|
Parasoft's pattern-based analysis monitors whether code follows industry-standard or customized rules for ensuring that code meets uniform expectations around security, reliability, performance, and maintainability. Over 15 years of research and development have gone into optimizing Parasoft's patented pattern-based analysis engine.
Our solutions feature:
-
A centralized, integrated system for automated monitoring of code compliance across heterogeneous environments (Java, C/C++, C#, VB.NET,
JavaScript, JSP, XML, etc.), core industry standards (FDA, PCI, OWASP, CWE/SANS, MISRA, WS-*, Section 508, WAI WCAG, etc.), and
organization-specific policies (security, branding, etc.).
-
Rule sets that are the most comprehensive in the industry and are constantly being extended.
-
Instant assessments of quality defects as well as security vulnerabilities such as:
- Input-based attacks
- Backdoor vulnerabilities
- Unsafe environment configuration
- Weak security controls
- Deadlocks and race conditions
- Erratic application behavior
- Unsafe error handling and logging
- Exposing sensitive data
-
Customizable issue prioritization to ensure that the most critical issues are addressed in a timely manner.
-
Automated refactoring to correct many identified violations.
-
The ability to graphically define and automatically check custom rules that prevent application-specific
errors from reoccurring and monitor adherence to organization-specific policies.
Parasoft calculates various metrics for your code to help you assess your code base and monitor changes. Code metrics calculation identifies
brittle or overly-complex code that could impede agility or reuse. It also helps you better understand code complexity and assess the potential
impacts of an anticipated code change. This enables you to make more informed decisions as to how to modify, refactor, and test it.
Parasoft reports calculations for industry-standard metrics such as Inheritance Depth, Lack Of Cohesion, Cyclomatic Complexity, Nested Blocks Depth, Number Of Children. In addition, we enable you customize the acceptable thresholds for each metric, then alert you when metrics are outside of the prescribed range.
Leveraging this automation, team resources are freed to focus on analyzing and improving the problematic code - tasks that truly require human intelligence.
|
Parasoft's data flow static analysis provides automated detection of runtime errors without requiring the
software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find.
We statically simulate application execution paths which may cross multiple units, components, and files
to identify paths that could trigger runtime errors such as:
- C and C++: Using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code.
- .NET: NullReferenceExceptions, ArgumentNullExceptions, resource leaks, division by zero, dereferencing before checking for null, SQL injections, XSS, and other security vulnerabilities.
- Java: NullPointerExceptions, resource leaks, accessing arrays out of bounds, unvalidated input in array indexes, incorrect Iterator usage, division by zero, SQL injections, XSS, and other security vulnerabilities.
To simplify defect analysis, a complete analyzed path trace for each potential defect is reported in the IDE, and automatic cross-links to code help you quickly jump to any point in the highlighted analysis path.
This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.
|
