CAST Security
Page tree

Versions Compared

Old Version 1

changes.mady.by.user N Padmavathi

Saved on

compared with

New Version Current

changes.mady.by.user N Padmavathi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Number of ApplicationsBehavior
Single Application

You are taken direct to the Application landing page:

Image RemovedImage Added

Info

In versions ≥ 2.11.0, outdated tiles (Data Safety, SQL Injection, XSS Command Injection, Misconfiguration) have been replaced with the updated tiles (CISQ-ISO 5055, CWE Top 25 2011-CWE Top 25 2022, OWASP 2017-OWASP 2021), and a new tile - PCI-DSS-V3.2.1 is added.

Newly added tiles are based on Industry Standards.


Multiple Applications

You are offered a choice of which Application to access:

When the Application is selected, you will be taken direct to the selected Application's landing page (as shown above). If you are not authorized to access the selected Application, a "You are not authorized to access any applications" message will be displayed.

If you would like to choose different Application, you can do so using the dropdown list box located on the menu bar:

If you cannot locate the Application you require, you can use the search field to search for the Application - the search is instant - entering a single character will start the search mechanism:

...

The Application landing or "home" page is displayed after a successful login:

Image RemovedImage Added

It consists of multiple tiles used to display data and information from the most recent snapshot of the selected Application:

...

  • the number of Violations or Critical Violations in the Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • the number of Rules in the Application that have been triggered during an analysis/snapshot (this figure includes default CAST AIP Rules and also custom rules with IDs above 1,000,000)
  • the number of Critical Rules in the Application that have been triggered during an analysis/snapshot
  • clicking this tile will take you directly to the Risk investigation view (this can also be accessed by clicking the  button available in the sidebar).

Anchor
tag
tag
Tag specific tilestiles 

Info

All these tiles require that the extension "Quality Standards Mapping" is installed BEFORE a snapshot is generated.

Security standard tag filter is applicable for quality rules table and not for technical criteria table. So the displayed violation numbers in Security tag tile will match only with the quality rules table.

To filter the technical criteria table user can select desired assessment model from the "Assessment model” drop-down.

In versions ≥ 2.11.0, Tag specific tiles are not available.

Various additional tiles are displayed as follows:

Image RemovedImage Added

  • these display the number of Violations or Critical Violations in the Application for all the rules that are tagged with a specific tag (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • Clicking on any of these tiles navigates to the Risk investigation view (this can also be accessed by clicking the  button available in the sidebar) with the specific tag selected at the top of the table - therefore filtering and displaying only rules that have this tag. "All Rules" will be selected in the Technical Criteria table and the list of rules displayed in the right hand panel are those that correspond to the selected tag.

Image RemovedImage Added

No applicable rules

...

Enabling / disabling the Critical Violations filter will effect the violation count displayed in these tiles:

Technologies Overview tile

Image Removed


Info

In versions ≥ 2.11.0, enabling/disabling the violation filter will affect the violation count displayed in the following tile:

Image Added

Technologies Overview tile

Image Added

  • the total number of Violations or Critical Violations in the current Application per specific technology - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application for that specific technology (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • Clicking this tile will take you directly to the Risk investigation view with the corresponding technology highlighted in the technology drop down (this can also be accessed by clicking the  button available in the sidebar).
  • Drill down click option is disabled if the tile displays "N/A" Violations/Critical Violations.

...

Clicking the tile will take you directly to the Health Measure in the Risk Investigation view (see Security Dashboard - GUI for more information), however, the Risk Investigation view will only show added and removed violation information. Any Health Measure, Technical Criterion or Rule where the number of Added and/or Removed violations is 0, will not be visible. A message will reflect this:

ISO-5055 Tile

The ISO-5055 extension is supported with full functionality. The ISO-5055 tile has been added to automatically display ISO-5055 data, with full drill down capability.

Image Added

Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):

Image Added

Info

All industry standard tiles (ISO-5055, CISQ, OWASP and MIPS) will display non-critical violation counts by default: they are not impacted by the critical violation switch.

Configuring Assessment Model drop-down

In versions ≥ 2.11.0user can add new industry standards to the assessment model drop-down by configuring ed.json file.

Image Added

Application Components tile

...

The Advanced Search feature can be accessed using the icon in the left hand menu:

Image Modified

Enabling the Advanced Search feature

...

This indicates that a "violations index" (on which the feature relies) has not yet been generated. To generate the index the following methods are available:

Using the "Diagnostic" GUI


Info

This method requires that the user has the ADMIN role.

Use the following URL to access the Diagnostic page:

Code Block
languagetext
http://<server>:<port>/<dashboard>/static/diagnostic.html

This provides an indication of the violations index status based on the "domain":

  • N/A - the domain is mapped to a Measurement Service schema or the Dashboard Service schema was installed with CAST AIP < 8.3.3)
  • toCreate - no index has ever been created for this domain
  • toUpdate - an index exists for this domain, but it is outdated because a new snapshot has been computed since the index creation
  • upToDate - an index exists and is up-to-date. When this status is shown, the index for the Advanced Search feature is ready and available.

In the following example the index has never been generated since the status is set to "toCreate":

Click to enlarge

Image Modified

To generate the index, click the Create/Update Index button. During generation the status "Indexing" will be displayed and on completion, the status will change to "upToDate":

Click to enlarge

Image Modified

Using the RestAPI


Info

This method requires that the user has the ADMIN role.

Use the RestAPI client:

Code Block
languagetext
http://<server>:<port>/<dashboard>/static/default.html

Using the following URI with a PUT will generate the index (where <domain> is more than likely set to AED, unless you have custom domains):

Code Block
languagetext
<domain>/violations-index

Then use the same URI with a GET will show the index status:

Image Modified

Generating the index when the web application starts

This method will force the violations index to be generated if its status is toUpdate (i.e. the index exists but is out-of-date because a new snapshot has been computed since the index creation) every time the web application is started, i.e.:

  • When the web application host (e.g. Apache Tomcat) starts up or restarts
  • When the web application is restarted through the Apache Tomcat management console
Note
CAST only recommends using this option if your Dashboard Service schema is small - since the index is generated during web application startup, this can impact performance.

Edit the following file with a text editor:

Code Block
languagetext
%CATALINA_HOME%\webapps\<dashboard>\WEB-INF\web.xml

Set the following configuration to true:

Code Block
languagetext
<context-param>
	<param-name>rebuildViolationsSearchIndexesOnStart</param-name>
	<param-value>true</param-value>
</context-param>

Save the file. Next time the web application is started the index will be generated.

Using a custom batch file


Info

This method requires that the user has the ADMIN role.

This method is to be used when you have a configuration in the domains.properties file - i.e. multiple "domains". The custom batch will generate the violations index for all the domains configured in the domains.properties file.

Create the following batch files in the %CATALINA_HOME%\webapps\<dashboard>\WEB-INF folder an then run the launch.bat file to start the index generation:

Code Block
languagetext
titlelaunch.bat
@echo off
@echo Computing Violations Indexes ...

util.bat > util.log
@echo --------------------------------


Code Block
languagetext
titleutil.bat
@echo off
setlocal enableDelayedExpansion
@echo Automated Violations Indexes Creation
@echo -------------------------------------
 
for /F "delims== eol=#" %%D in (domains.properties) do (
	@echo Process %%D/violations-index
	start /B titi.bat %%D
	@echo.
)

In the following file (titi.bat), you need to modify the line starting curl to match your environment:

Code Block
languagetext
titletiti.bat
@echo off
prompt $_
setlocal enableDelayedExpansion
set "domain=%~1"
 
@echo Start  %domain% !DATE!_!TIME!
curl -s -u user:pwd -X PUT http://localhost:8080/<dashboard>/rest/%domain%/violations-index
@echo  is the response from %domain%
@echo Finish %domain% !DATE!_!TIME!



Info
Note that following the generation of a new snapshot, the violations index status will change to toUpdate, therefore CAST recommends regenerating the index to take into account the data available in the new snapshot.

...

When the feature is accessed and the violations index has been generated, the following will be displayed:

Left hand panelThe left hand panel provides a set of filters that can be used to narrow down the search cope. Filters are explained in XXXX.
Right hand panel

The right hand panel list the results of the search. Key points:

  • with no search criteria or filters enabled will show all violations available in the currently selected snapshot indicated by the following text:

Image Modified

  • a search field is available for you to enter the object name you are searching for. Results in will be updated in real time.

Image Modified

  • you can download the results to an Excel file for portability requirements:

Image Modified

  • 20 results are shown. Use the Show More button to display additional results:

Image Modified

  • the result lists uses the following columns:
Image Modified
Option to add/remove the violation from the Action Plan or the Scheduled Exclusion List. Note that to interact with the Action Plan/Scheduled List, your user login must have the role QUALITY_MANAGER/EXCLUSION_MANAGER roles. These can be assigned at user level (when using Default Authentication mode) or via user or group (when using Standard LDAP authentication).
Action / Exclusions

Indicates whether the violation has been added to the Action Plan or the Scheduled Exclusion List:

Image Modified
Item has been added to the Action Plan.
Image Modified
Item has been added to the Scheduled Exclusion List.


Object Name LocationDisplays the object name, and in the case of file based objects (as oppose to Database objects), the location on disk of the object.
Status

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged
Image Modified
Clicking this icon will take you direct to the object in the Application Investigation view.


Using filters for the Advanced Search

The filters available in the left hand panel enable the search scope to be limited. The following filters can be enabled by expanding the section and selecting with a tick:

Criteria or Rules

Restrict the scope via a Health Measure, Technical Criterion or Rule (or a combination).

Displayed results are union of selected Criteria results, with duplicate violations omitted. Sorting is disabled on this section.

Weight

Restrict the scope via the weight of the rule in its parent Technical Criterion.

Criticality

Restrict the scope via the criticality of the rule (Critical or Non Critical).
Violation Status

Restrict the scope to the violation status in the current snapshot: Added, Updated, Unchanged.

Displayed results are an OR of selected violation status results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Module) with duplicate violations omitted. Violation status remains selected even after navigating to other views and coming back to Advanced search.

Transactions

Restrict the scope to objects that are classed as transactions.

Technologies

Restrict the scope to the technologies that are present in the current snapshot.

Displayed results are an OR of selected technologies results and AND of other filters selected values (eg : Criteria or rules, Modules ,Transactions , Critical ,Violation status) with duplicate violations omitted.

Modules

Restrict the scope to a module in the current snapshot.

Displayed results are an OR of selected module results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Violation status) with duplicate violations omitted. Module remains selected even after navigating to other views and coming back to Advanced search.


Info

Note that an indicator will show how many filters have been selected:

...