CAST Security
Page tree

Versions Compared

Old Version 65

changes.mady.by.user James Hurrell

Saved on

compared with

New Version Current

changes.mady.by.user N Padmavathi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

On this page:

Table of Contents
maxLevel34


Info
Summary: This page provides instructions for using the Security Dashboard, i.e. how to login, what information is available etc.

...

Info

If you need to know more about how to deploy the Security Dashboard, please see: Deploy the CAST Security Dashboard.

Connecting to the Security Dashboard

To connect to the Security Dashboard, browse to the URL provided to you by your CAST Administrator. This will usually be in the following format:

No Format
http://<server>:[<port>]/CAST-Security

The login page will then be displayed:

Image Removed

Logging in / logging out

Login

To login to the Security Dashboard, you need to enter a username and password and then click the Log In button.

Depending on the authentication mode configured by the CAST AI Administrator (see Deploy the CAST Security Dashboard for more information) you need to login with a presupplied username and password, or your corporate username and password. If in doubt, contact your CAST AI Administrator.

Info

If for any reason a user cannot access the Security Dashboard (they do not have a login or they have forgotten their password), it is possible to configure a "Can't access" link to be displayed on the dashboard login page. Please see Lost password and request access configuration (from the CAST AIP documentation) for more information.

Cannot login

This section describes some of the reasons why you may not be able to login to the dashboard:

Info

Note that the message displayed on login can be tailored to your own organization's needs. Please see Modifying login error messages (from the CAST AIP documentation) for more information.

Not authorized

...

If you are not authorized to view any data in the Security Dashboard, then upon login a message will be displayed as follows and no further use of the dashboard is allowed:

Image Removed

Info

Note that data authorization is explained in Configuring data authorization.

No license key

Expand

If you attempt to login to the Security Dashboard when no license key has been configured, the following message will be displayed:

Image Removed

Logout

Click the logout button to logout from the dashboard:

Image Removed

Session timeout mechanism

By default a session timeout mechanism is in use. When the dashboard detects a session timeout (i.e. there is no GET or POST activity) users will now be notified with an opportunity to continue the session (if within the timeout period) or log back in (if the timeout period has expired) to the system. On timeout, the following dialog box will be displayed - this indicates (in the upper right corner) how many seconds are remaining before a re-login will be required - the default remaining seconds is set to 10. Clicking Continue will return to the session without requiring a login:

Click to enlarge

Image Removed

If the Time left gets to 0, then the Continue button will be disabled and the re-login button will be activated. Clicking Re-login will return the user to the login screen where authentication is required to continue the session:

Click to enlarge

Image Removed

Info

Note that:

  • when SAML/SSO authentication is in operation, users will be redirected to the dashboard home page (i.e. no need to re-login) when they click the Re-Login button.
  • You can modify the remaining seconds before a login is required by editing the ced.json file and adding the alertTimeoutInterval parameter. See CAST Dashboard Package - Engineering Dashboard json configuration options for more information.

Multiple Applications or single Application?

On login, depending on the number of Applications available, behavior is slightly different:

...

You are taken direct to the Application landing page:

Image Removed

...

You are offered a choice of which Application to access:

Image Removed

When the Application is selected, you will be taken direct to the selected Application's landing page (as shown above). If you are not authorized to access the selected Application, a "You are not authorized to access any applications" message will be displayed.

If you would like to choose different Application, you can do so using the dropdown list box located on the menu bar:

Image Removed

If you cannot locate the Application you require, you can use the search field to search for the Application - the search is instant - entering a single character will start the search mechanism:

Image Removed

Info
Whenever relevant, loading icons will display when data could take some time to fetch/process and/or display.

This software is subject to a limited access message

If, on login, you are presented with the following message on each page in the Security Dashboard, you should contact your CAST Administrator to request that the license is updated:

No Format
There are too many authorized users to connect to your Security Dashboard.
To avoid this limitation, you can contact your CAST Project Manager to update your licensing terms and conditions.
Info

You can click the link on the "CAST Project Manager" text o contact the administrator. Doing so will open an email in your default email client requesting that the license is updated.

Security Dashboard interface

This section provides a brief explanation of the interface display options that are available to you.

Info
Note that the tiles displayed out of the box are fully configurable by the CAST AI Administrator.

Application landing page or home page

The Application landing or "home" page is displayed after a successful login:

Image Removed

It consists of multiple tiles used to display data and information from the most recent snapshot of the selected Application:

...

Image Removed

This default tile displays "at a glance" information about the current Application status:

  • the number of Violations or Critical Violations in the Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • the number of Rules in the Application that have been triggered during an analysis/snapshot (this figure includes default CAST AIP Rules and also custom rules with IDs above 1,000,000)
  • the number of Critical Rules in the Application that have been triggered during an analysis/snapshot
  • clicking this tile will take you directly to the Risk investigation view (this can also be accessed by clicking the Image Removed button available in the sidebar).

...

Info

All these tiles require that the extension "Quality Standards Mapping" is installed BEFORE a snapshot is generated.

Various additional tiles are displayed as follows:

Image Removed

  • these display the number of Violations or Critical Violations in the Application for all the rules that are tagged with a specific tag (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • Clicking on any of these tiles navigates to the Risk investigation view (this can also be accessed by clicking the Image Removed button available in the sidebar) with the specific tag selected at the top of the table - therefore filtering and displaying only rules that have this tag. "All Rules" will be selected in the Technical Criteria table and the list of rules displayed in the right hand panel are those that correspond to the selected tag.

Image Removed

No applicable rules

When no rules belonging to the selected tag have been triggered, the tile displays "No applicable rules":

Image Removed

Critical Violations / Violations

Enabling / disabling the Critical Violations filter will effect the violation count displayed in these tiles:

Image RemovedImage Removed

Technologies Overview tile

Image Removed

  • the total number of Violations or Critical Violations in the current Application per specific technology - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application for that specific technology (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • Clicking this tile will take you directly to the Risk investigation view with the corresponding technology highlighted in the technology drop down (this can also be accessed by clicking the Image Removed button available in the sidebar).
  • Drill down click option is disabled if the tile displays "N/A" Violations/Critical Violations.

Risk Introduced tile

Image Removed

By default, this tile shows two values for the Security Health Measure:

  • Added Critical Violations or Violations > The number of critical violations or violations (i.e. "risk") introduced in the current snapshot
  • Removed Critical Violations or Violations > The number of critical violations or violations removed from the current snapshot

Values are a comparison between the previous and current snapshot, therefore if this is the first snapshot then there will be Added Critical Violations or Violations but no Removed Critical Violations or Violations.

Info

Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

Behaviour when the tile is clicked

Clicking the tile will take you directly to the Health Measure in the Risk Investigation view (see Using the CAST Security Dashboard for more information), however, the Risk Investigation view will only show added and removed violation information. Any Health Measure, Technical Criterion or Rule where the number of Added and/or Removed violations is 0, will not be visible. A message will reflect this:

Image Removed

Application Components tile

Image Removed

This default tile displays "at a glance" information about the Violation status for the current Application:

  • the number of Modules present in the Application (Modules can be configured during an analysis to divide the Application into meaningful groups)
  • the number of Lines of Code present in the Application
  • the total number of Objects in the current Application that contain at least one violation (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • the total number of Violations or Critical Violations in the current Application - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • the total number of Rules that have been violated in the current Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))

Clicking this tile will take you directly to the Application investigation view (this can also be accessed by clicking the Image Removed button available in the sidebar).

Top Riskiest Transactions tile

A "Top Riskiest Transactions tile" is provided "out-of-the-box" for the Security Health Measure:

Image Removed

This tile provides a clickable "cloud" of transaction names  - the larger and bolder the font used to display the transaction name, the higher the TRI value (TRI or Transaction Risk Index is an indicator of the risk for transaction) has within the Security Health Measure.

Clicking a transaction name in the tile will take you directly to the parent Health Measure in the Transaction Investigation view (this can also be accessed by clicking the Image Removed button available in the sidebar):

Click to enlarge

Image Removed

Top Riskiest Components tiles

A "Top Riskiest Components tile" is provided "out-of-the-box" for the Security Health Measure:

Image Removed

This tile provides a clickable "cloud" of object names  - the larger and bolder the font used to display the name, the higher the Risk (previously known as PRI: Propagated Risk Index) value the object has within the Security Health Measure. See this table for more information about how Risk is calculated.

Clicking an object name in the tile will take you directly to the object in the Application Investigation view - for example clicking the MFJDEMUT object will show this (click to enlarge):

Image Removed

Top Modules with Violations or Critical Violations tile

One "Top Modules with Violations" tile is provided "out-of-the-box" for the Security Health Measure:

Image Removed

This tile provides a listing of the modules sorted by the number of violations / critical violations present in each module. Tile can be resized to display more or less modules. Clicking a module in the tile will take you directly to the module in the Application Investigation view. In the Application Investigation view, violated Rules are listed by their number of violations, with critical rules first (by default: ordered by number of violations):

Image Removed

Info

Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

Security Health Measure weakness/strength tiles

Two tiles listing the Strength and Weakness of the Security Health Measure, listed by Technical Criteria:

Image Removed

Info

Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

These tiles provide

  • Strengths: Items displayed at the Technical Criteria that do not have any critical violations (this includes Technical Criteria that have no critical Rules or Technical Criteria that have critical rules with no violations).
  • Weaknesses: Items displayed are the Technical Criteria considered to have at least one critical violation. The Technical Criteria are sorted from worst (top) to least bad (bottom).

Clicking a Technical Criterion in the tile will take you directly to the Technical Criterion in the Risk Investigation view:

Image Removed

Top Rules with increasing violations

A "Top Rules with increasing violations" tile is provided "out-of-the-box" for the Secure Coding - Input Validation technical criterion:

Image Removed

These tiles displays Top Rules with increasing violations: the value represents the difference (increase) in the number of violations for the Rule between the most recent and the previous snapshot. The higher the value, the larger the difference, i.e. those Rules listed at the top of the list have MORE violations since the previous snapshot.

Violation count difference is displayed on the right of a rule and a red dot is added when the rule is critical. Rules are clickable and will take you direct to the Rule in the Risk Investigation view.

Info
Note that the default behaviour in the dashboard is to display ONLY Critical Violations (see Data filtering on Critical Violations) - therefore the display in this tile will reflect this and only Critical Violations (with a red dot) will be displayed. If the default filter is disabled to show ALL violations, then the tile will display Critical and non-Critical Violations.

Action Plan tile

A default Action Plan tile is displayed showing, initially, the total number of objects that have been added to the Action Plan list since the last snapshot was generated. Clicking the tile will take you directly to the Action Plan).

Image Removed

This tile can be manually re-sized (drag and drop the corners or sides of the tile) to include more information about Pending and Solved items (see the Action Plan for more information about the Pending and Solved statistics):

Image Removed

Exclusions tile

A default Exclusions tile is displayed showing:

  • Active Exclusions > Shows the number of violations that have been added to the Exclusion list and a subsequent snapshot has been generated (therefore the violations are not part of the results of the current snapshot) - i.e. they are actively excluded.
  • Scheduled Exclusions > Shows the number violations that have been added to the Exclusion list and no snapshot has yet been generated (therefore the violations still form part of the results of the current snapshot). When a snapshot is generated, exclusions in this list will move to the Active Exclusions list.

Clicking the tile will take you to the relevant Exclusion page, see Security Dashboard - Exclusions for more information.

...

Default tile:

Image Removed

...

Small size:

Image Removed

Continuous Improvement tile

A "Continuous Improvement" tile is available out of the box:

Image Removed

  • This tile shows the following information:
    • Removed Violations in the current snapshot
    • Added Violations in the current snapshot
  • No data is shown when a previous snapshot is activated.
  • Clicking the tile will take you direct to the Improvement tab, which is part of Continuous Improvement.

...

As explained previously the landing page or home page contains a set number of "default" tiles that are delivered "out of the box". Your dashboard Administrator may chose to configure additional tiles or custom locations for the default set of tiles but you have a certain amount of freedom to set up the home page as you require:

  • All tiles (custom and default) can be moved by dragging and dropping to the new location.
  • Some tiles can be resized larger or smaller by dragging and dropping the bottom right hand corner of the tile. When tiles are configured (whether custom or default), they contain information that specifies their maximum and minimum size on the horizontal and vertical axes - i.e. you may find that certain tiles will not resize as you wish - this is by design.

Saving changes

Changes you make to the location or size of tiles is saved via a cookie, therefore the positions and sizes of tiles will be retained over successive sessions using the same browser. Using a different browser on the same workstation will not retain the changes to the tiles.

...

If you would like to reset the position and size of the tiles as they are provided to you "out of the box", you can use the Reset homepage option located in the top right hand corner:

Image Removed

Adding tiles as bookmarks/favorites

If you would like to monitor a specific Rule (perhaps a critical Rule with multiple violations) in your Application via a tile in the landing/home page you can do so by adding a "bookmark" or "favorite" tile which links to the item in question. To do so:

  • Navigate to the item you would like to monitor. In this example we have a chosen a critical Rule that has a high number of violations.
  • Ensure the item is selected, then click the star icon (highlighted below) to add the item as a bookmark or favorite on the landing/homepage:

Image Removed

  • A message will inform you that the tile has been added:

Image Removed

  • The tile will now be visible in the landing/home page. The number of violations will be displayed, whether the rule is critical and, where applicable, an evolution percentage will be displayed which represents how the number of violations for the Rule has evolved between the current and previous snapshots:

Image Removed

Info

Tips:

  • It is only possible to create a bookmark/favorite for a Rule. Any other type of item (Business Criteria, Technical Criteria, Distribution and Measure) are excluded from this feature.
  • Bookmark/favorite tiles are easily recognisable in that they feature a star icon in their upper right corner.
  • These tiles can be resized and moved just like any other custom/default tile.
  • You can remove the tile by rolling your mouse over the star icon in the upper right corner of the tile - it will transform into a cross and remove the tile when clicked. A message will inform you that the tile has been removed.
  • Bookmark/favorite tiles are persistent between browser sessions, but are specific to the browser. In other words, bookmark/favorite tiles are only visible in the browser they were created in (provided the browser cache/cookies have not been emptied since the tile was created).

Changing tile colors

Each tile displayed in the landing or home page will be configured with a predefined colour. However, you can change this from your browser:

  • Click the cog icon in the top right hand corner of any tile and choose the colour you require.

Image Removed

Info
  • The updated color of the tile is stored in the browser cache, therefore:
    • the tile chosen color will be retained until the cache is emptied.
    • the chosen color is specific to the browser, therefore other dashboard users will not see the new color
  • Resetting the homepage will reset the tile color to the default.

...

By default, the Security Dashboard is delivered with language display set to English: all messages and text displayed in the dashboard is only displayed in English. However, it is possible to choose a specific language locale and provided that a translation of the default English text and messages has been configured (see Dashboard localization in the CAST AIP documentation), the dashboard will then display text and messages in the chosen language. To do so, click the user menu drop down and select the the Change Language option:

Image Removed

A popup window will then enable you to select the required language - choose the language and click Change:

Image Removed

The dashboard will then reset and text items will be displayed in the chosen language.

Info

Note that:

  • changes are browser specific and are stored in the cache. Therefore if the cache is emptied, the language will reset to the default. See Dashboard localization in the CAST AIP documentation.
  • only those languages that are defined for use will be available in the drop down.

...

Image Removed

A description of each numbered item is provided below:

...

This option enables you to select a specific snapshot to investigate - if multiple snapshots are available for the current Application. This allows you to "go back in time" and investigate data from a previous snapshot. Note that not all data is available for previous snapshots. See snapshots for more information.

...

Clicking this icon will open a new email in your default email client, together with a link to the current location in the dashboard. You can therefore use option to share a link with colleagues. Example email shown below:

No Format
Hi, I want to share with you my Security Dashboard. You can access it by clicking this url :
http://server:8080/CAST-Engineering/engineering/index.html#ADG/applications/101/snapshots/2/business/60017/qualityInvestigation/60013.
Regards.

...

Activates a basic search field enabling you to search for names of items in the Assessment Model:

  • Search results will include items dependent on the location in which you made the search.
  • Search is not contextual and is instead global to the entire current snapshot
  • search functions in "contain" mode, i.e. search results must contain text matching the search query term
  • the number of results is displayed
  • the list of results for object searches contains the following information: object name page, object type and object fullname
  • results are paginated, scroll with the scroll bar to view more results
  • clicking an item in the search results will drilldown to the exact location of the item in the dashboard

A search made in Home page, Risk Investigation view, Transaction investigation view and Action/Exclusion lists will give results for the following items:

  • Business Criteria
  • Technical Criteria
  • Rules
  • Measures
  • Distributions

Image Removed

A search made in Application investigation view will give results for the following items:

  • Objects

Image Removed

Info
  • The Search feature uses the open source Lucene search software
  • It relies on the existence of an index which is generated automatically when the application server is started.
  • You can find out more in Managing the Search index (from the CAST AIP documentation).
  • An Advanced Search feature is also available that allows you to search for an object name based on a list of violations. See Advanced Search for more information.

...

Indicates the name of the current user that is logged in to the Security Dashboard. A drop down list box is also available:

Image Removed

This contains the following options:

Image Removed

...

Image Removed

...

This option focuses on the application's technical components (i.e. its objects) and provides violation details on those objects and their related dependencies.

...

This option provides access to the Education / Continuous Improvement features. By default, the focus will be on the Education feature.

...

This option provides basic help for various items in the Security Dashboard. To use it:

  • Click the button in the sidebar (1) - the button will transform into a cross inside a circle
  • Any contextual help that has been configured on the current page will be highlighted with a plus sign in a blue circle (2)

Image Removed

  • Click the plus sign in a blue circle to view the contextual help:

Image Removed

  • To exit the contextual help, first click the cross in the upper left corner of the contextual help explanation to close the explanation, then click the contextual help button in the sidebar menu.

What information is available?

Info
Note that the Security Dashboard features a server cache to improve the speed of data display. This does mean, however, that very recent changes in data (i.e. a new snapshot generation) may not instantly appear in the dashboard. If this is the case, the server cache needs to be manually reloaded. See Reload the cache (from the CAST AIP documentation).

The information displayed in the Security Dashboard is derived from snapshots generated by the CAST AI Administrator and provides a detailed "engineering" level view of your set of Applications - this includes specific information about Rules and Violations.

...

All data that is displayed is taken from the most recent snapshot that has been generated for the selected Application. However, it is possible to view data from a previous snapshot if required by using the snapshot selector in the top menu:

Image Removed

Clicking this option will display a drop down menu where you can select the snapshot you require:

Image Removed

To view a previous snapshot, select it on the timeline and then click the Select Snapshot option:

Image Removed

The display will then update to show the data from the selected snapshot.

Info

Note that when viewing data from a previous snapshot, some information/tiles are not available:

  • Action Plan - the Action Plan is available in the previous snapshot, however, the ability to change the action plan (add/edit violations) is only available from the most recent snapshot.
  • Education is not available
  • Application Investigation is not available (data not historized in database)
  • Source Code is not available
  • Some tiles refer to data that is not available in a previous snapshot. In this case, inactive tiles are still displayed using faded colours and contain a short text explaining the issue. The following tiles are not available:
    • Application Components
    • Top Modules with Critical Violations
    • Top Riskiest Components

Returning to current snapshot

To return to the current snapshot data use the snapshot selector button on the top menu bar to select the most recent snapshot:

Image Removed

...

By default, the Security Dashboard only shows information about Critical Violations, rather than showing data for ALL violations - this allows you to instantly see the most important flaws in the analyzed application.This data filter is controlled by the following icon in the Top Menu bar:

Image Removed

When in the default position showing only information about Critical Violations, the icon is colored red as shown above. When in this position, the dashboard only shows information about Critical Violations and other non-Critical Violations are ignored. For example, the Risk Model tile will display data only about Critical Violations (as specified in the black circle):

Image Removed

Info

Note that:

  • all tiles and views in the dashboard are impacted by the data filter and will update their display accordingly. Only the following components are unaffected:
    • Action Plan / Exclusion tiles
    • Top Riskiest Components tile
    • Top Riskiest Transactions tile
  • if you use a fixed URL (for example a bookmark) to access data such as a violations of a non critical Rule, then a message will be displayed to inform you that the filter has been temporarily disabled:

Image Removed

  • if you reset the homepage (see Configuring the landing or home page for more information about this option.) then the filter will return to its default setting showing only Critical Violations.

Disabling filtering on Critical Violations

If you would prefer to view all data about ALL Violations (not just Critical Violations) in your application, you can disable the filter by clicking the filter icon on the top menu:

Image Removed

Once the filter is disabled, ALL data is now displayed. For example the Risk Model tile now displays data about ALL violations:

Image Removed

Data display

The data available is displayed using various different "views":

  • Risk Investigation
  • Application Investigation
  • Transaction Investigation

...

Accessible from the sidebar menu Image Removed or by clicking the Risk Model tile, this view enables investigation of the application risk from the Assessment Model perspective - moving through Health Measures/Business Criteria, Technical Criteria, Rules/Measures/Distributions right down to the objects in violation.

By default, only Business Criteria that are categorised as Health Measures will be displayed in the dashboard. All other Business Criteria that are NOT Health Measures will not be displayed. You can override this behaviour, to display ALL top-level Business Criteria if required - see Dashboard wide configuration options in json from the CAST AIP documentation.

Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Health Measure to an individual object that is in violation. Take for example the top level list of Health Measures:

Image Removed

Selecting a Health Measure in this table will display all of the contributing Technical Criteria in the right hand section:

Image Removed

Info

When a Health Measure is selected, the first row in the Technical Criteria list will be titled "All Rules...". Selecting this item will display a list of all the Rules that contribute to the selected Health Measure:

Image Removed

Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Rules in the right hand section:

Image Removed

Selecting a contributing Rule will move the item to the left hand side of the page and display details about it (including the list of objects in violation, computing details, and rule/distribution/measure documentation) in the right hand section:

Image Removed

Info

Note that when there are many violations to display, a "Show More" button will be available:

Image Removed

By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Dashboard wide configuration options in json from the CAST AIP documentation).

Finally, depending on the item (Rule, Distribution, Measure), you can do as follows:

Rule

For a Rule the following sections are available:

Violations

Expand the list of Violations

Image Removed

...to view the objects violating the selected Rule:

Image Removed

Header icons

The following icons will be available:

Image Removed

...

Info
Note that Source Code is not available when viewing data from a previous snapshot.

Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:

  • the object in violation
  • or the violation details when available (e.g. bookmarks, paths).

Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).

The Rule name is also highlighted using colour (yellow for a standard Rule (as shown below), and red for critical):

Image Removed

Info

Please note that in the current release of CAST AIP, the display of source code is limited in functionality:

  • The source code does not currently show all violations for Rules that reference User Input Security elements, such as:
    • The Rule "Avoid direct or indirect remote calls inside a loop"

When a Rule involves "cyclical calls" such as the rule "Avoid cyclical calls and inheritances between packages", then the source code display is altered slightly as follows. A cyclical call means two packages refer to each other through a call and therefore, the result of this could be a circular dependency. So in this case, the dashboard does not show the detailed source code but the list of packages involved so that we can show where these cyclical calls are located.

Image Removed

If a "copy/pasted" Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:

Image Removed

After clicking on the object in the Violation details table, a separate page will be opened to show the comparable code fragments (see image below - click to enlarge):

  • A tab will open split into two areas (left/right) to display selected component source code and master source code (on left by default)
  • Component Selector exists in two areas so that you can change the component source code display by selecting the item
  • File selector is under component selector (with black background) so that you can see the component source code located in each file

Image Removed

Bookmarks

When results include violation bookmarks in the source code, the dashboard can access more details about the actual defects in the object for the current Rule. The violation bookmarks are displayed per defects found; the display follows the same pattern as the object source code viewer: each code fragment is associated to its related file and the violation bookmark is highlighted using colour (yellow for a standard Rule, red for critical (as shown below). Multiple bookmarks may be associated to a single defect (as shown below):

Image Removed

A More defects button will appear when there are more than five defects in the object for the current Rule:

Image Removed

If a defect contains multiple bookmarks, then the Primary/Secondary bookmark will appear to show the main bookmark and additional bookmarks as shown below. The display follows the same pattern as the object source code viewer, except that the secondary bookmark will be highlighted as blue:

Image Removed

A More bookmarks button will appear when there are more than five bookmarks in one defect for the current Rule. The color depends on whether the Rule is critical (red) or not (yellow). If you click "View File" button, the lines numbers are highlighted:

Image Removed

OWASP bookmark display

Bookmarks for defects in source code violating OWASP Rules (such as Avoid SQL injection vulnerabilities ( CWE-89 ) ) are displayed slightly differently to help you follow the violation trail within the Application:

  • Call label: this label will be displayed when the object inside the source code calls another object or method
  • Return label: this label will be displayed when the object inside the source code returns to the upper level

You can use the "eye" icon to the right of the list to view the source code file in which the bookmark is located:

Image Removed

...

The Violation details section underneath the Source Code display shows the Violation Name along with the values of the Violation Details (i.e the "Associated Values"):

Image Removed

Info
If the Rule does not have any violation details, the message "No violation details for this Rule" will be displayed instead.
Why is that an issue?

You can use the Why is that an issue? option underneath the Source Code display to view the Rationale section of the Rule that has been violated. Clicking the Learn More button will take you directly to a full description of the violated Rule: 

Image Removed

Computing Details

This section displays:

  • the Total checks value which indicates the total number of objects in the Application that were checked against the current Rule.
  • the number of modules in which the current Rule has been checked during the snapshot generation (3 out of 7 in the example below)
  • the % compliance of the Rule. In the example below, the current Rule has a compliance of 18.29% - in other words 18.29% of the objects checked against this Rule were found to have no violations (the higher the number, the better compliance).

Image Removed

  • Expanding the section (using the black arrow as explained above for the Violation list) will provide more detail. In the example below, we can see that:
    • three modules contain objects that were checked against the current Rule. A compliance % is provided for each module along with the number of objects violating the current Rule and the total number of objects in the module that were checked against the current Rule.
    • the compliance of 18.29% for the Total is the compliance percentage for all modules in the Application against the current Rule.

Image Removed

...

Info
Note that the row containing the module name "Total" contains cumulative data for all modules displayed in the section.
Rule Documentation
  • Expand the Rule documentation section (using the black arrow as explained above for the Violation list) to view a detailed description of the current Rule:

Image Removed

Accessing an object in the Application Investigation view

Clicking the following icon will take you directly to the object in the Application Investigation view:

Image Removed

Distribution

For a Distribution, you can view how objects in the current Application are distributed: objects are placed into categories depending on the criteria of the Distribution itself. Sections indicate which category the objects fall into: Low/Small (Green), Average, High/Large and Very High/Very Large (Red). A Status column displays the status of the object between the current and previous snapshot (unchanged, added, deleted etc.). So to take the example of the Size Distribution distribution:

Image Removed

  • View a detailed description of the current Distribution:

Image Removed

Measure

Quality Measures are listed in the Security Dashboard, however, since Measures are never "violated" in the same way a Rule is violated, little information can be displayed other than the documentation:

Image Removed

Table key

All tables that display data in the Risk Investigation mode contain various columns. The table below lists all possible column names and provides an explanation for each:

Health Measure

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

...

Technical Criterion

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

...

Weight

...

Displays the weight of the Technical Criterion in its parent Health Measure. The higher the value, the more weight the item carries.

Rules, Distributions and Measures

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

...

Weight

...

Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries.

...

A red dot in this column indicates that the Rule has been set as critical in the Assessment Model.

...

Image Removed

...

Indicates whether the violation has been added to the Action Plan or the Scheduled Exclusion List (see Security Dashboard - Action Plan for more information):

Image Removed
Item has been added to the Action Plan.
Image Removed
Item has been added to the Scheduled Exclusion List.

...

This value was previously known as Propagated Risk Index (PRI): it identifies the violations that can impact the largest number of components, involving objects with the largest number of violations pertaining to the Health Measure involved. The formula used to calculate this value is as follows:

No Format
PRI = (RPF + 1) x VI

Where RPF and VI equal:

RPF

Risk Propagation Factor (RPF): identifies violations that can impact the largest number of components in the Application. The impact area is computed as follows:

  • Risk Propagation Factor for a Robustness, Performance, or Security Violation is the size of its call path
  • Risk Propagation Factor for a Changeability Violation is its Fan-In
  • Risk Propagation Factor for a Transferability Violation is zero (0).

VI

Violation Index (VI): identifies objects with the largest number of violations, taking into account the weight of the Rules and of the Technical Criteria, for the Health Measure involved. The formula used to calculate this value is as follows

For each object, identify Rules it violates that contribute to a given Health Measure through Technical Criteria. Multiply aggregate weight of the Rule within the Technical Criterion by the aggregate weight of the Technical Criterion within the Health Factor. In other words:

No Format
VI = Sum_of_all_rules_violated_by_the_object (Quality_rule_weight * technical_criteria_weight)

...

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Image Removed

...

Image Removed

...

Distribution

...

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Image Removed

Measure

Measures only display the documentation.

Display rules

Each table displays Business Criteria, Technical Criteria and Rules/Distributions/Measures based on the following specific criteria:

  • Items are sorted by:
    • Descending (worst to best) number of Violations in current snapshot
    • If number of Critical Violations/Violations is identical, then the value in the Previous/Evolution columns is then also used to determine the display order
  • If the number of Critical Violations/Violations for an item is equal to 0 (i.e. no violations), the line is greyed out to indicate that this item has no violations and is therefore of no interest for remediation purposes. You can still consult the item by clicking it if necessary.
  • If the variation % in the Previous column is exactly 0, the variation is set to 0.00% and the item is greyed out. The variation % may be 0.00 if:
    • there is no previous snapshot available to make a comparison
    • or there has been no change between the current and previous snapshot
  • If the variation % displayed is 0.00 but has a very slight variation between the current and previous snapshots (for example 0.003), a tilde (~) is prepended to the front of the variation value to indicate the approximate value.
  • When the Previous % is identical to the Baseline %, this means that the Previous snapshot and the Baseline snapshot are one and the same (i.e. only two snapshots exist) or when only one single snapshot exists.
  • N/A is displayed for the variation if there is only one snapshot - the item cannot be consulted.

For Rules only:

  • The word "new" will be displayed in the % Evolution column when a Rule was not violated in the previous snapshot (the word "new" will never be displayed if there is only one snapshot).

Filtering

By default when using the Risk Investigation view, the entire Application content is displayed. However, you may be interested in investigating a subset of the Application (a specific module or a specific technology). Two filters are available for that purpose in the breadcrumb area,to the top right.

  • All Modules filter > When investigating any item in the Assessment Model, you can filter results with regard to a specific module. Please note that while drilling down, a technical criteria or a Rule may not apply to a specific module (e.g. a SQL Rule does not apply on a module that would not contain SQL technology, hence if the Rule is selected, filtering on the module to which it does not apply holds no meaning)
  • All Technologies filter > Same filtering applies to the Risk Investigation.

Image Removed

Some filtering may not be relevant as you drill down. If you are investigating a SQL specific rule and try to filter on others technologies (for example), we would get no data, hence, to make things clearer, the other technology filters are disabled (lighter grey colour) in this context. This can apply at technical criteria or Rule level and in some rare cases, even from the Health Measure level:

Image Removed

Info
  • When investigating a specific object, the filters are disabled as they are no longer relevant.
  • For numerous reasons (confusion, bookmarks or tiles leading to rules/objects in contexts), the filters are always reset when leaving the Risk Investigation pages. 

...

Info

Note that the Application Investigation view is not available when viewing data from a previous snapshot.

Accessible from the sidebar menu Image Removed or by clicking the Application Components tile, this view enables investigation of the objects in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from an Application right down to an individual object within that Application, and view the Rules that those objects have violated.

The default Health Measure used for this view is Security:

Application Browser

The Application Browser provides a hierarchical tree view of the Application, its modules and the individual projects and objects that make up the Application:

Image Removed

Selecting an item in the tree will do two things:

  • Update the right hand side (see below) of the screen with a list of Rules that the item is violating - so for example, selecting the root Application in the tree will display ALL the Rules that have been violated in the Application. Selecting an individual object will only display the Rules that the selected object has violated.
  • Update the circular "at a glance" views underneath the hierarchical object tree, to display:
    • Objects: the number of objects that have violated a Rule for the selected item - if you select the root Application, the total number of objects that have violated at least one Rule will be displayed.
    • Critical Violation/Violations: the number of Critical Violations or Violations of Rules that the selected item has - this value will always be equal to or higher than the value for the "Rules" circle (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations)
    • Rules: the number of Rules that the selected item is violating
Handling large applications contain a large number of objects

When applications are large and flat (flat project structure), the number of items can be large, leading to slow loading and page rendering. A pagination mechanism has been designed in order to improving the usability: only a subset of items are loaded (~100 by default) and, upon scroll in the browser, more content will load in a lazy fashion with the message "Loading Next Items":

Image Removed

Rules with violations list

Selecting an item (Application, Module, Project, Object) in the left hand section will update the right hand section. This section lists Rules that the selected item is violating and the object's Technical Properties (see below). Rules are listed by the number of times they have been violated by the selected item (and all its constituent items in the case of an Application, Module or Project) and whether the Rule is critical (flagged with a red dot):

Click to enlarge

Image Removed

Info

Note that an icon indicates the list you are working in:

Image Removed

...

Displays the compounded weight of the Rule in the parent Technical Criterion. The higher the value, the more weight the Rule carries. Clicking the Weight column header will sort the Rules as follows:

  • by weight descending and highlights grey gauge when clicking for the first time
  • by weight ascending and highlights grey gauge when clicking for the second time
  • by critical Rules descending and highlights red dot when clicking for the third time
  • by critical Rules ascending and highlights red dot when clicking for the fourth time

Compounded weight is calculated as follows:

No Format
weight of the parent technical criterion X weight of the Rule

...

Technical Properties

Selecting an item (Application, Module, Project, Object) in the left hand section will update the right hand section. This section lists Rules that the selected item is violating (see above) and the object's Technical Context. This section displays the properties of the selected objects. It has two views:

  • Global view: provides a description of the technical properties ("This section displays numeral information about the selected object e.g. number of lines of code").

Image Removed

  • Detail view: lists the object's properties:
    • Number of code lines
    • Number of comment lines
    • Number of commented code lines
    • Coupling
    • Cyclomatic Complexity
    • Distinct Operands
    • Distinct Operators
    • Essential Complexity
    • Fan In
    • Fan Out
    • Halstead Program Length
    • Halstead Program Vocabulary
    • Halstead Volume
    • Integration Complexity
    • Ratio of Comment Lines to Code Lines

Image Removed

Info

Note that:

  • Detail View provides a description "No Technical Properties available for this object" when there is no Technical Properties available for the selected object.
  • An icon indicates the list you are working in:

Image Removed

Violations and Rule Documentation

Clicking a Rule in the right hand section will move the right hand panel over to the left hand side, and display a new panel containing:

  • a list of objects that are violating the selected Rule, listed in alphabetical order
  • a section containing documentation about the selected Rule

Image Removed

Info
  • Please see Violation table from the Risk Investigation view for an an explanation of the column headings Plan, Object Name Location, Risk and Status.
  • Note that when there are many violations to display, a "Show More" button will be available. By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Dashboard wide configuration options in json in the CAST AIP documentation).

Image Removed

Header icons

The following icons will be available:

Image Removed

...

Source code

Selecting an object in the Violations and Rule Documentation section will move the right hand panel over to the left hand side, and display a new panel containing the source code of the selected object:

Image Removed

Info

Note that analyzed source code from the following technologies is not visible in the Security Dashboard:

  • PowerBuilder
  • BusinessObjects

Please also note that in the current release of CAST AIP, the display of source code is limited in functionality:

  • The source code is in fact a display of the entire file that contains the selected object, therefore display performance can be affected if the file is very large
  • Bookmarks in the source code showing the location of the violation are not displayed, instead the entire object within the parent source code file is highlighted
  • The source code does not currently show all violations for Rules that reference User Input Security elements, such as:
    • OWASP security rules
    • The Rule "Avoid direct or indirect remote calls inside a loop"
    • Any Rule referencing copy/paste rules

...

Accessible from the sidebar menu Image Removedor by clicking an object in the Top Riskiest Transactions tile, this view enables investigation of the transactions in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Transaction with a high level of risk (i.e. Violations) right down to the Violations themselves.

Image Removed

The view functions in a very similar way to the Risk Investigation view. The default Health Measure used for this view is Security.

The view lists 50 Transactions per "page" sorted by the risk level (i.e. the Transaction Risk Index (TRI) value: TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.)

Selecting a transaction will display information in the right hand panel about the status of each Health Measure:

Image Removed

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Selecting a Business Criteria in this table will display all of the contributing Technical Criteria in the right hand section:

Image Removed

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Weight

...

Displays the weight of the Technical Criterion in its parent Health Measure/Business Criterion. The higher the value, the more weight the item carries.

Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Rules, Distributions and Measures in the right hand section:

Image Removed

...

Image Removed

...

Image Removed

...

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

...

Weight

...

Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries.

...

A red dot in this column indicates that the Rule has been set as critical in the Assessment Model.

Selecting a contributing Rule, Distribution or Measure will move the item to the left hand side of the page and display details about it (including the list of objects in violation and rule/distribution/measure documentation) in the right hand section:

Image Removed

Info

Note that when there are many violations to display, a "Show More" button will be available:

Image Removed

By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Dashboard wide configuration options in json - from the CAST AIP documentation).

Header icons

The following icons will be available:

Image Removed

...

The Security Dashboard features the ability:

  • to add and remove objects (violations) to and from an "Action Plan" - an Action Plan is simply a list of objects (i.e. "violations") that have been selected for action in the next snapshot generation process with a priority level assigned to them. Users can then use the list to focus their re-mediation work. Think of it as a "to do list" - i.e. objects that require work to remove the violation flagged by CAST AIP.
  • to Exclude objects from a future snapshot - this can be useful when the object is violating an AIP Rule, but is irrelevant or is a false positive.
  • to add and remove Rules to and from an "Education" list to promote best practices.
  • to view detailed information about rules that have been added to the Education list in the Continuous Improvement feature.

See:

Report Generation

The Report Generation feature allows you to generate reports on the fly direct from the CAST Security Dashboard interface. Various reports can be generated, however, some require some configuration before they will work. See Security Dashboard - Report Generation for more information:

Image Removed

...

Accessing the Advanced Search feature

The Advanced Search feature can be accessed using the icon in the left hand menu:

Image Removed

Enabling the Advanced Search feature

"Out of the box", the Advanced Search feature is not enabled and the following message will be displayed:

Image Removed

This indicates that a "violations index" (on which the feature relies) has not yet been generated. To generate the index the following methods are available:

...

Info

This method requires that the user has the ADMIN role.

Use the following URL to access the Diagnostic page:

Code Block
languagetext
http://<server>:<port>/<dashboard>/static/diagnostic.html

This provides an indication of the violations index status based on the "domain":

  • N/A - the domain is mapped to a Measurement Service schema or the Dashboard Service schema was installed with CAST AIP < 8.3.3)
  • toCreate - no index has ever been created for this domain
  • toUpdate - an index exists for this domain, but it is outdated because a new snapshot has been computed since the index creation
  • upToDate - an index exists and is up-to-date. When this status is shown, the index for the Advanced Search feature is ready and available.

In the following example the index has never been generated since the status is set to "toCreate":

Click to enlarge

Image Removed

To generate the index, click the Create/Update Index button. During generation the status "Indexing" will be displayed and on completion, the status will change to "upToDate":

Click to enlarge

Image Removed

...

Info

This method requires that the user has the ADMIN role.

Use the RestAPI client:

Code Block
languagetext
http://<server>:<port>/<dashboard>/static/default.html

Using the following URI with a PUT will generate the index (where <domain> is more than likely set to AED, unless you have custom domains):

Code Block
languagetext
<domain>/violations-index

Then use the same URI with a GET will show the index status:

Image Removed

...

This method will force the violations index to be generated if its status is toUpdate (i.e. the index exists but is out-of-date because a new snapshot has been computed since the index creation) every time the web application is started, i.e.:

  • When the web application host (e.g. Apache Tomcat) starts up or restarts
  • When the web application is restarted through the Apache Tomcat management console
Note
CAST only recommends using this option if your Dashboard Service schema is small - since the index is generated during web application startup, this can impact performance.

Edit the following file with a text editor:

Code Block
languagetext
%CATALINA_HOME%\webapps\<dashboard>\WEB-INF\web.xml

Set the following configuration to true:

Code Block
languagetext
<context-param>
	<param-name>rebuildViolationsSearchIndexesOnStart</param-name>
	<param-value>true</param-value>
</context-param>

Save the file. Next time the web application is started the index will be generated.

...

Info

This method requires that the user has the ADMIN role.

This method is to be used when you have a configuration in the domains.properties file - i.e. multiple "domains". The custom batch will generate the violations index for all the domains configured in the domains.properties file.

Create the following batch files in the %CATALINA_HOME%\webapps\<dashboard>\WEB-INF folder an then run the launch.bat file to start the index generation:

Code Block
languagetext
titlelaunch.bat
@echo off
@echo Computing Violations Indexes ...

util.bat > util.log
@echo --------------------------------
Code Block
languagetext
titleutil.bat
@echo off
setlocal enableDelayedExpansion
@echo Automated Violations Indexes Creation
@echo -------------------------------------
 
for /F "delims== eol=#" %%D in (domains.properties) do (
	@echo Process %%D/violations-index
	start /B titi.bat %%D
	@echo.
)

In the following file (titi.bat), you need to modify the line starting curl to match your environment:

  • Replace user:pwd with a user that has the ADMIN role and their password.
  • Replace http://localhost:8080/<dashboard>/rest/%domain%/violations-index with the URL to your dashboard.
Code Block
languagetext
titletiti.bat
@echo off
prompt $_
setlocal enableDelayedExpansion
set "domain=%~1"
 
@echo Start  %domain% !DATE!_!TIME!
curl -s -u user:pwd -X PUT http://localhost:8080/<dashboard>/rest/%domain%/violations-index
@echo  is the response from %domain%
@echo Finish %domain% !DATE!_!TIME!
Info
Note that following the generation of a new snapshot, the violations index status will change to toUpdate, therefore CAST recommends regenerating the index to take into account the data available in the new snapshot.

Using the Advanced Search feature

When the feature is accessed and the violations index has been generated, the following will be displayed:

Image Removed

...

The right hand panel list the results of the search. Key points:

  • with no search criteria or filters enabled will show all violations available in the currently selected snapshot indicated by the following text:

Image Removed

  • a search field is available for you to enter the object name you are searching for. Results in will be updated in real time.

Image Removed

  • you can download the results to an Excel file for portability requirements:

Image Removed

  • 20 results are shown. Use the Show More button to display additional results:

Image Removed

  • the result lists uses the following columns:

...

Image Removed

...

Indicates whether the violation has been added to the Action Plan or the Scheduled Exclusion List:

Image Removed
Item has been added to the Action Plan.
Image Removed
Item has been added to the Scheduled Exclusion List.

...

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

...

Image Removed

...

Using filters for the Advanced Search

The filters available in the left hand panel enable the search scope to be limited. The following filters can be enabled by expanding the section and selecting with a tick:

...

Criteria or Rules

...

Restrict the scope via a Health Measure, Technical Criterion or Rule (or a combination).

Displayed results are union of selected Criteria results, with duplicate violations omitted. Sorting is disabled on this section.

...

Weight

...

Restrict the scope via the weight of the rule in its parent Technical Criterion.

...

Criticality

...

Restrict the scope to the violation status in the current snapshot: Added, Updated, Unchanged.

Displayed results are an OR of selected violation status results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Module) with duplicate violations omitted. Violation status remains selected even after navigating to other views and coming back to Advanced search.

...

Transactions

...

Technologies

...

Restrict the scope to the technologies that are present in the current snapshot.

Displayed results are an OR of selected technologies results and AND of other filters selected values (eg : Criteria or rules, Modules ,Transactions , Critical ,Violation status) with duplicate violations omitted.

...

Modules

...

Restrict the scope to a module in the current snapshot.

Displayed results are an OR of selected module results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Violation status) with duplicate violations omitted. Module remains selected even after navigating to other views and coming back to Advanced search.

Info

Note that an indicator will show how many filters have been selected:

Image Removed

...

You can export data to an Excel file format if required. To export to Microsoft Excel file format, use the following icon which is available at the following levels:

  • Quality Investigation
    • Health Measures
    • Business Criteria
    • Technical Criteria
    • Rules, Distributions and Measures
    • Violations
  • Application Investigation, Transaction Investigation
    • Violations
  • Action Plan
  • Scheduled and Active Exclusions

Image Removed

When you click this icon, depending on your browser you will be prompted whether you would like to Save or Open the Excel file. The Excel file will contain the data you requested in column format:

Image Removed

Info

Notes about the Excel file data:

  • Some information such as rule criticity or weight are not available.

  • Variation between snapshots as a percentage is not provided, but scores for both current and previous snapshot are provided.

  • Where a cell is blank this typically means that either the data is common to all modules (blank Module Name cell) or there are multiple Technologies (blank Technology cell).

Violation level export - Associated Value data

When you export to Excel from the Violation level, a column containing a Rule's Associated Value may also be available in the resulting Excel file - in the example below, "JSP Page name" is the Associated Value for the Rule "Action Artifacts should not directly call a JSP page":

Image Removed

The Associated Value refers to a specific output for the Rule in question. For the Rule shown above "Action Artifacts should not directly call a JSP page", the Associated Value is defined as the JSP Page name - in other words, for this Rule, the JSP file listed in the column highlighted above violates the Rule in question. You can view the Associated Value configuration in the CAST Management Studio by opening the Assessment Model and locating the Rule:

Image Removed

...

The Security Dashboard features the ability:

  • to add and remove objects (violations) to and from an "Action Plan" - an Action Plan is simply a list of objects (i.e. "violations") that have been selected for action in the next snapshot generation process with a priority level assigned to them. Users can then use the list to focus their re-mediation work. Think of it as a "to do list" - i.e. objects that require work to remove the violation flagged by CAST AIP.
  • to Exclude objects from a future snapshot - this can be useful when the object is violating an AIP Rule, but is irrelevant or is a false positive.
  • to add and remove Rules to and from an "Education" list to promote best practices.
  • to view detailed information about rules that have been added to the Education list in the Continuous Improvement feature.

See:

Report Generation

The Report Generation feature allows you to generate reports on the fly direct from the CAST Security Dashboard interface. Various reports can be generated, however, some require some configuration before they will work. See Security Dashboard - Report Generation for more information:

Image Removed

Children Display