Parasoft SOAPtest 4.0 Helps Enterprises Develop Secure, Compliant, Reliable Web Services

First end-to-end solution that integrates security penetration testing with comprehensive functional testing for thorough web services development

June 6, 2005 -- Monrovia, Calif. -- Parasoft Corporation, a leading provider of automated error prevention solutions for Web services and software development, announced today the release of SOAPtest 4.0, the first product to offer penetration testing as an integrated component of a comprehensive, automated Web services testing suite. First launched three years ago, SOAPtest is used by hundreds of organizations worldwide to validate the reliability, compliance and performance of their business critical Web services deployments.

SOAPtest 4.0 introduces automated, repeatable penetration testing at the message level to detect Web services security vulnerabilities. Additional key features include support for UDDI Registry, WS-Addressing and WS-ReliableMessaging. SOAPtest 4.0 is now the only enterprise-class product of its kind to embed attack scenarios into automated and repeatable functional testing of service-oriented architecture while testing compliance to the WS standards.

"As we continue to leverage Web services to deliver critical business data, it is imperative that our security infrastructure is trusted and reliable," said Cort Bucher, senior director of technology for McGraw-Hill Construction. "Parasoft SOAPtest 4.0's capability to automatically generate penetration tests custom to our Web services implementation provides me with the assurance that our services are truly production ready."

Parasoft works with a customer to set its security policy, drive it down to the code level, and enforce it at the development level. Parasoft promotes a three-tier approach to identify, correct, and prevent security vulnerabilities -- static analysis, penetration testing, and dynamic analysis.

"Parasoft SOAPtest helps companies overcome the vulnerabilities and roadblocks in developing secure, compliant, reliable Web services," said Wayne Ariola, vice president of corporate development at Parasoft. "Web services expose security vulnerabilities through commonplace flaws like X-path injections, XML bombs, runtime errors and buffer overflows. SOAPtest 4.0 is an essential tool for enterprises deploying Web services to ensure their mission-critical applications are secure."

What's new in SOAPtest 4.0:

  • Security penetration testing at the message level including SQL injections, XML bombs, parameter fuzzing, and XPath injections

  • UDDI Registry support, including a Query UDDI Tool that can be used to send inquiries to a UDDI registry for verification and validation

  • WS-Addressing and WS-ReliableMessaging support, including automatic generation of WS-Addressing and WS-ReliableMessaging headers within the SOAP header

  • Test Suite "Wizard" that allows automatic creation of security penetration tests, asynchronous test suites, and tests from WSDL, WSIL, UDDI, and HTTP traffic

  • Load-testing improvements, including a bottom-up approach that allows users to define the exact number of virtual users for each profile

Availability

SOAPtest 4.0 is available for Windows 2000, Windows XP, Linux and Solaris. Pricing starts at $3,495.

About Parasoft

Parasoft is a leading provider of innovative solutions for automated software test and analysis and the establishment of software error prevention practices as an integrated part of the software development lifecycle. Parasoft's product suite enables software development and IT organizations to significantly reduce costs and delivery delays, ensure application reliability and security, and improve the quality of the software they develop and deploy through the practice of Automated Error Prevention (AEP). For more information visit http://www.parasoft.com.