The latest release of the Parasoft Continuous Quality solution is now available with updated versions of Parasoft SOAtest, Virtualize, CTP, and DTP. This release focuses on three primary areas.
Following the success of the 2021.1 release’s focus on delivering quality at speed, Parasoft’s 2021.2 release centralizes on you, the customer, specifically.
How can this latest release help you optimize and maximize delivering quality at speed?
Through feature updates and usability improvements, you can access the right information at the right time and ensure your applications are tested to harden them against cyberattacks.
In addition to Parasoft SOAtest’s existing extension for BurpSuite, there’s a new capability that augments SOAtest through seamless integration with OWASP ZAP. Now developers and testers can simply add penetration testing to their functional test suites and launch a battery of pen testing cyberattack simulations for the entire suite or specific tests. As these tests have already been created for the functional side, reusing these same tests saves substantial time and rework effort, and most of all, these tests can be run as part of a CI/CD pipeline without manual intervention.
In order to execute certain APIs, some may require setup, such as prepping the database or calling other APIs. When starting with functional tests that are already proven to work correctly, the setup is done.
Typical penetration testing tools are able to report vulnerabilities, but they fall short when giving any context about the use case and/or requirement to which the vulnerability is connected. Using SOAtest to execute the test cases, the API vulnerabilities are reported in the context of a use case. When scenarios have been associated with requirements, developers and testers get additional business context about the impact of the security errors to the application. With SOAtest plus DAST, you now have the ability to run pen testing scenarios within the CI/CD pipeline, turning functional tests into security regression tests.
Additionally, this enhancement includes HTTP verb fuzzing, which parses and validates your OpenAPI or RAML formatted specification, then tests for accessible HTTP methods not defined in the service definition that may or may not have been considered, essentially testing your OpenAPI for what’s “not there”. The results of all these API security tests can be viewed in a user friendly HTML report format that’s easy to understand, and all the results and information flow smoothly into DTP in order to plan your current and upcoming sprint strategy.
Usability improvements were made to Parasoft SOAtest’s ability to capture application coverage and report results. Application coverage captured by SOAtest can now be reported to DTP directly and baseline coverage reports for test impact analysis can be generated without the need for extra scripts. For further visibility, application coverage can now be captured by tests run on server-only installations of SOAtest.
Additionally, HTML reports produced by SOAtest desktop have a more modern look and feel. CTP test execution jobs have been separated from test scenarios themselves, and we’ve added the ability to create custom reports for test execution jobs. You can also configure your CTP jobs to send results to DTP. Meanwhile, test scenarios can now be accessed directly via URL and feature syntax coloring of JSON and XML event messages to improve readability.
We’ve made many exciting usability enhancements to the products included in this release. Please see full details in our 2021.2 release notes for SOAtest, Virtualize, and CTP and DTP. Here are a few teasers to whet your appetite. You can:
Plus so much more!
Parasoft’s 2021.2 release of the Continuous Quality solution also takes a giant step forward by making each of our enterprise products available as Docker images on DockerHub. Watch for these in the coming weeks, which will make installation and setup substantially easier for our customers.
The 2021.2 release of Parasoft SOAtest, Virtualize, CTP, and DTP marks a new level of visibility into API security, adding seamless integration with OWASP ZAP to our existing BurpSuite compatibility.
We also focused on usability, coverage, and reporting enhancements, as well as substantially simplifying installation/setup via DockerHub, to improve the user experience and increase productivity. There are more exciting enhancements that have been added to the products that you can read about in the release notes for SOAtest, Virtualize, CTP, and DTP.
Jeff Peeples is a Senior Product Manager at Parasoft, leading the functional platform direction for SOAtest, Virtualize, and CTP. Jeff has extensive experience defining solutions and developing roadmaps for enterprise industries including energy, financial technologies, and travel/hospitality.