Coverity, Inc., the leader in development testing, and NT OBJECTives (NTO), a leading provider of automated, comprehensive and accurate web application security software and services, today announced the companies have formed a partnership to enable the industry’s first “developer-ready” Interactive Application Security Testing (IAST) solution. The IAST solution combines and correlates security defects identified by Coverity’s highly-accurate Static Application Security Testing (SAST) software and NTO’s Dynamic Application Security Testing (DAST) software, providing even more accurate testing results across a broader range of coverage, earlier in the Software Development Lifecycle (SDLC). These results are presented in the development workflow that developers use every day, in a language they understand, enabling them to quickly and efficiently remediate the security defects that matter, as code is written.
As organizations expand security testing into earlier stages of the SDLC, developers need testing solutions that reduce the time they waste with false positives, and enable them to more easily collaborate with security professionals. According to a 2011 Gartner Research report*, “Application and security specialists are in need of technologies that enable a higher accuracy of security testing of the enterprise’s application for vulnerabilities such as SQL injection, cross-site scripting and buffer overflow.” With this partnership, Coverity and NTO expands DAST from development to production. This provides both development and security teams with the visibility to more easily determine if defects are real, if they are exploitable, and most importantly, which defects need to be fixed first, based on risk.
“Coverity understands what it takes to build security into development—it’s more than just integrating into an Integrated Development Environment. Developers at more than 1,100 organizations have relied on our platform to help find and fix quality and security defects, in a unified workflow,” said Jennifer Johnson, Chief Marketing Officer for Coverity. “This partnership with NTO is a natural extension of our development testing platform, to increase the breadth of security testing into the development process in a way that developers will adopt. NTO is a valuable addition to our expanding partner ecosystem and we look forward to working with them to bring IAST into development.”
“In today’s world, it is critical that organizations find ways to find and fix security vulnerabilities faster. Often times, the security team is looking at one DAST report and the development team is looking at a second SAST report, both of which contain the same vulnerabilities from different viewpoints,” said Dan Kuykendall, Chief Technology Officer for NT OBJECTives. “This combined solution increases users’ trust in the results because the two products come at it from entirely different angles. In addition, correlated DAST and SAST results significantly simplify the process of managing and remediating the results because reports are integrated and correlated.”
The Coverity® Development Testing Platform provides development with a unified workflow for quality and security testing during the implementation phase of the SDLC. The platform is built on the award-winning Coverity SAVE Static Analysis Verification Engine, which applies multiple, patented techniques for accurate and scalable defect detection. Coverity’s source code analysis accuracy, deep understanding of the application through its framework analyzer and powerful remediation engine help developers quickly determine whether a defect is real, where in the code it is located and how to fix it in the context of their codebase.
NTOSpider, which includes NTO’s Universal Translator technology, is the only DAST solution available that effectively tests modern mobile and rich internet web applications built in new technologies like REST, AJAX, JSON and GWT. Available as software or SaaS, NTOSpider delivers more comprehensive application coverage and sophisticated attack methodologies than any other solution. Most importantly, NTOSpider delivers the best rates in the DAST industry for the elimination of false positive and false negative findings.
When combined, the Coverity and NTO solutions consolidate both the NTOSpider DAST and Coverity SAST and Quality results into a unified, interactive report, accessible from the Coverity Development Testing Platform.