Our portfolio analysis product, Highlight, can discover the common open source frameworks in your application. Our Application Intelligence Platform does the deepest analysis of open source frameworks in the industry. We have an action plan for you to assess your exposure and remediate your hotspots across the enterprise within just weeks.
Step 1 - Distributed and Lightspeed Analysis
Send an email to all project leads or application owners, internal and outsourced, with simple instructions on how they can access the CAST Highlight portal. They download a local agent, scan their relevant code stack, and answer a few survey questions online. Simple as pie, and hundreds of project leads can complete the process simultaneously in just 10 minutes.
Step 2 - Upload Encrypted Results in Private and Secured Cloud
All project leads or app owners upload a small encrypted text file containing analysis results to the CAST Highlight portal. This includes a list of framework versions and libraries used in the code, stats about the code, but not the code itself. CAST Highlight is compliant with the highest security regulations and standards. And again, no source code is gathered by this process.
Step 3 - Enjoy Unprecedented Management Insight
CAST Highlight uses answers to the survey to contextualize the source code-based intelligence gathered by the agent, and instantly generates intuitive heat maps, charts, and graphs to support critical planning decisions such as IT budgeting, sourcing strategies, and application portfolio rationalization. The list of open source frameworks and the CVEs associated to them forms an immediate hit list to address from a security standpoint.
Step 4 - Deeper Analysis with our Application Intelligence Platform
CAST AIP is the world’s most comprehensive application software analysis engine. AIP reverse-engineers the application model from all the source code components of the application, including the most common frameworks like Struts, Spring and Hibernate. After identifying the applications that have vulnerable frameworks, AIP helps us ensure the framework issue is exploitable, and formulate a remediation plan that takes into account the impact on other application components.
