Overview
Product Information on CAST Imaging
What is CAST Imaging?
CAST Imaging Pricing
Overall experience with CAST Imaging
“A must have for your application architecture analysis”
About Company
Company Description
Mission-critical, custom-built applications are becoming incredibly difficult to adapt to the ever-evolving needs of the business, to the point where it’s hardly possible for humans to keep up. CAST technology automatically ‘understands’ custom-built software systems and provides insights into their inner workings, with MRI-like precision. It augments the human capacity to help software owners maintain, enhance, modernize these applications with speed and confidence. Resulting from well over $200 million of R&D, CAST software is used and promoted by hundreds of companies, top management consultancies, the 10 largest system integrators, and all three major cloud vendors.
Company Details
Do You Manage Peer Insights at CAST?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: CAST Imaging
Performance of CAST Imaging Across Market Features
CAST Imaging Likes & Dislikes
1. provides valuable insights on software architecture 2. visibility on component dependency is good 3. easy integration with new applications
the dashboards and the possibility to see the problems in the code with suggestion on how to solve them
In recent versions, CAST has added Industry Standards including multiple recent versions CWE and OWASP. Grouping the Security Violations according to Industry Standards is a vast improvement to previous versions that tied only to their proprietary groupings.
1. integration with project management tool like Jira could be useful. 2. performance in browser is sometime slow, maybe when number of object is big. 3. Ui could be improved.
lack of plugin for integration in the pipeline
Out-of-the box CAST AIP excludes ALL 3rd party packages from the analysis. It provides analysis feedback ONLY on your organization's developed code. They do this through a file that states all file paths, internal comments, etc that would identify the code as a 3rd party package. While this is an OK practice to highlight only the issues within the developers direct control, it gives an incorrect representation of the Security Risks for the deployed application. The Security Profile of a deployed application MUST include ALL risks within ALL deployed code to be meaningful. CAST does not provide this out-of-the-box. Also of note - the analysis is Static Code Analysis Only. There is no Dynamic Analysis.
Top CAST Imaging Alternatives
Peer Discussions
CAST Imaging Reviews and Ratings
- PRODUCT OWNER1B-10B USDConsumer GoodsReview Source
A must have for your application architecture analysis
quite satisfied with product capabilities. very helpful. - Cybersecurty Specialist1B-10B USDRetailReview Source
Good tool, needs more automation
The product is good it allows to find esily problems in the code. the only problem in the lack of plugin for an easy integration with the developing pipeline. - APPLICATIONS SYSTEMS ANALYST IIGov't/PS/EdGovernmentReview Source
Generates tons of highly usable software metric data; Change Management is cumbersome.
The CAST AIP Tool Suite is used to generate a significant amount of highly usable software metric data both for individual applications and, also, your application portfolio. This data includes Health Information according to Industry Standards like CISQ, CWE, OWASP, etc. It also include derived information on Application Structure, i.e. Call-tree, interdependencies, Impact Analysis, etc. This information is crucial to any refactoring efforts, including Modernization. There are multiple ways to harvest this software metric data. The Health Data is adequately handled in the browser-based dashboards, which are somewhat customizable if you have a resource familiar with json. The Application Structure data is slightly harder to extract in a meaningful way. (This is an area that CAST recognizes the need to correct and I believe there are some new tools in the works that will help with this in a future version.) While there are several server-side tools available within the Tool Suite, managing who can have Server RDC access to use these tools is challenging in any Enterprise implementation. We have been able to generate interactive reports through SQL queries against the AIP databases; these reports have been integral to our Modernization planning efforts. In our production environment, ALL changes must go through Change Management. Even simple changes like a new user or permission change requires a server-side change. Add routine updates and this can be a Change Management nightmare. - IT Security Manager1B-10B USDRetailReview Source
The setup was not so easy but the functioning and the results are good. Not so easy to use
Complete and efficient solution to analyze source code applications before putting them in production - Senior Lead Engineer1B-10B USDIT ServicesReview Source
Outstanding tool provides system-level health metrics; data beneficial from DEVs to PMs.
I have been using CAST AIP for nearly 5 years under a number of different use cases. Our primary use case for CAST AIP is to ensure creation and delivery of quality applications to our clients. Results from repeated AIP scans help tell the story of how seriously we are about delivering quality to our clients. We also use AIP to reverse engineer applications we inherit from contract wins where we use the data and health metrics to direct conversations with the incumbent during that short window of opportunity. Experiences have been very positive and results from AIP have proven highly valuable to all including app developers, security managers, risk review boards, market leads, etc.. Releases of AIP have been getting better and better through the years, especially with Jenkins integration and ASD STIG mapping. Installation can have its hotspots, but answers to issues with installation or operations of AIP from a dedicated staff of professionals are only a simple email (or Help Desk ticket) away and are often addressed in under 24 hours, same day in many cases. CAST Help Desk and Professional Services are second to none!! Did you hear that Fortify??!! Online documentation is comprehensive, but could be improved as I can never easily find a reference through the Search feature.



