CAST

Category: Software Security

Connected devices in healthcare may be putting you at risk, but not in the way you imagine.
When Software Quality Becomes a Life or Death Matter
It doesn’t matter how many days removed we are from sipping champagne, singing "Auld Lang Synge" and making New Year’s resolutions, we still need to look back at 2017, lest we repeat the same mistakes we've already made.
2017: The Year of MotS (More of the Same)
CAST is proud to announce that we have been included among the 10 most significant SAST vendors and named a “Strong Performer” in “The Forrester Wave™: Static Application Security Testing, Q4 2017
The Forrester Wave™: Static Application Security Testing, Q4 2017 - Forrester Names CAST Among the 10 Top For SAST
CAST provides continuous support for OWASP Top Ten vulnerabilities, providing users with an automated validation of protection. This helps development teams detect places where vulnerabilities are left in code.
Application Security Vulnerability Detection
84% of breaches exploit vulnerabilities in the application layer. Is there a silver bullet for AppSec?
Get Creative with Your Application Security Strategy
Fashion retailer Forever 21 joined a very trendy, yet unexclusive club earlier this month when it announced its point-of-sales systems may have been breached. This blog examines how to integrate automated code review into application security strategies.
Don’t Be ‘Forever’ Vulnerable: Improve Your AppSec Posture
At the upcoming Matinée CIO event in Paris, CAST, along with select partners and customers, will address challenges and best practices for digital transformation initiatives, including compliance, cloud migration, application security and establishing an Agile culture.
CAST Talks AppSec, Compliance and Digital Transformation at Matinée CIO
Cybersecurity is a hot-button issue these days. You can barely go a few weeks without hearing about a company suffering a breach that puts the business at risk. With all eyes focused on making software more secure, a happy side effect might just be a streamlining of software modernization initiatives.
Will Cybersecurity Efforts Change the Game for Software Modernization?
The Open Web Application Security Project (OWASP) aims to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP provides impartial, practical information about AppSec. This post reviews known OWASP vulnerabilities detected by CAST's software analysis.
Application Security Vulnerabilities Detectable by CAST
Application security standards are established by leading industry research and standards bodies to help organizations identify and remove application security vulnerabilities in complex software systems...
Application Security Standards
Finding security, complexity and maintainability issues in complex business systems, improving development team throughput, and controlling global outsourcing contracts are not easy tasks; even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages. Addressing these issues takes a pragmatic approach to developing software and a passion for coding.
It Takes a Craftsman to Uphold Software Quality
When you are a consumer credit company, victimized recently by a serious security breach where hackers exploited an application vulnerability to steal the personal information of roughly 143 million people, what do you do for an encore? For Equifax, the encore may be “get hacked a second time.”
An Encore for Equifax?
The biggest lesson learned from the Equifax breach is that executives and application owners need a software risk scorecard that clearly outlines KPIs around software structural quality and security.
Lessons from Equifax: Get a Software Risk Scorecard
Open source is the lifeblood of modern software development, but it's not without risks, especially when it comes to application security.
A Good Look at Open Source Frameworks: Avoiding Another Equifax
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
Recap: Software Risk & Innovation Summit 2017
CAST recently participated in a TechMarketView round table in London, discussing the effectiveness of digital strategies in banking.
Are Digital Strategies in Banking Working?
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
Following Best Practices to Achieve Application Security & Reduce Risk

It seems more and more frequently we see security and cyber-attacks in the news today. From Yahoo’s apparent cover up of a massive security breach that is damaging its merger with Verizon to the even more recent bank hack in India, where millions of debit cards were compromised, it’s apparent that there are holes in our current defense systems. Adding to the complexity of it all, eWeek has reported that DDoS attacks hit record highs in Q3 2016.

For most data-intensive organizations, it would spell disaster if mission-critical or customer information was leaked. What’s more, security gaps are known to go undetected for much longer in enterprises with a high percentage of legacy systems.

Legacy Modernization is About Application Security Not Just Cost

Insurance organizations have reached a tipping point. Historic institutions, with in some cases hundreds of years of service, they are being forced to transform due to changing consumer demands and nimble, technology-centric startups bringing innovative products to market. No stranger to regulatory and privacy concerns, Insurance carriers have overcome many roadblocks throughout their lifetime of doing business. Now they must tackle their legacy IT systems and improve software risk management to deliver the value today’s market is after.

The Insurance Industry Challenge: Improve Software Risk Management