Build in application security from start of code creation

January 18, 2016 // By Graham Prophet
Multi-language support combines functional and compliance for secure coding standards enforcement - in both new and legacy code. PRQA has announced a certified environment platform - allowing security coding standards and advisories to be applied at the point of code creation, in addition to well established functional and compliance checks.

In light of recent high profile exploitations regarding application vulnerabilities, this latest release allows analysis of both legacy code streams and new agile developments. Providing multi-language support for C, C++, C# and Java, combined with straightforward integration of PRQA’s own static analysis tools, users are now able to apply in-house security rules, as well as external coding standards and sets of common weaknesses, such as CERT and CWE. This ensures potential issues and existing weaknesses in legacy code are highlighted, and therefore resolved before the product release.

With the rapidly growing Internet of Things (IoT) and resulting interconnectivity, application security has never been so essential – especially for software deployed outside classical IT security infrastructure.

Paul Blundell, CEO and Founder of PRQA comments, “We have been helping software developers enable functional and compliant software development for over 30 years and recognise the changing requirements of our customers. It is no longer enough to have compliant and functional software – it must also be secure in an increasing complex and rapidly evolving ecosystem. Our latest solution set ensures organisations, both large and small, can not only assess existing vulnerabilities in legacy code, but also apply best practice to new developments – across multiple coding languages”.

Robert Seacord, founder of the Secure Coding Institute, commented “PRQA’s QA·C analyser is effective at discovering violations of The CERT C Coding Standard that were not discovered through 20 years of testing or by other static analysis tools”. He continues “Overall, the QA·C analyser is an effective tool for eliminating secure coding flaws that can easily lead to software vulnerabilities”.

PRQA; www.programmingresearch.com/products