Authorize, Globalize, & Mobilize Your Apps With Parasoft Continuous Quality Solution

Functional development teams gain new capabilities to deliver with confidence at speed with Parasoft SOAtest, Virtualize, CTP, and DTP version 2022.1. The latest release provides teams with helpful new features in the following areas.

• API security testing
• Shared HTTP authentication settings
• Virtualize mobile application backends
• Custom format in Fixed Traffic Wizard
• GraphQL literal support
• OIDC connectivity and authentication
• Login using a PIV card
• Docker and Kubernetes licensing support

Here are other key enhancements.

• Data Repository update
• Full support for Java 11

Taking API Security to the Next Level

If you are one of the many pleased customers who tried Parasoft’s API security penetration testing tool in the 2021.2 release, you’ll be happy to see how we built onto that functionality and substantially raised its user experience bar!

Customers can now choose to order their API security reports by either Common Weakness Enumeration (CWE) or OWASP Top 10, which is shown in the screenshot. To make it even easier, we built an added feature within CTP to configure penetration testing from CTP’s browser-based thin client. Additionally, we added browser-specific web UI native pen testing policies and specially-integrated widgets and reporting within DTP.

Shared HTTP Authentication Settings

Prior to 2022.1, users would have to enter HTTP authentication credentials for every test in a test suite. This new change stores credentials under a new Authentications subheading located near the top of the test suite.

The first authentication defined will be automatically applied to all tests in the suite. If more than one credential is required, each unique credential assignment within the test suite results in the generation of a new Authentications sub-entry. Users only need to assign the new credential to the individual test by selecting from the dropdown of Authentication options.

Virtualize Mobile Application Backends

Parasoft has implemented a HTTP forward proxy mode in Virtualize message proxies in addition to the existing reverse proxy mode. Parasoft Virtualize users can now use this forward proxy mode to virtualize mobile application backends.

A new feature in CTP adds the ability to configure messaging proxies via a convenient web interface. The method of configuring proxies using the desktop is also still available. Additionally, we simplified switching between primary and secondary configurations to improve the user experience.

Custom Format in Fixed Traffic Wizard

We have implemented a new ability to specify the request message format within the Fixed Traffic Wizard. Prior to 2022.1, all message formats defaulted to “Literal” when creating a TST from fixed traffic using the wizard in SOAtest.

We’ve even added an “Auto” option, which will detect the message format for each request from the traffic file and then automatically generate the appropriate client, even if the traffic file contains multiple formats.

GraphQL Literal Support

2022.1 features support for GraphQL, enabling users to submit POST or GET requests to GraphQL compliant servers. GraphQL adds query language to API requests, enabling the fine-tuning and limiting of data returned in an API response.

Companies can conserve bandwidth or storage space by requesting a response that includes only the necessary data rather than a full response record that potentially can contain bandwidth-hogging superfluous data.

The new GraphQL feature includes support for multiple content types and includes the ability to specify query, operation name, and variables. All three of these components can be parameterized using data sources or data bank values.

OIDC Connectivity & Authentication

Version 2022.1 implements OpenID Connect (OIDC), which is an authentication protocol based on OAuth2.0 that enables seamless Single Sign-On (SSO) to third-party applications and vendor platforms, such as Azure AD and Google Cloud, among many others.

Log in Using a PIV Card

Certain high-security organizations elect to mitigate against the risks of social engineering or an employee compromising their systems by using an unsafe password. One strategy to accomplish this is implementing Personal Identity Verification (PIV) or Common Access Cards (CAC).

In the 2022.1 release, Parasoft has implemented PIV/CAC support in our browser-based CTP and DTP products, enabling customers who use PIV/CAC to forego the use of standard username/password credentials. Instead, they use an identification card that can be tracked and, if necessary, disabled immediately ensuring access to company assets is denied. This enables faster and easier authentication in conjunction with better security.

Docker and Kubernetes Licensing Support

A common trend in DevOps today is using containerized environments. Prior to 2022.1, running a Parasoft License Server Standalone (LSS) instance in a Docker container presented multiple challenges. But no more. Now, customers can run cluster-aware LSS instances (one per cluster) in Kubernetes without concern of license violations or service denials. This update also adds similar support for Docker and Docker Swarm. This enables easy and flexible scalability to reduce infrastructure costs and optimize workflow.

Data Repository Update

Parasoft is migrating Virtualize’s internal data repository database behind-the-scenes from OrientDB to MongoDB NoSQL database. This transition is intended to eliminate potential security vulnerabilities and reduce technical debt. Any embedded repositories created in previous versions of the application must be migrated to the new server before they can be used in 2022.1.

Though a system can run multiple versions of Java simultaneously, we recommend that SOAtest and Virtualize customers first update their data repository before installing SOAtest and Virtualize 2022.1. Once the data repository is updated, we next recommend upgrading CTP (if in use).

Lastly, upgrade SOAtest and Virtualize to version 2022.1. We have endeavored to ease the burden of migration by providing an easy-to-use migration tool that substantially simplifies the process, which you can download from Parasoft Marketplace. See our documentation, Migrating Embedded Data Repository Servers, for more information.

Note: 2022.1 is a major release. It requires new licenses and an upgrade to Java 11. We recommend existing SOAtest and Virtualize customers first migrate to the new data repository using Parasoft’s easy migration functionality (Java 8 required) before upgrading CTP to Java 11 (if applicable), followed by SOAtest and Virtualize.

Upgrade to Java 11

Version 2022.1 requires an upgrade to Java 11, which should be relatively seamless since most product distributions contain an instance of Java. Java 11 must be used to run Eclipse if installing the Eclipse plugin in an existing Eclipse instance.

Learn More

The new 2022.1 release continues Parasoft’s commitment to enabling continuous software delivery with confidence. You can learn more about the new release in the press release and release notes.