|
Static analysis success involves not just source code analyzer tools, but also careful tool configuration and a productive, non-disruptive workflow for ingraining static analysis tools into your process.
This page provides centralized access to Parasoft’s static analysis articles, static analysis white papers, and static analysis case studies related to security and quality. It also provides an overview of Parasoft’s static code analysis capabilities and static analysis tools & solutions.
- Security Code Audits: Static Analysis and Beyond,, Software Test & Performance
Introduces best practices for applying security static analysis, data flow analysis, penetration testing, and workflow optimization to bake security into the application development process.
- Static Analysis at the End of the SDLC Doesn't Work, SearchSoftwareQuality.com
Explains the importance of ensuring that code is built according to the organization's expectations—ather than trying to tack on security and quality at the end of the process.
- Building Security into Software with Security Policies & Static Analysis, JDJ
Discusses why the most effective security efforts define a policy that details security requirements, then use static analysis to verify that the policy is implemented in the code.
- Software Quality Needs to be a Continuous Process, SearchSoftwareQuality.com
Explains how establishing a continuous process that helps the team build quality and security into the software not only reduces defects and debugging, but also optimizes QA time and significantly improves team productivity.
- Wipro
To remain competitive, Wipro launched an initiative to establish a more efficient and cost-effective way to maintain the
exceptional quality standards that they pride themselves on. Find out how Parasoft's static analysis helped them automate application and
monitoring of their internal quality policies—and achieve a 25% reduction in testing time and effort.
- NEC
NEC Telecom Software Philippines (NSP) needed an alternative to manual code review and unit testing in order to comply with
internal quality initiatives while working under a tight schedule. Find out how Parasoft's static analysis helped them streamline their
internal quality processes to more efficiently satisfy quality initiatives.
- Intermoco
Intermoco's engineering organization is responsible for both the "server side" (or database) activities associated with its
network operations center as well as "embedded" solutions associated with metering and communication units in the field. Learn how Parasoft's static analysis helped them save two months on a project—enabling them to reduce it from 6 months
to 4 months
- Cisco Systems
To comply with corporate quality and security initiatives, Cisco Systems adopted static analysis, unit testing and
code review. Learn how they automated these practices and seamlessly integrated them into their existing processes
to deliver compliant code without impeding productivity.
Parasoft's static analysis helps developers eliminate and prevent the industry’s broadest range of security and reliability defects—with unparallelled precision and flexibility.
Our industry-leading static analysis engine, knowledge base, and workflow have been optimized over 15 years of R&D—as well as extensive experience helping over half of the Fortune 500 companies deliver better software faster. Leverage this expertise to ensure that your static analysis efforts are both successful and sustainable.
Static Code Analysis
Parasoft's pattern-based static code analysis monitors whether code follows industry-standard or customized rules for ensuring that source code meets uniform expectations around security, reliability, performance, and maintainability. Over 15 years of research and development have gone into optimizing Parasoft's patented static code analysis engine. Although the power of the static code analysis is the combination of analysis engine technology and the strength and flexibility of the rule library, our engine uses various static code analysis techniques to optimize the analysis and reports. Our static code analysis solutions feature:
- A centralized, integrated system for automated monitoring of code compliance across heterogeneous environments (Java, C/C++, C#, VB.NET, JavaScript, etc.), core industry standards (WS-*, Section 508, FDA, PCI, MISRA, etc.), and organization-specific policies (security, branding, etc.).
- Rule sets that are the most comprehensive in the industry and are constantly being extended.
- Instant assessments of quality defects as well as security vulnerabilities such as:
- Input-based attacks
- Backdoor vulnerabilities
- Unsafe environment configuration
- Weak security controls
- Deadlocks and race conditions
- Erratic application behavior
- Unsafe error handling and logging
- Exposing sensitive data
- Customizable issue prioritization to ensure that the most critical issues are addressed in a timely manner.
- Automated refactoring to correct many identified violations.
- The ability to graphically define and automatically check custom rules that prevent application-specific errors from reoccurring and monitor adherence to organization-specific policies.
Data Flow Static Analysis
Parasoft's data flow static analysis provides automated detection of runtime errors without requiring the software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find.
We statically simulate application execution paths which may cross multiple units, components, and files to identify paths that could trigger runtime errors such as:
- C and C++: Using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code.
- .NET: NullReferenceExceptions, ArgumentNullExceptions, resource leaks, division by zero, dereferencing before checking for null, SQL injections, XSS, and other security vulnerabilities.
- Java: NullPointerExceptions, resource leaks, accessing arrays out of bounds, unvalidated input in array indexes, incorrect Iterator usage, division by zero, SQL injections, XSS, and other security vulnerabilities.
To simply defect analysis, a complete analyzed path trace for each potential defect is reported in the IDE, and automatic cross-links to code help users quickly jump to any point in the highlighted analysis path.
This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.
Code Metrics Analysis
Parasoft calculates various metrics for your code to help you assess your code base and monitor changes. Code metrics calculation identifies brittle or overly-complex code that could impede agility or reuse. It also helps you better understand code complexity and assess the potential impacts of an anticipated code change. This enables you to make more informed decisions as to how to modify, refactor, and test it. In addition to reporting calculations for industry-standard metrics such as Inheritance Depth, Lack Of Cohesion, Cyclomatic Complexity, Nested Blocks Depth, Number Of Children, we enable you customize the acceptable thresholds for each metric, then alert you when metrics are outside of the prescribed range. Leveraging this automation, team resources are freed to focus on analyzing and improving the problematic code– tasks that truly require human intelligence.
Parasoft’s static analysis technology is featured in our tool and solutions for:
- Static Code Analysis Blog: Static Analysis Best Practices
Provides resources related to static analysis, including static code analysis, data flow static analysis, and code metrics. It also presents industry-recognized coding guidelines and covers best practices for static code analysis tools/source code analyzers.
- Static Code Analysis for Security
Provides resources related to using static analysis to identify and prevent security vulnerabilities.
|
