Local News Releases
Corporate News Releases
Customers in Action


 

  

Compuware Launches New DevPartnerTM Products

Compuware DevPartner Fault Simulator and Compuware DevPartner SecurityChecker Analyse and Advise in Emerging Areas of Software Quality

London, UK - 18th January, 2005 - Compuware Corporation (NASDAQ: CPWR) today announced the general availability of two new DevPartner products, Compuware DevPartner Fault Simulator and Compuware DevPartner SecurityChecker. These new products significantly extend the DevPartner product line's longstanding advisory capability to deliver a broader and deeper view into application quality issues, enabling project teams to establish best practices for building quality software across the application development life-cycle.

Compuware DevPartner Fault Simulator 1.0
DevPartner Fault Simulator tests and debugs error-handling code in both native and .NET managed code without disrupting the application operation or debugging environment by safely injecting simulated faults into the application code. The simulator "tricks" the target application into believing a fault is present so that the reaction can be monitored without affecting other running applications or the underlying operating system.

DevPartner Fault Simulator is a unique development and quality assurance tool that uses fault simulation to emulate real world application errors. By allowing developers and testers to work in a predictable, repeatable environment to proactively analyse and debug application error-handling code, DevPartner Fault Simulator helps create an improved end-user experience and eliminates the potential loss of revenue that comes with unplanned application downtime. Key features include:

  • User Education - DevPartner Fault Simulator highlights the areas in source code where faults can be simulated. Developers can select a line of code within Visual Studio .NET, and DevPartner Fault Simulator identifies the list of exceptions that can be simulated at that location. This helps developers to understand what faults their code must be built to handle, supporting best practices in error-handling.
  • Safe Fault Simulation - A .NET Framework fault can be simulated either on a line of code or globally. Environmental failures relating to COM, Disk I/O, Memory, the Network and the Registry can also be simulated. Properties, parameters and conditions associated with every fault make it possible to further refine the simulation.
  • Comprehensive Reports - DevPartner Fault Simulator displays information about the faults being simulated and how they are being handled as the simulation is taking place. It also provides comprehensive results about the error-handling in the application code upon completion of the simulation. The results can be accessed from within the debugger or operating environment. This includes a description of the fault, the current call stack and an error-handler stack for each instance simulated.
  • Re-usable Fault Sets - Fault conditions can be defined, saved and reused during development. Developers may then share fault sets with Quality Assurance staff for re-use with ongoing functional regression testing.

"I used DevPartner Fault Simulator to induce faults on a scripting tool I was developing," said Pierre Arnaud, senior software developer for OPaC. "DevPartner Fault Simulator allowed me to very easily check if the fault handlers I wrote in my code behaved as they should. I was able to test my code in ways I had never dreamt of. The tool tremendously improves test coverage for application development projects."

Gartner estimates that forty per cent of unplanned application downtime is caused by application failures ("bugs," performance issues or changes that cause problems); forty per cent by operator errors (performing a task incorrectly or not performing an operations task at all); and only 20 per cent by hardware (for example, server and network), environmental factors (for example, heating, cooling and power failures) and disasters. Thus, 80 per cent of unplanned downtime can be mitigated by Application Development and Operations working together to improve IT processes, execute pre-deployment testing and complete operations training.*

DevPartner Fault Simulator is completely integrated within the Visual Studio .NET IDE, allowing developers to seamlessly test and verify their error-handling code during development. It also operates as a standalone application outside of Visual Studio .NET and is callable from the command line, supporting the needs of testing organisations and batch processing of functional regression tests.

Compuware DevPartner SecurityChecker 1.0
DevPartner SecurityChecker is a powerful security analysis tool that enables developers to quickly locate and fix security vulnerabilities in ASP.NET applications. DevPartner SecurityChecker uses three distinct modes of analysis to provide the developer with a depth of analysis unmatched in the industry:

  • Compile-time Analysis - DevPartner SecurityChecker inspects .NET assemblies and determines if security issues exist by examining the metadata, intermediate language code, *.aspx files and web.config files. Examples of vulnerabilities detected by compile-time analysis include inheritance threats, debugging enabled, weak security on passwords and unprotected static constructors.
  • Run-time Analysis - Through the ability to watch inside the application as it executes, DevPartner SecurityChecker can detect security errors as they occur. Examples of vulnerabilities detected by run-time analysis include privileged API use, privileged account use, excessive file and registry access, unhandled exceptions and impersonation failures.
  • Integrity Analysis - DevPartner SecurityChecker can simulate an external attack by playing an HTTP-based session and modifying some of the inputs to check for vulnerabilities. Integrity analysis tests for vulnerability to cross-site scripting attacks, SQL injection attacks, buffer overflows, command injection and parameter tampering.

DevPartner SecurityChecker is the only product on the market that performs each of these types of analysis to find security vulnerabilities, resulting in more secure applications than can be created through integrity analysis alone.

"In today's development teams the primary focus is on implementing functionality, whereas security is often overlooked," said Tom Zwonarz, Technical Architect at Telindus Group NV, a Belgium-based network solution provider. "With a tool like Compuware DevPartner SecurityChecker the latter can be taken into account very early in the development stage, which is a lot cheaper than fixing security holes afterwards and also resulting in much more trustworthy code. It was amazing to see how many things can be improved on even a very simple .NET project. A tool like SecurityChecker can really open the eyes of a developer, who is typically not very aware of security-related aspects."

DevPartner SecurityChecker automatically locates security vulnerabilities, which are then categorised and ranked by severity for easy prioritisation and repair by the developer. The product provides a description, contextual information and a suggested repair for each vulnerability detected. As soon as the error is understood, the developer can double click on a security vulnerability, which will drill down to the actual method or line of source code. The developer can then fix the error, re-build the application using Visual Studio .NET and then re-analyse the ASP.NET application using DevPartner SecurityChecker to validate that the vulnerability has been fixed.

"These two new product offerings are great additions to the DevPartner product line," said Ken Cowan, Product Manager for the Compuware DevPartner product family. "DevPartner Fault Simulator and DevPartner SecurityChecker significantly extend the DevPartner product family, enabling development organisations to achieve greater benefits in quality and productivity."

About Compuware

Compuware Corporation (NASDAQ: CPWR) maximises the value IT brings to the business by helping CIOs more effectively manage the business of IT. Compuware solutions accelerate the development, improve the quality and enhance the performance of critical business systems while enabling CIOs to align and govern the entire IT portfolio, increasing efficiency, cost control and employee productivity throughout the IT organisation. Founded in 1973, Compuware serves the world's leading IT organisations, including more than 90 per cent of the Fortune 100 companies.

For more information visit: www.compuware.co.uk

Compuware is a registered trademark of Compuware Corporation. All other product and company names are trademarks or registered trademarks of their respective owners.

Compuware is a member of The Prince's Trust Technology Leadership Group (TLG), a premier industry-networking forum for leaders within the IT industry, established in May 2002.

For Compuware Press Inquiries Contact:

Sophie Jarvis/Kewal Varia
Spark Communications
020 7357 8612
kewal@sparkcomms.co.uk
sophie@sparkcomms.co.uk

* Gartner Application Development Summit: "Software Quality in a Global Environment: Delivering Business Value" by Theresa Lanowitz. September 2004