Page tree

This documentation is no longer maintained and may contain obsolete information.

Page frame name:

FRAME_PORTAL_TRANSACTION_VIEW

This view is designed to:

  • Identify transactions with highest cumulated risk - i.e. a Transaction Risk Index (TRI)
  • Support Action Plan generation

In effect, this view will:

  1. Compute Transactions using CAST's OMG Automated Function Point estimation algorithm:
    1. Objects on the call path (between the Transaction entry point and the data) and that have violations relating to the selected Health Factor are displayed in the view
    2. Objects outside of the call path are not displayed in the view, however they can impact ranking
  2. For each object in the transaction/call path, the VI (Violation Index) is calculated, taking into account the Rule weight and the Health Factor (Robustness, Efficiency, or Security)
  3. The TwRI is equal to the sum of all VI values for all objects in the call path/transaction
Note that a transaction/call path is determined using all link types from the entry point to the end point/data function (these are all the links that are available in the Acc table in the CAST Analysis Service). The only exception to this rule is that some {Ae} (Internally Escalated Access Execute) links are not taken into account (these are links with inftyp = 110 and infsubtyp = 20 in the Objinf table in the CAST Analysis Service).

This is then translated into the Transaction View that lists transactions sorted by Transaction Risk Index (TRI) in descending order:

  • Regarding Robustness, Efficiency, or Security
  • With the ability to send all Violations to the Improvement - Action Plan (or to exclude them).

You can then drill-down on a transaction, listing all objects with violations:

  • Grouped by objects, rules, or not
  • With the ability to send all Violations to the Improvement - Action Plan (or to exclude them)

This view requires access to at least one Application.

Layout

Left hand panel

Please see the section Left hand panel in Using the CAST Engineering Dashboard for more information about this.

Computation principles

Compound Violation Index values along the transactions:

  • Across the layers
  • Across the technologies and languages
  • Filtering on the Health Factor:
    • Robustness,
    • Efficiency,
    • or Security

Computation - advanced

Compound Violation Index values along call graphs

  • Across the layers
  • Across the technologies and languages
  • Filtering on the Health Factor:
    • Robustness,
    • Efficiency,
    • or Security

Filter call graphs that are true end-to-end transactions:

  • Identified as OMG-compliant transactional Function Points

Explanation:

  • Do not display call graphs that are not identified as end-to-end transactions to focus only on transactions and not on partial graphs; ranking of risky call graphs in interesting yet is a different use case
  • Take into account the whole call graph, even outside the direct path between an entry point and a table as harmful violations may exist; this aspect is left out of the overview to keep it simple

In this screen capture, objects are visible in the call graph yet outside of the direct path towards the data entities that will contribute to the TRI as their violations can also impact the Security, Efficiency, and Robustness risk levels.

Sample use case

  1. Identify transactions with highest cumulated risk using the Transaction-wide Risk Index
  2. Generate an Action Plan to reduce the risk of selected transactions
    • Those with highest risk level
    • Those that matter most to the business
    • Those that are the most widely used

Benefits

  • Customers are empowered with a solution to accurately target issues in transactions that directly support the business.
  • … and do something about it!

More specifically:

  • Transaction Risk Index (TRI) provides a concrete measure of the risk level of user-facing features
  • Transaction Risk Index (TRI) provides support for quality investigation and improvement that is aligned with end-users’ concerns, i.e., the features they are actually using


  • No labels