Automated software testing firm Parasoft, announced standards-native SAST support for DISA ASD STIG with enhanced test configurations available in its 2022.1 versions of C/C++test, dotTEST, and Jtest automated software testing solutions. The company says the new native configuration makes it easier for customers to detect weaknesses identified by the ASD STIG and to satisfy requirements for securing software for deployment on DoD networks.
Achieving compliance with the DISA ASD STIG guidelines requires evidence, usually captured in the form of documentation, from test methods like code scanning and analysis. Demonstrating compliance has never been easier with the expanded visibility provided by standards-native checkers and dedicated DISA ASD STIG format configurations now available in Parasoft’s DISA ASD STIG SAST solutions for C, C++, C#, Java, and VB.NET.
With the enhanced configuration, it’s much simpler to automatically incorporate and demonstrate conformity into reports and prove compliance during an audit—saving time, labor, and costs. Additionally, the new native configuration covers a broader range of security issues to improve software readiness for the functional part of the audit.
Parasoft’s static code analysis solutions excel in application testing and cover the ASD STIG requirements for OWASP Top 10, buffer overflows, race conditions and error handling.
“Static code analysis is a vital first step and value-rich approach to lessening the burden of compliance. It encourages preventative techniques that remove vulnerabilities early in the project life cycle. Parasoft’s static analysis provides early detection of vulnerabilities and enforces coding guidelines to prevent poor security and safety practices as early as possible,” said Igor Kirilenko, chief product officer at Parasoft.