Parasoft Advances Static Analysis for Security, Accelerates Desktop Analysis , January 2012

Parasoft Jtest's expanded software security assurance, paired with workflow optimization, helps developers find and fix critical defects faster.

4 Software Quality Predictions for 2012 , January 2012

Read Arthur Hicken's predictions re: SQL injection, cloud quality, component testing, Kindle Fire caching testing.

Input Validation: Immunity Against Web Attacks , September 2011

Explains how to prevent injection attacks by using input validation and static analysis to build security into your application.

Static Analysis for Secure Application Development , July 2011

Introduces Parasoft's static analysis capabilities for secure application development.

Foundations of Secure Application Development , December 2010 - 44 KB PDF

Explains why approaching security as a bug-finding exercise is risky and inefficient, and then explains how to make your web sites immune to attacks —including the SQL injections, Lizamoon mass injections & mesh injections.

Success with Static Analysis for Security: Why Code Audits Fail , Parasoft White Paper, August 2010

Explains why and how to apply static analysis tools in the context of a policy-based security process that not only prevents security vulnerabilities, but also focuses on SDLC productivity.

Establishing a Continuous Process for PCI DSS Compliance , Parasoft White Paper, June 2010

Details how Parasoft reduces the time and cost of PCI DSS compliance.

Cisco Case Study , April 2010 - 459 KB PDF

To comply with corporate quality and security initiatives, Cisco Systems adopted static analysis, unit testing and code review. Learn how they automated these practices and seamlessly integrated them into their existing processes to deliver compliant code without impeding productivity.

MedicAlert Case Study , July 2009 - 100 KB PDF

MedicAlert needed to accelerate its ability to roll out new services in a secure and effective fashion. Learn how they established a process for managing the functional, security, and performance testing challenges associated with their new capabilities and offerings.

Secure Application Development Solution , July 2009

Introduces the Secure Application development solution, which establishes a continuous process that ensures security verification and remediation tasks are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow.

Security Code Audits: One Size Does Not Fit All , Software Test & Performance, April 2009 - 628 KB PDF

Introduces best practices for applying security static analysis, data flow analysis, penetration testing, and workflow optimization to bake security into the application development process.

Parasoft Application Security Solution Wins TechWeb’s Jolt Excellence Award , March 2009

Parasoft announced that Parasoft’s Application Security Solution was chosen as the winner in the “Security” category of TechWeb’s Jolt Awards.

Parasoft Secure Application Development Solution Sheet , January 2009

This solution sheet introduces Parasoft's Secure Application Development solution, which establishes a continuous process that ensures security verification and remediation tasks are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow.

Static Analysis, Security Failure , Software Test & Performance, October 2008

Discusses why a policy-based approach is the secret to success with static analysis.

Rethinking Application Security , Artima, May 2008

For developers to work effectively in a security-conscious environment, addressing security-related coding issues must be integrated in developers' daily workflow.

Building Security into Software with Security Policies & Static Analysis , Java Developer's Journal, February 2008

Discusses why the most effective security efforts define a policy that details security requirements, then use static analysis to verify that the policy is implemented in the code.

SOA Best Practices - Four Steps to Securing Your Web Services , SOA World Magazine, May 2007

Details practices for ensuring Web service security throughout the SDLC.

How to Build Secure, Reliable & Compliant Web 2.0 Applications , April 2007

Learn pragmatic approaches for implementing effective testing and security strategies for Web 2.0 applications.

Security As A Requirements Issue , SD Times, March 2007

Argues that security is really a requirements issue.

Making Sense of WS-Policy and SAML , SearchSOA.com, December 2006

Answers the question "If I want to learn about WS-Policy and SAML, where should I start looking?"

Understanding XPath Injection , SearchSoftwareQuality, October 2006

Answers the question "Can you please explain what an XPath injection is?"

Prevent Application Logic Attacks with Sound App Security Practices , SearchAppSecurity.com, August 2006

Discusses the rise in attacks on application logic and strategies for preventing them.

How Does WS-Security Relate to Other WS- Standards? , SearchSoftwareQuality, June 2006

Answers the question "How can you relate WS-Security, WS-Trust, WS-Policy, WS-SecurePolicy and WS-Reliability to one another?"

Distinguishing a Faked XMLHTTP Request from a Real One , SearchSOA.com, May 2006

Answers the question "How can one make sure an Ajax-enabled Web application is able to tell the difference between a real and a faked XMLHTTP request?"

How to Create Secure Web Applications with Struts , Java Developer's Journal, March 2006

Focuses on developing secure Web applications with the popular Java framework Struts.

The Importance of WS-Security , SearchSoftwareQuality, February 2006

Answers the question "What is WS-Security? Why can't I just use SSL?"

Why are Web Services More Vulnerable than Web Apps? , SearchSoftwareQuality, February 2006

Answers the question "Why are Web services potentially more vulnerable to security problems compared to traditional Web applications?"

XML Security: Preventing XML Bombs , SearchSoftwareQuality, February 2006

Answers the question "What is an XML bomb and how do I protect my Web service against it?"

Evaluating Web Services Security Readiness through a POC , February 2006

Learn how to set-up and run a Web Services security proof of concept to validate early the security readiness of your Web Services.

Hold the Line Against Application Attacks , Software Test & Performance, November 2005

Presents the security best practices that should be integrated throughout the SDLC in order to "bake in" application security.

Securing Web Services , Information Systems Security, October 2005

Examines the threats to web applications and services, then outlines a strategy for preventing them.

Insurance Services Office: QA Experience with Security Solutions , September 2005

ISO QA manager Maria Conway shares her views on new technology and demonstrates leading edge solutions for ensuring application security, reliability, and compliance.

Reducing Software Security Vulnerabilities through Unit Testing , Military & Aerospace Electronics, July 2005

Explains how best practices like unit testing and coverage analysis can help prevent buffer overflow security vulnerabilities.

Java Application Security in the Corporate World , Java Developer's Journal, June 2005

Most developers truly believe that application security is not their concern... but are you ready for the code audit?

Banish Security Blunders with an Error-prevention Process , DevX, April 2004

Traditionally, application security is an afterthought—we build our apps and try to poke holes in them later. Why not take potential security breaches into account from the very beginning? The Automated Error Prevention Methodology provides a framework you can use to integrate security concerns into your app development right from the start.

Minimizing Weaknesses in TLS , JavaPro, December 2003

Explains how by recognizing TLS's weaknesses and considering alternatives such as message layer security, you can ensure that you are implementing the best possible security scheme for your specific needs.

Preventing Web Service Security Breaches with Unit Testing , StickyMinds.com, December 2002

One effective way for development teams to prevent unexpected inputs is to perform thorough "white-box" testing at the unit level.

Managing Web Service Security Risks , SD Times, November 2002

Explains how web services' fundamental architecture opens the door for serious security breaches.

Security Issues with SOAP , Crosstalk Journal, July 2002

Some of the very features that make SOAP attractive, such as its flexibility and its compatibility with HTTP, also provide opportunities for security breaches. This article discusses SOAP security issues and how they can be addressed.