Featured Webinar: MISRA C++ 2023: Everything You Need to Know | Watch Now

UL 2900

UL 2900 Compliance With Parasoft

What Is UL 2900?

UL 2900 is a cybersecurity standard for network connectable products to help secure the Internet of things (IoT), especially as it relates to functional safety. With the growth of connected devices, it’s more important than ever to make sure these devices operate properly, even under attack. There are versions of the standard specifically tuned for medical devices and nuclear power. The medical version is recognized by the FDA as appropriate to use for security of medical devices and software. UL 2900 relies on the well-known secure coding standards of CWE and OWASP. In particular, CWE includes the well-known Top 25 and additional On the Cusp considerations.

Enforcing UL 2900 Compliance With Static Analysis, Unit Testing, API Testing, & Service Virtualization

Developers and testers can efficiently scan, test, and analyze code for potential security vulnerabilities with Parasoft’s automated software testing solutions. Our complete solution for software cybersecurity and risk management — as defined in standard UL 2900 — enables teams to satisfy the described processes, methods, and requirements in testing for vulnerabilities, software weaknesses, and malware in network-connectable products.

How Parasoft Helps Achieve UL 2900 Compliance

Parasoft offerings examine, test, and analyze code for network connected IoT, embedded, and enterprise applications written in various languages like C, C++, Java, and C#. Teams can enforce important cybersecurity standards like CWE Top 25, CWE On the Cusp, and OWASP Top 10 to ensure that software is built securely from the get-go with Parasoft’s static analysis testing. Runtime analysis is also available to further expose vulnerabilities. With Parasoft SOAtest and Virtualize, you can perform penetration and fuzz testing to simulate attacks by way of:

  • SQL injection
  • Parameter fuzzing
  • Username harvesting
  • XPath injections
  • Cross-site scripting
  • XML bombs
  • External entities
  • Schema invalid XML
  • Large XML documents and malformed XML

Parasoft aggregates risk analysis, compliance reports, and other advanced analytics in its centralized dashboard reporting system. Parasoft solutions help users achieve UL 2900 compliance and increase testing productivity. Users can scale to current and future testing needs, including removal of hardware resource bottlenecks, by simulating dependencies, which offer practical and realistic performance for security testing.

Text on left: End-to-End Testing for IoT Integrity. Image on right shows an illuminated and colorful dashboard of connected internet of things with a few items sitting atop it in 3D: laptop, hard drives, a large cloud at the center.
whitepaper

End-to-End Testing for IoT Integrity

Ensure that end-to-end data and control flow are secure, reliable, and compliant with an effective end-to-end approach to IoT system verification.

Download