CAST Expands Application Security Checks in Enterprise Software-Quality Tool

CAST platform can now identify sophisticated security vulnerabilities at source-code level, provide insight into risk propagation across enterprise applications

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

CAST has made substantial enhancements to the CAST Application Intelligence Platform. The new features enable CAST customers to detect and stop a number of sophisticated security vulnerabilities. The updated CAST Application Intelligence Platform also includes new dashboard features to give software developers and project managers more flexibility in viewing and accessing software quality metrics across multiple applications. CAST 6.4 also features major speed and usability enhancements to its .NET language analyzer.

Enterprises use CAST to objectively and precisely assess the software quality of applications delivered to business users. Using highly sophisticated language analyzers and more than 850 industry-best-practice rules for building software, CAST identifies quality lapses in an application’s source code, and provides precise guidance on how to fix the problems. The CAST Application Intelligence Platform reads, analyzes, and semantically understands most kinds of source code, including scripting and interface languages, 3GLs, 4GLs, Web, and mainframe technologies across all layers of an application (user interface, business logic, and data layer).

“Software quality is critical because most attacks and system faults occur at the application layer,” said Olivier Bonsignour, vice president of product development at CAST. “Structural flaws and vulnerabilities can impact application performance, increase maintenance costs over time, and bring down systems in production. With version 6.4 of the Application Intelligence Platform, we’ve focused on adding and improving features that identify precise areas within the software code that leave Web-based applications vulnerable to hackers. In addition to protecting business-critical systems, many of the checks also facilitate compliance with financial, payment card, and health-care industry regulations.”

CAST Application Intelligence Platform 6.4 ships with the following new features:

  • Data-Flow Security Analyzer: CAST analyzes the architecture, design, and data flows of software systems to uncover and stop sophisticated security problems right at the source-code level. This capability, still shipping in beta, can detect problems with how that software lets users enter information, catching security threats such as SQL injection and cross-site scripting. The data flow security analyzer can also spot problems with the way applications handle errors or exceptions and help prevent misuse of APIs. This new feature enables CAST to detect vulnerabilities catalogued by the Open Web Application Security Project (OWASP), the SANS Institute, and the vulnerabilities listed by the U.S. Department of Homeland Security’s Common Weakness Enumeration (CWE).

  • Smart Risk Index: A unique feature of CAST, the smart risk index helps customers understand risk propagation -- how a quality problem in a software object affects the rest of the system. This feature, also in beta, assigns a risk propagation factor (RPF) based on the technical quality and call path of the object and helps developers prioritize feature build out.

  • Readily-Customizable Dashboards: CAST dashboards are now customizable, giving users more ways to look at snapshots of all applications of interest at once, examine elements of an application that impact regulatory compliance, and generate PDF reports with a single click.

  • Fast, Command-Line Access: Updates to the CAST Management Studio let users choose to work with the command line interface to trigger analyses, source code checkers, or to integrate with other products, such as source-code managers.

  • Enhanced .NET Analyzer: With the new, automated .NET analyzer, users no longer need to compile the application, making the analysis process, particularly of ASP.NET applications, faster and easier. CAST Application Intelligence Platform supports .NET versions up to and including .NET 3.5.

Additional information about the CAST Application Intelligence Platform is available at www.castsoftware.com/Product/Application-Intelligence-Platform.aspx.