]
  • Guidelines on Minimum Standards for Developer Verification of Software
    Guidelines on Minimum Standards for Developer Verification of Software Paul E. Black Barbara Guttman Vadim Okun Software and Systems Division Information Technology Laboratory July 2021 Abstract Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, 12 May 2021, di- rects the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommen- dations for software verification techniques as well as providing supplemental information about the techniques and references for further information. It recommends the following techniques: • Threat modeling to look for design-level security issues • Automated testing for consistency and to minimize human effort • Static code scanning to look for top bugs • Heuristic tools to look for possible hardcoded secrets • Use of built-in checks and protections • “Black box” test cases • Code-based structural test cases • Historical test cases • Fuzzing • Web app scanners, if applicable • Address included code (libraries, packages, services) The document does not address the totality of software verification, but instead recom- mends techniques that are broadly applicable and form the minimum standards. The document was developed by NIST in consultation with the National Security Agency. Additionally, we received input from numerous outside organizations through papers sub- mitted to a NIST workshop on the Executive Order held in early June, 2021 and discussion at the workshop as well as follow up with several of the submitters. Keywords software assurance; verification; testing; static analysis; fuzzing; code review; software security. Disclaimer Any mention of commercial products or reference to commercial organizations is for infor- mation only; it does not imply recommendation or endorsement by NIST, nor is it intended to imply that the products mentioned are necessarily the best available for the purpose.
    [Show full text]
  • Parasoft Soatest the INDUSTRY-LEADING API TESTING SOLUTION
    Parasoft SOAtest THE INDUSTRY-LEADING API TESTING SOLUTION TRY IT Mitigate the risk of Reduce the cost of developing high-quality software, without sacrificing time-to-market: Get a free trial of Parasoft accelerated delivery with SOAtest and start testing. efficient end-to-end test CONTINUOUS TESTING automation. Automate the execution of API, performance, https://software.parasoft.com/soatest and security tests as part of your continuous Parasoft SOAtest helps cut through the delivery pipeline, leveraging CI infrastructure complexity of testing omni/multi-channel such as Jenkins, Bamboo, TeamCity, and API TESTING FOR applications. It extends API testing with VSTS, to provide a faster feedback loop ENTERPRISE AND automation and mitigates the cost of for test development and management. re-work by proactively adjusting your EMBEDDED library of tests as services change. AGILE Accelerate the feedback process required SOAtest efficiently transforms your in Agile methodology, by associating test existing test artifacts into security and • Automate complex scenarios cases with work items and integrating test performance tests, to increase re-usability across multiple endpoints (services, results with your requirements and issue and reduce redundancy, all while building databases, mobile, web UI, sensors, management systems, such as Jira, to a foundation of automated tests that ESBs, mainframes, etc.) from a single continuously validate your level of risk. intuitive user interface can be executed as part of Continuous Integration and DevOps
    [Show full text]