Application development demands detection and diagnostic toolsets to minimise costs, risks

With application software playing an increasingly strategic role in the success or failure of businesses around the world, companies cannot afford to wait until the application goes live to determine what, if any, bugs it may have.

Yet, says Catherine de Klerk, automated software quality technical consultant at Compuware SA, that's precisely what many organisations do: a recent survey revealed that it's not unusual for a standard 50 000-line application to contain between 150 and 300 bugs. And when developers were asked if they had recently experienced any bugs related to their applications' error-handling code, 61% said yes.

"Today, more than ever before, the IT development community needs to extend its ability to detect and diagnose software quality errors during development to avoid unplanned application downtime, potential lost customer revenue, increased development costs and the risk of security vulnerabilities.

"Currently an application's error handling capability is only tested in the live environment when it is faced with real errors and when, in the case of a security breech, it may be too late," she adds.

This is particularly true to the Microsoft .Net framework, which is being billed as the foundation of the next generation of Windows-based applications that are easier to build, deploy, and integrate with other networked systems.

But security vulnerabilities in .Net web-based applications remain a concern with 70% of security attacks on web-based applications occurring at the application layer.

"High quality and reliability of application error-handling code is notoriously difficult to test during an application's development life cycle yet is clear that this is precisely what developers need if they are to be able to quickly locate and fix security vulnerabilities in .Net applications," De Klerk says.
"In fact, developers need to be able to quickly identify security vulnerabilities right to the line of source code and receive immediate expert advice on implementing a repair, reducing the overall mean time to resolution."

A survey conducted by Compuware found that 95% of developers surveyed rated the importance of a tool to verify error-handling code as either important or very important.

This was because they faced challenges such as:

• Identifying what errors can occur, where and when;
• Tracing error handling execution;
• Errors corrupting the debugging environment;
• Lack of tools for error simulation and analysis;
• Difficulty in creating repeatable tests; and
• Time-consuming, manual process for testing.

Compuware's DevPartner Fault Simulator and DevPartner SecurityChecker address these issues, mitigating risk and identifying defects and other issues well beyond other traditional automated software quality tools.