testing for java platform parasoft jtest static ... · automatically generate complete tests,...

*

Parasoft Jtest Static Application Security Testing for Java Platform

*

Parasoft & E-SPIN

© E-SPIN Group. All Right Reserved.

ParasoftParasoft (officially Parasoft Corporation) is an independent software vendor with headquarters in Monrovia, California, USA. It was founded in 1987. The most recent awards/recognitions received were being named "leader" in Forrester's Functional Test Automation Tools evaluation, Jolt Grand Prize Award for Parasoft Virtualize, Parasoft's service virtualization technology and the Embeddy Award for most cutting edge product for embedded software developers & engineers.

Parasoft develops automated defect prevention technologies that support the Automated Defect Prevention methodology.These technologies automate a number of defect prevention practices for Java, C and C++, and .NET. The static code analysis practice identifies coding issues that lead to security, reliability, performance, and maintainability issues later on. The original static analysis technology has been extended to include security static analysis, data flow analysis, and software metrics. Company also possess technology that automatically generates unit test cases, now has been extended to include code coverage analysis, regression testing, and traceability. The peer code review practice involves manually inspecting source code to examine algorithms, review design, and search for subtle errors that automated tools cannot detect. Although the peer inspection itself cannot be automated, peer code reviews preparation, notification, and tracking can be automated.

For cloud, SOA, APIs, and enterprise IT environments, Parasoft technologies automate practices such as API testing, integration testing, system testing, load testing, and penetration testing.

Parasoft also develops memory error detection technology that finds run-time errors in C and C++ programs.

For service virtualization, Parasoft technologies are used to automatically capture and emulate dependent system behavior of mainframes, third-party components, or any system component that is unavailable or difficult to access for development and testing purposes.

E-SPIN and ParasoftE-SPIN have actively in promoting Parasoft full range of products and technologies since 2016 as part of the company Security, Vulnerability Management, Application Security, Software Assessment, Application Lifecycle Management (ALM) solution portfolio. E-SPIN is active in provide consulting, supply, training and maintaining Parasoft products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do businesses. The enterprise range from university, corporate, government agencies to IT security professionals / analysts, developer on the application security or cyber security / cyber warfare /military defense applications.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

The following content is dynamic prepare and sort based on newest date to show first, and old content auto push behind. Please surf in the backward manner for content you look for.

*

Parasoft Jtest


Parasoft JtestParasoft® Jtest® is an integrated Development Testing solution for automating a broad range of practices proven to improve development team productivity and software quality. Jtest also seamlessly integrates with Parasoft SOAtest, which enables end-to-end functional and load testing for complex distributed applications and transactions.

Capabilities

STATIC ANALYSIS

● Broad support for languages and standards: Security | C/C++ | Java | .NET | FDA | Safety-critical● Static analysis tool industry leader since 1994● Simple out-of-the-box integration into your SDLC● Prevent and expose defects via multiple analysis techniques● Find and fix issues rapidly, with minimal disruption● Integrated with Parasoft's suite of development testing capabilities, including unit testing, code coverage

analysis, and code review

*

Parasoft Jtest


CODE COVERAGE ANALYSIS

● Track coverage during unit test execution and the data merge with coverage captured during functional and manual testing in Parasoft Development Testing Platform to measure true test coverage.

● Integrate with coverage data with static analysis violations, unit testing results, and other testing practices in Parasoft Development Testing Platform for a complete view of the risk associated with your application

● Achieve test traceability to understand the impact of change, focus testing activities based on risk, and meet compliance objectives.

*

Parasoft Jtest


UNIT TESTING

● Unit testing industry leader since 1997● Rapidly build a high-coverage test suite● Easily extend and customize generated tests● Expose functional problems and crash-causing defects● Remove barriers to creating/maintaining robust test suites● Integrated with static analysis, code review — more

*

Parasoft Jtest


TRACEABILITY

Bidirectional requirements traceability with Parasoft

● Take control of requirements definition, management and testing● Link requirements with code, code changes, code analysis, manual and automated tests● Prevent unexpected changes and regression● Satisfy industry standard requirements, such as FDA, DO-178C and ISO 26262.

*

Parasoft Jtest


RUNTIME ERROR DETECTION

● Expose critical defects as the application is exercised● Works from unit testing through application/system testing● Reports only defects that actually occur● Lightweight and suitable for embedded testing● Integrated with static analysis, unit testing, code review & more

Infrastructure Support

● Eclipse IDE● IntelliJ IDEA● IBM Rational Application

Developer● Ant● Maven● Gradle● Jenkins● CruiseControl

Operating System

● Windows● Red Hat Enterprise

Linux● Mac OS● Solaris (SPARC)

Supported Environments

*

Parasoft Jtest


Coding Standards

CODING STANDARDS COMPLIANCE WITH PARASOFT

Parasoft’s code analysis monitors whether code meets uniform expectations around security, reliability, performance, and maintainability. We provide a foundation for producing solid code by exposing structural errors and preventing entire classes of errors. An automated framework is provided to ensure consistency across development languages, development teams, and third-party partners.

Parasoft uses a blended approach to implementing coding standards that includes:

● prevention patterns● bug detection patterns● code metrics patterns● runtime error detection

REDUCE NOISE WITH PROCESS INTELLIGENCE

Parasoft merges analysis results with data generated throughout the development lifecycle to deliver meaningful, actionable information. This enables you to eliminate false positives, pinpoint business risk in the code, and incrementally improve processes that result in more faster delivery without affecting quality.

TYPES OF DEFECTS DETECTED

● API usage errors● Best practice coding errors● Build system issues● Buffer overflows● Class hierarchy inconsistencies● Code maintainability issues● Concurrent data access violations● Control flow issues● Cross-site scripting (XSS)● Cross-site request forgery (CSRF)● Deadlocks● Error handling issues● Hard-coded credentials● Incorrect expression● Insecure data handling

● Integer handling issues● Integer overflows● Memory – corruptions● Memory – illegal accesses● Null pointer dereferences● Path manipulation● Performance inefficiencies● Program hangs● Race conditions● Resource leaks● Rule violations● Security best practices violations● Security misconfigurations● SQL Injection● Uninitialized members

*

Parasoft Jtest


Application Security

security Parasoft enables development teams to build security into your application by facilitating code-hardening practices based on accepted industry standards, such as OWASP Top 10, CWE/SANS Top 25, and PCI DSS. Defend your software from security breaches and cyberattacks by preventing vulnerabilities where they occur--in the source code.

FDA and Medical Device Software Development

FDA Parasoft Development Testing Platform (DTP) for medical device software development helps organizations achieve compliance with submitted and approved processes. Parasoft DTP also assists organizations to continuously improve software quality practices as documented by the General Principles of Software Validation.

PCI DSS Compliance

Security02_PCI Parasoft's unique automated infrastructure unobtrusively drives the development process to help you achieve Payment Card Industry Data Security Standards (PCI DSS) compliance.

CWE Compliance

CWE Parasoft supports the Common Weakness Enumeration (CWE) guidelines with dedicated code analysis configurations that map to best practices outlined in the standard.

DISA STIG Compliance

US_Defense_Information_Systems Ensure that your development processes and resulting code meet the Defense Information System Agency's (DISA) Security Technical Information Guides (STIG), which defines how applications should be developed to meet the U.S. governments cybersecurity standards.

*

Parasoft Jtest


Why Jtest

Comprehensive Code Quality Tools for Java Development

Jtest helps development teams produce better code, test it more efficiently, and consistently monitor progress toward quality goals. Automate proven Development Testing practices—such as static analysis, unit testing, metrics analysis, coverage analysis, and runtime error detection—on the desktop early in the SDLC. This helps the team identify and fix problems as soon as they are introduced.

*

Parasoft Jtest


Advanced Code Analysis

Continuous “on-the-fly” static analysis automatically checks code against hundreds of built-in or custom rules as developers review, add, and modify code. This helps eliminate entire classes of programming errors by establishing preventive coding conventions, while facilitating regulatory compliance (FDA, PCI, etc.)—ensuring that code meets uniform expectations around security, reliability, performance, and maintainability.

*

Parasoft Jtest


Unit, Integration, and Regression Testing

Automatically generate complete tests, including test drivers and test cases for individual functions, and use them for initial validation of the code’s functional behavior. A multi-metric coverage analyzer enables you to assess test suite efficacy and completeness—helping you demonstrate compliance with test and validation requirements. Jtest also generates and executes regression test cases to detect if incremental code changes break existing functionality or impact application behavior.

Find Runtime Bugs without Executing Software

Automatically exposes defects that occur as the application is exercised, including race conditions, exceptions, resource and memory leaks, and security attack vulnerabilities. Jtest also provides a complete path for each potential defect in the IDE and cross-links it to the code, enabling users to quickly jump to any point in the highlighted analysis path.

*

E: [email protected]: http://www.e-spincorp.com

E-SPIN is the leading technology solution and outsourcing vendor in providing enterprise solutions consulting, buying facilitation, network and system integration, software development and customization, product training and certification testing, share service and outsourcing.

More information available atwww.e-spincorp.com

E-SPIN SDN BHDE-SPIN INTERNATIONAL PTE LTDE-SPIN INTERNATIONAL LIMITED

MalaysiaNo. 21-2, Jalan PJU 8/3B,Perdana Business Centre,Damansara Perdana47820 Petaling Jaya, SelangorMalaysiaTel: +603 2168 3687 / +603 7728 2866

Hong KongHong Kong IslandRoom 1104, Crawford House, 70 Queen Road Central, Central,Hong KongTel: +852 2165 4773, +852 8199 9799

Singapore10 Anson Road#18-17 International PlazaSingapore 079903Tel: +65 6223 2069 / +65 3158 2203

IndonesiaOffice 8, Level 18-A, Jalan Jend Sudirman Kav. 52-53Sudirman Central Business District (SCBD)Jakarta SelatanDaerah Khusus Ibukota Jakarta 12190IndonesiaTel: +6221 2960 8334

Thailand195 Unit 4703, 47th Floor, Empire Tower,South Sathorn Road, Yannawa, Sathorn, Bangkok 10120ThailandTel: +66 60 002 4168

China15/F L`Avenue, 99 Xianxia Road, Chang Ning District, Shanghai 200051 ChinaTel: +86 21 60577047

PhilippinesPenthouse Level, Mavenue Building,7844 Makati Avenue,Makati City, Metro Manila,1209 PhilippinesTel: +63 (2) 9170256

testing for java platform parasoft jtest static ... · automatically generate complete tests,...

Documents