September 01, 2009 09:00 ET

CAST Deepens Application Security Checks in Enterprise Software Quality Solution

Updates to CAST Platform Identify Sophisticated Security Vulnerabilities at Source Code Level and Provide Insight Into Risk Propagation Across Enterprise Applications

NEW YORK, NY--(Marketwire - September 1, 2009) - CAST (, the worldwide leader in Automated Application Intelligence, today announced the release of substantial enhancements to the CAST Application Intelligence Platform. The new features enable CAST customers to detect and stop a number of sophisticated security vulnerabilities. The CAST Application Intelligence Platform also includes new dashboard features to give software developers and project managers more flexibility in viewing and accessing software quality metrics across multiple applications. CAST 6.4 also features major speed and usability enhancements to its .NET language analyzer.

Corporate IT departments at companies such as Allianz, Family Dollar and Societe Generale; government agencies like the U.S. Food and Drug Administration and the German railway system, Deutsche Bahn; and systems integrators like Atos Origin and Capgemini use CAST to objectively and precisely assess the software quality of applications delivered to business users. Using highly-sophisticated language analyzers and more than 850 industry-best-practice rules for building software, CAST identifies quality lapses in an application's source code, and provides precise guidance on how to fix the problems. The CAST Application Intelligence Platform reads, analyzes and semantically understands most kinds of source code, including scripting and interface languages, 3GLs, 4GLs, Web and mainframe technologies across all layers of an application (user interface, business logic and data layer).

"Software quality is critical because most attacks and system faults occur at the application layer," said Olivier Bonsignour, vice president of Product Development at CAST. "Structural flaws and vulnerabilities can impact application performance, increase maintenance costs over time and bring down systems in production. With version 6.4 of the Application Intelligence Platform, we've focused on adding and improving features that identify precise areas within the software code that leave Web-based applications vulnerable to hackers. In addition to protecting business-critical systems, many of the checks also facilitate compliance with financial, payment card and healthcare industry regulations."

CAST Application Intelligence Platform 6.4 ships with the following new features:

--  Data-Flow Security Analyzer -- CAST analyzes the architecture, design
    and data flows of software systems to uncover and stop sophisticated
    security problems right at the source code level. This capability, now in
    beta, can detect problems with the way that software lets users input
    information, catching security threats such as SQL injection and cross-site
    scripting. The data flow security analyzer can also spot problems with the
    way applications handle errors or exceptions and help prevent misuse of
    APIs. This new feature enables CAST to detect vulnerabilities catalogued by
    the Open Web Application Security Project (OWASP), the SANS Institute and
    the vulnerabilities listed by the U.S. Department of Homeland Security's
    Common Weakness Enumeration (CWE).
--  Smart Risk Index -- A unique feature of CAST, the smart risk index
    helps customers understand risk propagation -- how a quality problem in a
    software object affects the rest of the system. This feature, also in beta,
    assigns a risk propagation factor (RPF) based on the technical quality and
    call path of the object and helps developers prioritize feature build out.
--  Readily-Customizable Dashboards -- CAST dashboards are now
    customizable, giving users more ways to look at snapshots of all
    applications of interest at once, examine elements of an application that
    impact regulatory compliance and generate PDF reports with a single click.
--  Fast, Command-Line Access -- Updates to the CAST Management Studio let
    users choose to work with the command line interface to trigger analyses,
    source code checkers or to integrate with other products, such as source
    code managers.
--  Enhanced .NET Analyzer -- With a new, automated .NET analyzer, users
    no longer need to compile the application, making the analysis process,
    particularly of ASP.NET applications, faster and easier. CAST Application
    Intelligence Platform supports .NET versions up to and including .NET 3.5.

Additional information about the CAST Application Intelligence Platform is available at

About CAST

CAST is the world leader and pioneer in Application Intelligence. CAST provides IT and business executives with precise, quantified insight to immediately and significantly improve the business performance of their critical software assets. More than 650 companies across all industry sectors and geographies rely on CAST to prevent business disruption while reducing hard IT costs. CAST is an integral part of software delivery and maintenance at the world's leading IT service providers including Accenture, IBM, Capgemini and CSC. Founded in 1990, CAST is listed on NYSE-Euronext (Euronext: CAS) and serves Global 2000 organizations worldwide with a global network of offices in the U.S. and Europe. For more information, visit

Contact Information

  • Contacts:
    Keith Giannini
    Joe Palladino
    Schwartz Communications
    Email Contact
    +1 (781) 684-0770