CWE Compliance

Parasoft supports the Common Weakness Enumeration (CWE) guidelines with dedicated code analysis configurations that map to best practices outlined in the standard.

Secure Application Development Beyond Static Analysis

Secure application development involves more than static analysis. Truly secure application development requires that testing involve a mixture of test and analysis methods applied throughout the SDLC, and also that a broad set of software life cycle management and vulnerability/risk management activities be integrated across the process to ensure the delivery of secure and reliable software.

Parasoft addresses both of these expectations with its Application Security Solution, which recently was awarded the Jolt award in the “Security” category. This integrated system extends Parasoft’s static analysis capabilities—providing a pre-configured system with processes and best practices that help organizations produce secure applications consistently and efficiently.

The complete solution integrates project & task management with a broad spectrum of secure application development practices—including penetration testing, authentication/encryption/access control validation, code review, runtime analysis, and more. It drives security tasks to a predictable outcome according to defined industry standards or management’s expectations. This gives organizations the comprehensive process visibility & control needed to effectively satisfy security requirements.

Establish, Apply, and Monitor Adherence to Policies

Parasoft’s policy-driven approach defines the organization’s expectations around quality while ensuring consistent, unobtrusive policy application. The automated infrastructure automatically monitors policy compliance for visibility and auditability.
  • Drives expected behavior throughout the SDLC to promote predictable outcomes
  • Delivers an actionable set of tasks that are measurable through completion
  • Provides the control needed to continuously improve the process of delivering business applications

Parasoft Support for CWE

Parasoft supports Mitre’s Common Weakness Enumeration (CWE) for C, C++, Java, and .net languages. The PDFs below show how Parasoft’s static analysis rules map to the CWE.
Parasoft Support for CWE in C/C++ – C/C++test 10.x
Parasoft Support for CWE in C/C++ – C/C++test 9.x
Parasoft Support for CWE in .NET – dotTEST 10.x
Parasoft Support for CWE in .NET – dotTEST 9.x
Parasoft Support for CWE in Java – Jtest 10.x