CAPITAL Services Improves Software Security & Quality With Test Automation

The Challenges

CAPITAL Services software deals with highly sensitive information so security, compliance, and risk mitigation are critical for the company. Recognizing the continued complexity of attack vectors and code development, CAPITAL Services looked to improve the visibility into potential security and quality issues.

CAPITAL Services needed actionable data to help pinpoint remediation activities and better transparency among QA, development, and management to improve software deployment and delivery.

When first engaging with Parasoft, CAPITAL Services outlined the following goals.

• Improve test efficiency and remove the reliance on manual testing.
• Maintain compliance of source code with industry standards such as PCI DSS, OWASP Top 10, and CWE Top 25.
• Improve the security and regression testing of API services and endpoints.

“We have been very impressed with Parasoft’s engagement with us. When we’ve had questions and needed help, they’ve been there, working with us closely, keeping us up to date on the latest innovations. It’s been a good relationship.”

—Heath McIntyre, director of software development at CAPITAL Services

The Approach

The first step CAPITAL Services took was to implement SAST across their entire codebase, which includes internal and external-facing applications, and middleware in between that contains their business logic.

The next step was adopting test automation for their APIs to better test functionality but also to achieve better test coverage and security testing.

The Solution

CAPITAL Services evaluated Parasoft as the top vendor to partner with for addressing their immediate need to standardize their coding practices around security standards like PCI DSS. They recognized that implementing DevSecOps meant providing a solution that was tightly integrated with the developers’ toolchain, particularly the IDE and build environment.

CAPITAL Services also recognized Parasoft’s alignment with their overall initiative to improve their development and testing processes. Scriptless and easily maintained regression tests of their API layer now run regularly and help identify issues that would go unnoticed prior to partnering with Parasoft.

“Now we run regression tests across everything, so we might catch something we didn’t before…that is where our quality has really gone up.”

—Heath McIntyre, director of software development at CAPITAL Services

CAPITAL Services adopted Parasoft dotTEST as their SAST and code coverage solution. They also use Parasoft SOAtest for API testing and Parasoft DTP for analytics and project dashboards and reports.

The Results

The software quality improvements that CAPITAL Services has seen are a direct result of Parasoft automating their regression testing and bettering testing in general as they moved away from manual testing. Here’s a quick list of those software quality improvements:

• Reduced overhead costs of regression testing
• Improved security
• Increased code coverage
• Faster, more efficient testing
• Greater transparency with leadership

“Before we started automating, we were basically manual testing. Every time we made a change, a tester had to manually regression test everything. So, just getting that kind of automated coverage and ongoing regression testing has definitely helped a lot with efficiency.”

—Heath McIntyre, director of software development at CAPITAL Services