Featured Webinar: AI-Enhanced API Testing: A No-Code Approach to Testing | Watch Now

Reading Time: 3 minutes

Overview

CAPITAL Services is a credit card portfolio management company based in Sioux Falls, South Dakota. Their services provide clients with data and models to drive business decisions and to manage profitability in the credit card portfolios. With a combination of software, statistics, technology and business savvy, CAPITAL Services helps their clients improve customer experience, increase profitability, and reduce compliance risks and costs.

Since software plays such an important role in CAPITAL Services’ business, they needed better insight into the quality and security of their software products and services. A big part of this was static application security testing (SAST), test automation with Microsoft .NET support, PCI DSS compliance, and API test automation.

The Challenges

Close up image of partial credit cards strewn atop each other.

CAPITAL Services software deals with highly sensitive information so security, compliance, and risk mitigation are critical for the company. Recognizing the continued complexity of attack vectors and code development, CAPITAL Services looked to improve the visibility into potential security and quality issues.

CAPITAL Services needed actionable data to help pinpoint remediation activities and better transparency among QA, development, and management to improve software deployment and delivery.

When first engaging with Parasoft, CAPITAL Services outlined the following goals.

  • Improve test efficiency and remove the reliance on manual testing.
  • Maintain compliance of source code with industry standards such as PCI DSS, OWASP Top 10, and CWE Top 25.
  • Improve the security and regression testing of API services and endpoints.

“We have been very impressed with Parasoft’s engagement with us. When we’ve had questions and needed help, they’ve been there, working with us closely, keeping us up to date on the latest innovations. It’s been a good relationship.”

—Heath McIntyre, director of software development at CAPITAL Services

The Approach

Image of young female and male software developers and testers collaborating and discussing testing results

The first step CAPITAL Services took was to implement SAST across their entire codebase, which includes internal and external-facing applications, and middleware in between that contains their business logic.

The next step was adopting test automation for their APIs to better test functionality but also to achieve better test coverage and security testing.

The Solution

CAPITAL Services evaluated Parasoft as the top vendor to partner with for addressing their immediate need to standardize their coding practices around security standards like PCI DSS. They recognized that implementing DevSecOps meant providing a solution that was tightly integrated with the developers’ toolchain, particularly the IDE and build environment.

CAPITAL Services also recognized Parasoft’s alignment with their overall initiative to improve their development and testing processes. Scriptless and easily maintained regression tests of their API layer now run regularly and help identify issues that would go unnoticed prior to partnering with Parasoft.

“Now we run regression tests across everything, so we might catch something we didn’t before…that is where our quality has really gone up.”

—Heath McIntyre, director of software development at CAPITAL Services

CAPITAL Services adopted Parasoft dotTEST as their SAST and code coverage solution. They also use Parasoft SOAtest for API testing and Parasoft DTP for analytics and project dashboards and reports.

The Results

The software quality improvements that CAPITAL Services has seen are a direct result of Parasoft automating their regression testing and bettering testing in general as they moved away from manual testing. Here’s a quick list of those software quality improvements:

  • Reduced overhead costs of regression testing
  • Improved security
  • Increased code coverage
  • Faster, more efficient testing
  • Greater transparency with leadership

“Before we started automating, we were basically manual testing. Every time we made a change, a tester had to manually regression test everything. So, just getting that kind of automated coverage and ongoing regression testing has definitely helped a lot with efficiency.”

—Heath McIntyre, director of software development at CAPITAL Services

See how your dev team can improve software security and quality with automated testing solutions.

  • Industry: Financial
  • Location: Sioux Falls, South Dakota
  • Solutions: dotTEST, SOAtest, DTP