Parasoft helps teams prevent security vulnerabilities through penetration testing, hybrid security analysis, runtime error detection, and execution of complex authentication, encryption, and access control test scenarios.
Authentication, Encryption, and Access Control
Parasoft's solution lets you execute complex authentication, encryption, and access control test scenarios. It supports key transport and message-level standards (SSL, OAuth, Digest, Kerberos, WS-Security, etc.). Moreover, it allows for token validation and negative testing to ensure proper enforcement of message integrity and authentication.
Hybrid Security Analysis
Parasoft's hybrid security analysis takes the functional tests that you and your team have already defined and uses them to perform a fully-automated assessment of where security attacks actually penetrate the application.
This hybrid analysis:
- Automatically generates and runs penetration attack scenarios against your existing web or service functional test scenarios.
- Monitors the back-end of the application during test execution in order to determine whether security is actually compromised.
- Correlates each reported runtime error with the functional test that was being run when the error was detected.
Runtime Error Detection
Parasoft's runtime error detection monitors the application from the back-end as tests executes and alerts you if security breaches or other runtime defects (such as race conditions, exceptions, resource leaks) actually occur.
You can perform runtime error detection both with and without penetration testing. This way, you can ensure that error detection covers both:
- The exact use case functionality captured in your test cases.
- Simulated attacks based on this functionality.
Parasoft's solution automatically generates tests to perform security penetration testing. By testing with penetration attacks and analyzing the responses, security vulnerabilities can be discovered and fixed earlier in the software development cycle.
Supported tests include attacking with:
- Parameter fuzzing
- SQL injections
- Username harvesting
- XPath injections
- Cross-site scripting
- XML bombs
- External entities
- Schema invalid XML
- Large XML docment
- Malformed XML