Read on to learn more about today’s product releases and the 3 critical areas of software testing we are focusing on:
More on each of these areas below.
To address continually growing concerns over data breaches, various industries have issued regulations addressing cybersecurity and information security controls. Companies are now holding their software teams/vendors accountable for meeting standard application security policies, but even with regulations and policies in place, most companies are merely “checking the box” and demonstrating compliance via minimal standards due to the challenge and complexity of integrating security into their development process. As a result, organizations are at risk of not being compliant, and worse, being exploited via a breach.
To turn this around, today’s releases are designed to meet the need of security and compliance, by enabling organizations to integrate security testing and compliance earlier in the development process, shifting testing to the left, and addressing security and compliance requirements as early as possible.
The static analysis capabilities in Parasoft Jtest and Parasoft dotTEST have been enriched by providing users with a wide set of checkers that help assist in application security, along with meeting compliance with industry-specific standards, such as CWE, OWASP, PCI DSS, and UL 2900. Security teams or leads can enforce and distribute security policies for their organization’s needs, by utilizing Parasoft’s out-of-the-box test configurations for industry-specific standards or generating their own via customizations.
Development teams instantly receive the policies directly within their IDE and can ensure quality and security of their code by executing an analysis, either on-demand or automatically, within their development IDE, allowing them to see issues and fix them prior to check-in. In addition, these releases help developers become more familiar with security issues and how to address them correctly by providing context-specific training and tutorials for specific vulnerabilities identified in the code.
Parasoft extends this approach into the CI/CD pipeline to supercharge the build automation phase with a repeatable and consistent security process. This comprehensive analysis goes beyond the scope of the developer’s locally modified code and provides a safety-net to gate the delivery pipeline to ensure that insecure code does not get promoted to later stages.
Additionally, all of the data from the security scan is aggregated into Parasoft’s centralized reporting and analytics dashboard. Here, users easily track the progress of their application’s quality, security, and compliance, along with viewing trending data and compliance reports, all in real-time. Users can easily generate audit reports for compliance at any time, giving them visibility into how compliant they are, right “now.”
This example OWASP-focused dashboard screenshot shows Parasoft’s reporting and analytics hub, which provides users with a comprehensive view of compliance, incorporating the OWASP risk assessment framework to help customers quickly identify areas with gaps/risk.
This feature enables managers and security leads to be agile and quickly course-correct to help mitigate risks. The vulnerabilities identified are then distributed back to the developer via the IDE integration, which completes the full circle, leading to a real-time security and compliance strategy that is aligned and helps achieve better software quality and security.
The final area of focus for this release was around Java unit testing. As organizations start to evolve their codebase with initiatives like cloud migration, unit testing becomes key to ensure that new code is fully tested/covered, while ensuring legacy functionality continues to work.
Parasoft Jtest continues to broaden its unit testing scope and goes deeper in areas of positive and negative testing to address the changing codebase. In today’s Jtest release, Parasoft is helping developers create unit tests for more of the Spring framework, with expanded support for additional Spring types/annotations and giving users control over the amount of Spring integration testing they want to perform, regular unit tests vs Spring unit tests.
Jtest has also amped up its mocking ability by providing users with an easier and cleaner way to inject mocks into their code, with added support for Mockito’s @InjectMocks annotation. To further assist the developer, Jtest handles negative testing by identifying exception blocks that occur within the test execution. Developers are presented with recommendations for addressing these exceptions issues, as well as quick-fix actions to resolve them. All in all, these new capabilities allow users to quickly increase their code coverage, resulting in overall improvements to code quality.
The latest releases of Parasoft Jtest and Parasoft dotTEST continue to push the limits of what’s possible with test automation (and of course, as with every release, we’ve added many additional customer enhancements not mentioned here, that you can read all about in the release notes).
By enabling teams to overcome traditional bottlenecks associated with security and compliance, Parasoft users are able to be more agile with these activities, equipped with continuous feedback. Integrating security and compliance into the development process from the start is key to empowering teams with a process that is consistent throughout the development lifecycle, as well as repeatable in securing compliance.
Kapil is a Product Manager at Parasoft, focusing on Parasoft Jtest. Kapil held several technical positions ranging from software engineer to development lead, before moving into product management.