The Inquirer-Home

Coverity to release security testing static analysis for web applications

Bit too late for Linkedin
Mon Jun 11 2012, 13:53
testing-implementation-timeline

SOFTWARE TESTING OUTFIT Coverity has announced that it has improved its static analysis technology to address security issues in Java applications.

Coverity's static analysis will look at source code and the web application architecture it uses to point out potential security vulnerabilities. The firm claimed its static analysis tools can now highlight potential cross-site scripting attacks and mitigate SQL injection attacks.

According to Coverity, the additions to its static analysis include integrating static source code analysis with its framework analyser, incorporating a white box fuzzer to validate data sensitisation and provide guidance to developers.

Interestingly, Coverity was eager to point out that its first-generation static analysis tools were not able to deal with the complexity of web applications. The firm claimed its upcoming release has been built specifically for web applications.

Andy Chou, Coverity co-founder and CTO said, "First-generation static analysis tools are not effective in helping developers because they don't credibly provide them with this information. We are making it easy for developers by taking the guesswork out of finding and fixing security defects."

Coverity said its new static analysis security technology will be available in September as part of its Development Testing Platform. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?