10 Things You Should Know About the New Application Intelligence Platform

by

At CAST, we are busy making it simple for IT organizations to communicate, make informed decisions, protect sensitive data and continuously improve the safety and soundness of the software that runs business operations. We call this Software Intelligence, and it’s continuing to help companies save money while driving efficiency and improving software security.

Having worked with dozens of customers and many different versions of CAST Application Intelligence Platform, I am personally very excited about the latest General Availability Release (8.3.3). Not only does this latest version provide the most stable and high performing package of the 8.3 series to date, but the new functionalities it introduces represents several major milestone achievements for CAST.

As an existing CAST Application Intelligence Platform (AIP) user, here are a few things that you will find exciting about AIP 8.3.3:

1. Application Analytics Dashboard (AAD) is Re-Named Health Dashboard
We are moving away from long names and acronyms. We’ve decided to call our main dashboard exactly what it is: Health Dashboard.

2. Health Dashboard Now Contains Tiles and REST API for Action Items
To help managers track the work that’s being assigned and completed without digging into the Engineering Dashboard, the Health Dashboard will now provide the number of action items outstanding and completed. Further, users will also be able to see the number of exclusions made. The data behind these new tiles will also be accessible via REST API.



3. Engineering Dashboard Now Supports Exclusions
The long-awaited functionality is here! You can now directly schedule violations for exclusion in the Engineering Dashboard.



4. Engineering Dashboard Now Allows Searching for Violations and Objects
In the object view, users will be able to search for objects by name. Most users will also notice a marked improvement in the results return speed.



5. Engineering Dashboard’s Code Viewer is Now Color Coded
To make findings easier to parse, syntax in the displayed source code is now color-coded.



6. Simplified Security Configuration and Expanded Coverage
With security on the top of many of our customers’ minds, we are focused on expanding our application security coverage as part of the Software Intelligence we provide. We are simplifying security configuration to get users to valuable security findings faster, out-of-the-box.

First, User Input Security detection for Java will now be automated through our new Security for Java extension. Second, Automated Blackboxing will help uncover vulnerabilities without any additional configuration! Lastly, we are expanding our CWE rule set to give you more complete coverage (and we are going to continue down this path):

  • CWE-134: Avoid uncontrolled format string
  • CWE-434: Content type should be checked when receiving a HTTP Post
  • CWE-672: Expired or Released Resource should not be used
  • CWE-681: Avoid numerical data corruption during incompatible mutation
  • CWE-798: Use of Hard-coded Credentials

7. Python is now Supported
As our customers begin to adopt more microservice architectures, we are responding. Python is one of the leading languages in the microservices space. We are happy to announce our new support of this technology!

8. Web Technology Analyzer is Available Out-of-the-Box and is Easier to Configure
The HTML5 and Javascript extension will now be included in the base AIP package. For easier configuration, it will automatically discover web files in your source code and configure analysis units upon discovery.

9. NoSQL Databases for Java and .NET are now Supported
Another very important trend in software is leveraging the power of NoSQL databases. We are very pleased to introduce the support of MongoDB, MarkLogic, and Couchbase for Java and .NET based systems.

10. Architecture Checker has Template Models Out-of-the-Box
Architecture Checker has long been one our most popular modules for advanced AIP users. To make it more scalable and easier to adopt across the enterprise, common models will be included out of the box focusing on standard architecture for Java, .NET, and Mainframe systems.

If you’re not a current AIP user but would like to learn more, sign up for a free demo here!

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
John Chang
John Chang Head of Solution Design
John Chang is the Head of Solution Design for CAST in North America, helping Fortune 2000 companies leverage CAST’s solutions to reduce system-level defects and improve application development outcome success.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|