Making software more secure

CAST brings more than 25 years of excellence in software quality to help CIOs measure and maintain secure software with system-level analysis.

  • Wednesday, 28th June 2017 Posted 7 years ago in by Phil Alsop
CAST has introduced CAST for Security, a new offering that leverages system-level analysis to strengthen the security of business-critical software. CAST for Security helps organisations optimise application design to protect sensitive data by preventing common software attacks and enforcing architectural constructs known to keep data secure.
Combining technology from the Application Intelligence Platform (AIP) and specific rules for static application security testing (SAST), CAST for Security flags security hot spots that are vulnerable to attack, ensures secure coding practices, eliminates false positives and trends security performance over time.
“Cyber risk and security challenges have moved beyond network-level issues to the application layer. To be successful in this new paradigm, CIOs must adopt a holistic, proactive and design-based approach to securing applications while not overwhelming development teams,” said Olivier Bonsignour, EVP of Product Development at CAST. “As organisations adopt DevOps and Agile methodologies for speed, CAST for Security opens a new line of cyber defence by inserting secure design practices from the beginning of the software development lifecycle, resulting in high-quality, secure apps that can still be delivered in a timely manner.”
Most security tools that analyse source code only look for intrusion vulnerabilities, like SQL injection and cross-site scripting. This approach still leaves business-critical data at risk. CAST for Security uses AIP’s system-level analysis to create an architectural blueprint for applications and immediately identify data call pathways that are vulnerable. This also enables teams to estimate the security debt of critical applications for a more complete picture of software risk.
“We see organisations coordinating security with quality initiatives increasingly overall and also as a part of DevSecOps initiatives; applying system-level code analysis to help secure applications during development is a key aspect,” said Melinda Ballou, Research Director, Agile ALM, Quality and Portfolio Strategies at IDC. “Providing contextualised software analysis to reduce noise and help eliminate false positives that distract from actual software vulnerabilities enable visibility and higher success for security and quality strategies.”
“As a recognised leader in analysing system reliability and resilience in IT software, CAST has always had an established set of security findings,” added Lev Lesokhin, EVP of Strategy and Analytics at CAST. “Over the last two years, a significant part of our customer base has tapped CAST for our security capabilities because it’s much more comprehensive than what is available today. CAST for Security is now packaged and priced as a separate offer to make it easier for our customers to benefit from CAST’s expertise in application security.”