// //

Want to see Parasoft in action? Sign up for our Monthly Demos! See Demos & Events >>

X
.NET Security

Protect .NET Code With dotTEST Security Testing

The Most Comprehensive Security Testing Tool for C# and VB.NET Codebases

Security Testing for Developing Secure C# and VB.NET Applications

Detect compliance vulnerabilities continuously throughout the development life cycle. Certified by MITRE as CWE-compatible, Parasoft dotTEST integrates critical industry security standards directly into Microsoft Visual Studio as if it were part of the product. You can use dotTEST to check compliance with critical security standards (OWASP Top 10, CWE Top 25 + On the Cusp, PCI DSS, UL 2900, and so on) to prevent, expose, correct errors — and ensure that your C# and VB.NET code works as expected. For reporting, auditing, and continuous feedback to the whole team, Parasoft’s unique real-time feedback gives users a continuous view of compliance status with interactive compliance dashboards, risk assessment widgets, and automatically generated reports for compliance audits.

Screen capture of Parasoft OWASP dashboard showing pie charts and graphs.

How Does It Work?

With Parasoft’s dotTEST and its security offering baked directly into the developer’s IDE, the development team will naturally become more proficient in security, and fewer security vulnerabilities will be found at the end of the pipeline. The found vulnerabilities can then be investigated and root cause analysis performed to make improvements to the security policies and guidelines from findings — continuously improving the efficiency of building security into development as each cycle progresses.

Developers can use Parasoft dotTEST to check their code locally on their machine before committing to source control to catch and fix security violations when it’s cheaper and easier to do so. Seamlessly integrate into the CI/CD pipeline so the same configuration is executed as part of the build process. This comprehensive analysis goes beyond the scope of a developer’s locally modified code, providing a safety net to gate the delivery pipeline and ensure that insecure code does not get promoted to later stages.

Results of the analysis are sent back to a developer’s IDE and to Parasoft’s web-based reporting and analytics dashboard. The tool tracks progress so you can make course corrections and generate audit reports in real time. Managers and security leads can assess projects based on security coding standards and use the dashboards to answer important questions: Is the project is improving or getting worse? Which areas of the code are causing the most issues?

“We are able to get our product to market approximately six months sooner with Parasoft solutions than we could have if we had gone back to the testing vendor. “

Features

Easily define a coding policy for C# or VB.NET code based on industry standards like OWASP, CWE Top 25 + On the Cusp, PCI DSS, UL 2900, and so on. Parasoft checkers are named and mapped directly to the standard guideline and require no additional mapping, making it easy to identify which checker should be used to verify a guideline.

Parasoft dotTEST users can create customized test configurations that are relevant to their organization’s security policy in addition to the out-of-the-box offering. Customize test configurations on individual developers’ desktops — directly in the IDE or with Parasoft DTP for centralized distribution to the organization. This helps different teams follow the same safe and secure coding standards and enforce the same development strategies across the entire organization.

Parasoft dotTEST’s integration with Parasoft DTP provides correlation of test results, code coverage, and security violations to user stories and requirements. At a glance, the team can gain an objective assessment of the impact of potential security vulnerabilities on the business-critical user stories.

Parasoft’s centralized reporting system provides real-time visibility into overall security status and processes. Reports include links to documentation to help development teams understand programming best practices. With references to standards such as Common Weakness Enumeration (CWE), reports outline and document improvements — helping you determine what additional actions are needed to safeguard security. Customizable dashboards give you the flexibility to create reports that help your organization create safe, secure, and reliable applications.

Parasoft finds security defects and pinpoints the underlying source code that causes the defects, allowing you to eliminate all instances. Parasoft facilitates a continuous process that enables you to proactively enforce secure coding practices. As a result, you can continuously harden your application as the code evolves.

Benefit from the Parasoft Approach

Automate Code Analysis for Compliance

Define rule sets using your own custom rules and the 400+ built-in rules that cover security standards OWASP, CWE Top 25 + On the Cusp, PCI DSS, UL 2900, and more.

Increase Productivity & Software Quality

Promote rapid remediation. Detected errors are prioritized based on your policy, automatically assigned to the developer who wrote the related code, and distributed to the IDE with direct links to the code and a description of how to fix it. Deep seamless integrations are available with open source platforms, bug tracking systems, requirement management systems, custom iterations, and other infrastructure components.

Identify Runtime Vulnerabilities Early

Parasoft’s data flow analysis detects runtime security issues without requiring the software to be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find. Defects detected include NullReferenceExceptions, ArgumentNullExceptions, resource leaks, division by zero, dereferencing before checking for null, SQL injections, XSS, and other security vulnerabilities.