AppSec Knowledge Base

SOFTWARE DEVELOPMENT MODELS

Security testing with different software development models.

Development organizations use a variety of software development models for producing the applications that drive business today. Each has its own pros and cons in terms of producing quality software quickly. These software development models also have different benefits and disadvantages when it comes to software security testing for delivering more secure applications.

For instance, the traditional waterfall model – where software development progresses steadily through successive phases – often relegates software testing to the later stages of development. Remediating flaws at this point can be costly and time-consuming, as developers end up working on fixes for code they haven’t seen in months, at the moment when pressure to ship the product is greater than ever.

In the Agile model – which emphasizes an incremental approach to development – testing occurs during the development phase, enabling coding issues to be found earlier when they are easier to fix. Other software development models such as RAD, RUP, Spiral and V-Model each offer different opportunities for integrating testing into the development process.

Regardless of the model, the key to delivering secure applications is finding testing solutions that can integrate easily into the development process. For organizations seeking software testing solutions that can work with a variety of software development models, CA Veracode has the answer.

Testing different software development models with CA Veracode.

CA Veracode provides application security services that help to identify and remediate vulnerabilities in business-critical software in development and production. Offered as a subscription service, CA Veracode’s web based application testing technology provides a multilayered approach to testing, with tools that can be integrated into every stage of the software lifecycle. With CA Veracode, organizations can find and fix flaws at the point in the development process where it is most effective and cost-efficient to remediate them.

CA Veracode supports testing in different software development models with solutions that are fast, accurate and automated. As a SaaS-based technology, CA Veracode enables developers to easily upload code to be tested to a secure platform and to receive results quickly – within four hours for 80% of tests and within one day for 90% of tests. The accuracy of CA Veracode’s technology lets development teams spend less time worrying about compliance or false positives and more time remediating vulnerabilities. And by automating testing throughout the process in a variety of software development models, CA Veracode enables organizations to ship more secure applications more easily.

CA Veracode solutions for application testing in a range of software development models.

Software testing technology from CA Veracode is compatible with a number of software development models. Solutions include:

  • CA Veracode Greenlight, a service that runs in the background of a developer’s IDE, identifying flaws and vulnerabilities as code is being written and providing contextual remediation advice.
  • Static Analysis, for scanning binaries to test the security of code that is built, bought or assembled.
  • Software Composition Analysis, for identifying and eliminating risk in open source components.
  • Web Application Scanning, for identifying flaws in web applications in production.
  • Manual penetration testing services, including services for a desktop, mobile, IOT or web application pen test.

Learn more about CA Veracode solutions for different software development models, and about what is agile project management’s biggest benefit for security testing.

 

 

contact menu