SOA Required Trust— Require Integrity Arthur Hicken – Parasoft Evangelist

ITEA – November 2013

Parasoft Proprietary and Confidential 1 About Parasoft

World Renowned for Automated Defect Prevention

26 Yrs Founded in 1987

Highly Privately held Focused No debt, No VCs

>2,500 Customers worldwide

Years of profitable growth 26 Years of innovation and customer value

28 Patents associated with quality

Parasoft Proprietary and Confidential 2 Software Drives Innovation

Software is the interface Switching costs Damages associated to business and the force associated with software with software failure are behind innovation are dramatically lower increasing and very real

Parasoft Proprietary and Confidential 3 Faulty Software Impacts the C-Level

After a rash of software failures and security breaches left Sony’s gaming services down for weeks, analysts called for the ousting of the Sony CEO.

http://news.cnet.com/8301-13506_3-57369469-17/why-sony-needed-to-swap-out-its-ceo/

Parasoft Proprietary and Confidential 4 Liquid Capital to Cover System Outages

System faults can impact credit ratings for stock exchanges and financial institutions.

Financials must maintain adequate liquid capital to cover losses caused system disruptions.

http://www.standardandpoors.com/ratings/articles/en/us/?articleType=HTML&assetID=1245357558044

Parasoft Proprietary and Confidential 5 Global Exchange Issues

March 2012 BATS Global Markets A system malfunction due to a software bug caused BATS to stop its own IPO. May 2012 NASDAQ OMX A technical malfunction in software and infrastructure delayed the Facebook IPO opening. The glitch resulted in more than $500 million in trading losses across major trading firms. May 2012 Deutsche Boerse Failure in the Xetra system caused a 1.5-hour trading outage affecting stocks and exchange-traded funds. August 2012 Bolsas y Mercados Españoles A communication server failure caused a four-hour outage. The shutdown affected two multilateral trading platforms that NYSE Euronext operates. August 2012 NASDAQ OMX The PHLX opening was delayed due to issues with floor-based systems. August 2012 Tokyo Stock Exchange An outage halted derivatives trading for 1.5 hours. An error occurred on the exchange’s Tdex+ system used for trading of options and futures. August 2012 Indonesia Stock Exchange Trading was delayed after almost a third of the members failed to connect to the exchange’s system. October 2012 All major U.S. stock and option exchanges Hurricane Sandy shut trading on all major exchanges for two days. November 2012 NYSE Euronext Matching engine outages halted trading in 216 symbols. January 2013 NYSE Euronext A trade and quote publishing outage caused duplicate trade reports. January 2013 London Stock Exchange Technical issues delayed the release of many company announcements by 90 minutes. March 2013 NYSE Euronext An outage caused routing issue for NASDAQ-listed symbols. March 2013 NYSE Euronext There were display device issues. March 2013 NYSE Euronext There were engine queuing issues. March 2013 Osaka Securities Exchange There was an Osaka Securities Exchange outage on NASDAQ OMX Group technology platform. April 2013 Chicago Board Options Exchange A software malfunction shut down trading for 3.5 hours. April 2013 Exchange A technical outage delayed dealing in derivatives contracts for up to three hours. June 2013 NYSE Euronext Trading started an hour late in Paris, Amsterdam, Brussels, and Lisbon due to technical problems. July 2013 Exchange Trading was halted for two hours due to an unspecified connectivity issue. August 2013 BATS Global Markets An internal network issue caused a 50-minute outage on BZX. August 2013 Deutsche Boerse Eurex Exchange halted trading in derivatives for one hour due to an incorrect time sync with the system clock. August 2013 Direct Edge Trading and processing shut down for symbols SPYV and TNC, leading to trade cancellations. August 2013 NASDAQ OMX Due to a connectivity issue between an exchange participant and the UTP securities information processors (SIP), trading and quote data dissemination was suspended via the SIP and all trading in all NASDAQ-listed securities was halted marketwide. August 2013 Tel Aviv Stock Exchange A typo sent Corp. stock plummeting 99.9% and caused a halt in trading.

Parasoft Proprietary and Confidential 6 Faulty Program = Employee Suspension

The system used to price equity options delivered orders with inaccurate price limits to exchanges.

After discovering that a programming error caused the issue, four senior programmers were placed on leave.

http://www.bloomberg.com/news/2013-08-25/goldman-sachs-puts-four-on-leave-after-options-error-ft-reports.html

Parasoft Proprietary and Confidential 7 Software Failures = Headlines

Financial Airlines/Aero Government Media Internet/Tel

Automotive Technology Retail

Parasoft Proprietary and Confidential 8 Parasoft 10 Second Survey

Parasoft Proprietary and Confidential 9 Parasoft 10 Second Survey

Parasoft Proprietary and Confidential 10 Parasoft 10 Second Survey

If an API did not meet your expectations in the past, would you consider using it again in the future? 93%

Parasoft Proprietary and Confidential 11 Parasoft 10 Second Survey

Parasoft Proprietary and Confidential 14 API and Service Sprawl

PaaS partner APAC APIs for Global HQ business core business APIs for main partner functions financial APIs functions

Partner APIs for manufacturing

US HQ Internal APIs for operations

Public API FedEx “global “Shipping weather” US domestic API” manufacturing APIs

Parasoft Proprietary and Confidential 15 Top Threats to API Integrity

Parasoft Proprietary and Confidential 16 API Platform

Environments Environments Proxies TSTs PVAs Data Sets Data Sets Performance Profiles

Performance Profiles

PVAs Test Environments Data Sets Performance Profiles Load “Bursting”

Parasoft Proprietary and Confidential 17

Service Virtualization simulated dev / test environment allowing you to test anytime or anywhere

Parasoft Proprietary and Confidential 18 Test Environment Access

Complex

Mainframe

External Database Cloud ERP App Message Queue External Application Web Server

Configuration Internal Database ESB

Internal Application 3rd Party Service Internal Service

Simple Difficult Test Access

Parasoft Proprietary and Confidential 19 : How does it work?

Application Under Test 1 Define Monitors

Database

2 Capture Mainframe

Application

Service Traffic Logs

3 Create Server

Desktop 4 Deploy

Virtualize SME

Parasoft Proprietary and Confidential 20 Parasoft Virtualize: How does it work?

Application Under Test

Database

Consume 6 Mainframe

Application

5 Provision Environment Manager Service

Server

Parasoft Proprietary and Confidential 21 SOAtest and Virtualize Together

Database Validation Application Under Test

Application Dependency

Environment Manager Validation Server

Parasoft Proprietary and Confidential 22 Rapid Environment Access

Parasoft Proprietary and Confidential 23

Schema Validity

API Versioning

Performance Testing

Security Testing

System Simulation

Test artifact reuse

Environment Management

Parasoft Proprietary and Confidential 24 API Integrity Maturity Model

Parasoft Proprietary and Confidential 25 Conclusions

. Optimized environment for goal-oriented, business-driven scenarios significantly reduces application risk. . Test scenarios are reused as components of complex end-to- end transactions. . Consistent, continuous environment access enables more extensive and accurate testing to occur with or without access to a staged test environment. . A Center of Excellence is established to optimize and manage policies, procedures, and standards.

Parasoft Proprietary and Confidential 26 .Email: [email protected] .Web: http://parasoft.com .Blog: http://alm.parasoft.com .Social

. Facebook: https://www.facebook.com/parasoftcorporation

. Twitter: @Parasoft @MustRead4Dev @CodeCurmudgeon

. LinkedIn: http://www.linkedin.com/company/parasoft . Google+ Community: Static Analysis for Fun and Profit

Parasoft Proprietary and Confidential 27