Flying High with Software Intelligence: A Guide for Technical Leads (Part 2)

Jun 1, 2018 by Kyle Christiansen

Any inventor knows it: a great design really isn’t all that great until it stands the test of real-time use. (Proof: All those crazy old movies of flying machines crashing before they even got off the runway.) The same is true with software development. Only through system-level analysis can you learn how components interact with one another across multiple layers (UI, logic and data) and across multiple technologies. Much like those crazy old flying machines, the exact same piece of code can be safe and of excellent quality or highly dangerous, depending on its interaction with other components.

Old Fashioned Airplane

When you conduct system-level analysis in conjunction with application discovery and blueprinting, you’re setting yourself up for success. Three months ago, I shared my insights on getting started with Software Intelligence for the technical lead. Here I'd like to continue with that thread by looking at the process of building Software Intelligence with CAST Architecture Checker.

By using this module of the CAST Application Intelligence Platform (AIP), you can build a view of an application’s structural quality that helps in reducing security vulnerabilities and overall risk. Architecture Checker aids the Technical Lead or subject-matter-expert by:

  • Providing information about application structure
  • Allowing the definition of custom rules
  • Tracking and control of these rules in subsequent application development.

Architecture rules are custom to each application. However CAST’s Extend repository includes a starter library of rules. You can build on these rules and save them for use with future analyses

Constructing Your View

  • Start by building layers and sets–logical containers of elements – within Architecture Checker, using types and properties (attributes of the object). The logic for creating layers can be any combination of technology, identification (e.g. type, name, module, code path, etc.), or category (CAST Quality Rules and Measures)
  • The Layers and Sets display provides a detailed description of contents for each of Architecture Checker’s layer and sets contents.

Layers and Sets_Photo 1

  • Types and Properties displays the contents in the CAST Meta-Model – an exhaustive list of object types and categories.

Once you’ve built the layers representing the objects of a system, you can now build either Authorized Dependencies (acceptable flow through the application) or Forbidden Dependencies (unacceptable flow through the application). Do this by dragging-and-dropping an arrow from one layer to another.

Going Live with Architecture Checker

After repeating this process to build a system “map,” you can now conduct a live violations check, using data from the most recent CAST analysis knowledge base.


Violations_Photo 2

  • Orange connection arrow(s) indicate a violation to the intended model. You’ll also see a count of the number of links violating the model, and you can access a detailed view.
  • When you’re connected to a specific application using Architect Checker, you can conduct Live Check for Architecture Model in the application’s current state. (Green connection arrow(s) indicated an intended connection.)
  • Analyzing and enforcing structural quality and adherence to architecture is difficult. By defining and saving an architecture model using Architecture Checker, the CAST analysis can alert you when violations occur based on the model, then help you to investigate them. You can also leverage Architecture Model to create architectural and custom rules, then save them to the CAST assessment model for later evaluation during application analysis.

Architecture Model_Photo 3

I look forward to your comments and questions about Architect Checker’s role in system-level analysis and building upon overall Software Intelligence. In Part 3, I’ll discuss how you can use CAST Enlighten to blueprint software as you continue to gather, refine, and leverage Software Intelligence – all in your effort to ensure software quality and make certain that your “crazy flying machines” will soar off the runway as planned.

Filed in: Application Quality Application Security Modern Architecture Software Intelligence
Tagged: application architect application architecture Software architecture
Cloud Smart: How to Ensure an Efficient and Secure Journey
Cloud Smart: How to Ensure an Efficient and Secure Journey
Recorded Webinar
Software Intelligence at the core of M&A Advisory

Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services. 

Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the target’s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.

Video Interview
Eliminate vulnerabilities while improving performance
CAST AIP was implemented for a Federal Law Enforcement Agency in the US. CAST AIP helped identify and resolve several critical violations and flaws in the software leading to an immediate saving of ~ $250K in software maintenance.
Case Study
Kyle Christiansen
Kyle Christiansen Technical Solutions Architect
Kyle Christiansen is a Technical Solutions Architect at CAST and has more than a decade of experience as a software engineer and team manager. He has designed systems and product architectures to deliver personalized, secure and highly available apps.
More Posts from Kyle >>

Write a review Average rating:
()
Newest on top Oldest on top
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item
|
()