HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Product aims to fix security flaws during app creation

By Robert Mullins

May 6, 2008 —

Software is routinely tested for reliability, performance and manageability throughout the development process, but application security, previously ignored, is finally getting the same amount of attention.

Parasoft, a 20-year-old company that has offered testing software for all those issues, introduced a product at JavaOne 2008 today that it says integrates security reviews into the process without sacrificing productivity.

The offering, dubbed Parasoft Application Security Solutions, performs a daily analysis of software code as it’s compiled, and identifies security vulnerabilities and suggests ways to fix the problem. It can be bundled with other Parasoft tools that analyze code for performance, reliability and manageability, said Wayne Ariola, vice president of strategy at Parasoft.

Each vulnerability detected is prioritized, and a report appears within the IDE that the developer is working in, including direct links to the problematic code and recommended fixes, Ariola said. It resolves security issues while it raises developer awareness.

“Not only are we fixing the problem, we are also raising the ‘security IQ’ of that developer,” Ariola added.

Parasoft is already serving the developer market with SOA quality and application development quality tools, and bundling its security tool with them would give security the status it needs in a project, Ariola said.

Of course, Ariola noted, there are other companies offering testing for application reliability, code quality or security, such as Fortify Software, Instantiations and others. But too often, developers don’t address security vulnerabilities until late in the process, or use audit tools to detect possible risks, which only go so far. “It’s great to have an audit tool, but it doesn’t help remediate the problem,” Ariola argued.

Related Search Term(s): Security, testing & troubleshooting

Share this link: http://www.sdtimes.com/link/32148

HP updates its Application Security Center Hewlett-Packard announces that its service-based Assessment Management Platform will debut before Labor Day. DevInspect, QAInspect and WebInspect will be receiving upgrades to their security features.

Zero tolerance for bugs Static analysis provides a thorough examination of code, allowing testers to see problems and descriptions of their impact on security. Drawbacks include false positive/false negative issues and a lack of a consistent implementation.

Bugs gone bad A wide variety of bugs can cause problems for your system. Here is a list of types of bugs and exploits that companies should keep an eye out for.

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections

4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo

4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets

4/19/2010
New York City
Flagg Management

Informix User Conf.

4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG

Please hold here to Drag the window

Close [x]

Subscribe today and you'll receive 24 free issues of SD Times!

Dear Software Professional,

I’d like to invite you to subscribe to SD Times, the newspaper of the software development industry. The newspaper is free, and it will only take a moment to subscribe!

SD Times covers the fast-paced world of software and application development. The twice-monthly newspaper helps software architects, project leaders, analysts and development managers make the proper decisions about products, methodologies and practices that can affect their development teams and efforts.

Each year, we offer only a limited number of complimentary subscriptions to software development professionals!

It only takes moment to sign up. Don't delay, subscribe today!

Sincerely,

David Lyman
Publisher
SD Times

Product aims to fix security flaws during app creation

By Robert Mullins

Related Articles

Add comment