SlideShare a Scribd company logo

Application Assessment - Executive Summary Report

CAST
CAST

See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment Assessing application development like the rest of the business Well overdue, it is time to measure application development and maintenance the same way as the rest of the business, based on not just how much work someone does, but how well they do the work. As we know, looking to see if the code works as expected is only a single measurement. Knowing how easy it will be to maintain over time, how flexible it is to change as required by business changes, how quickly new team members can understand the code and get working on it and how easily the application can be tested are just some of the things that we need to look at in order to understand the real quality of the work being done by application development teams. When these measurements are combined with ways of counting the productivity (quantity) of development teams, we can get a real understanding of how well the teams are performing and what return is being realized from the investment. These measurements can be assessed both for in-house development organizations as well as the work being done by outsourcers. The applications delivered by IT are a significant differentiator between competitors and therefore it needs to be managed as a core business process. Held up against corporate standards and no matter how or where the development work is done, it must be done well and the resulting applications need to be able to withstand time. See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment

1 of 24
Download to read offline
CAST Confidential CAST The Leader in Software Analytics John Doe
CAST Confidential 2 Agenda • Context & Objectives • About CAST • High level results • Critical Violations focus • Complexity & Documentation focus • Architecture Analysis • Detailed results • Industry benchmark • Summary and recommendations • Appendix
CAST Confidential 3 Business Objective NOVA is an application that manages the missions, times and invoicing of XXXX. It offers fairly complex management features that also include analysis and reporting. NOVA is based on the XXX software package, which has not attracted users, mainly due to a lack of ergonomics. In 2006, NOVA was redeveloped the application in.NET. Although this new development builds on some components of the initial application, NOVA is now essentially a specific development. XXX considers that the application works properly without any particular pain. On the other hand, it evolves continuously, the team working continuously with tense flow with demands that arrive at the run of the water. 10 years after this rewrite XXX wishes to take stock of the application and define a strategy for the future evolutions. • Objective of the initiative: Study the durability of the application and define a target − Where are the main risks on the application? − How can we position ourselves for the future? • To determine the main risks of the application, this assessment will review: ➢ Performance and Scalability of the application ➢ Robustness and Security of the application ➢ Maintainability of the code and the technical base • This assessment is based on : ➢ The automated system-level analysis provided by CAST AIP ➢ An interpretation of the results by CAST personnel.
CAST Confidential Executive Summary
CAST Confidential Summary of APPLICATION results APPLICATION is a large size application with 781,124 lines of code for 163,205 test cases to cover the whole application. APPLICATION shows a very high risk in Efficiency and high risks in Robustness and Security. Some improvements could be done on Changeability. Transferability has a better score of 2.65 which results in a good team transfer / turnover handling capability. The documentation ratio is good, with 33% of the lines of code commented (the average in the industry is 25%). Documentation Ratio 781,124 / 220,051 = 33% # Test Cases (Cyclomatic Complexity): 163,205 RISQUE A COURT TERME MAINTANABILITY VOLUMETRIE DEFECTSSHORT TERM RISKS SIZING 2.45 2.21 / 4 2.15 / 4 1.84 / 4 2.28 / 4 2.35 / 4
CAST Confidential By Technology: T-SQL Prog. Arch. Doc. T-SQL 2,05 3,14 1,66 Conformance to Best Practices TQI Robu. Eff. Sec.. Trans. Chng. T-SQL 2,24 2,39 1,74 2,22 2,13 2,51 Health Factors • The databases present a high level of risk on all health factors, and in particular on the performance of stored procedures. • The SQL code carries more than 50% of the critical defects identified by CAST AIP (916 for 1,701) • More than 70% of these defects are related to insufficient error handling in the stored procedures. 26% of these defects concern loops within SQL queries. • Stored procedures have few comments that strongly degrade the Documentation score • That being said, CAST AIP has not identified calls to more than 1,000 stored procedures: they are no longer used, or are used by peripheral programs (eg batch processes) Summary Technology Inventory T-SQL 100% Nom KLoC Art. Database 154 3120 TOTAL 154 VIOLATIONS Nom Value Critical Violations 5 Number of violations 916 Defect Density in kLoC 5.95 BY MODULE
CAST Confidential Maintainability & Complexity
CAST Confidential Maintainability – VB.NET Evaluates the ease and speed of changing an applicationEvaluates ease of appropriation / impact on productivity when the code of an application is taken over by a new team or collaborator Transferability: 2.84 Changeability: 2.93 Technical Criteria Indic. Documentation - Volume of Comments 1.54 Documentation - Style Conformity 1.64 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Documentation - Bad Comments 3.43 Volume - Number of LOC 3.65 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Technical Criteria Indic. Architecture - Reuse 1.37 Documentation - Volume of Comments 1.54 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Programming Practices - Modularity and OO Encapsulation Conformity 2.41 Architecture - Multi-Layers and Data Access 2.71 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Architecture - OS and Platform Independence 4.00 • Primary issue is insufficient documentation • Low rate of comments and low respect for the style of code writing and naming conventions • Quasi-nonexistent test code • Complexity is well controlled in VB.NET • The absence of a centralized data access layer degrades architecture indicators related to data access Summary
CAST Confidential Complexity Distribution SQL VB.NET .NET Base 1 523 15 519 18 393 Increasing 506 3 068 1 019 High 285 705 113 Very High 244 377 35 • The SQL code shows strong signs of application erosion with 11.1% + 9.5% components of high complexity and very high • 40% of the stored procedures are not called by the Octave code of which 80 stored procedures are called by an external scheduler (import / export data). • The distribution of complexity is being degraded on the VB.NET code (with 3.6% + 1.9%) • This code being 15 to 20 years old, this shows that the team has tackled to control the drift of complexity. • The complexity of the .NET code is well controlled (with 0.6% + 0.2%) • This code embodies recent code (Octave Web 7 <2 years) and less recent (Back Office .NET 4.5> 6 years) and thus testifies of a good effort of mastery on the part of the team. Summary App Erosion - Advanced with T-SQL - In Progress with VB.NET - Negligble with .NET CAST recommends to not exceed 5-6% complexity rates
CAST Confidential Efficiency & Robustness
CAST Confidential Back Office VB.NET – Drivers of Efficiency Technical Criteria – Efficiency Métier Transverse Efficiency - Expensive Calls in Loops 2,42 3,58 Efficiency - SQL and Data Handling Performance 3,63 3,10 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - SQL Queries 4,00 3,30 • Performance indicators are good in both modules • In particular the complexity and performance of SQL queries is well controlled • The business module "VB.NET Octave" often uses "DoEvents" from a loop • By making the hand too systematically, the treatments are suspended • There are 160 critical "Expensive Calls in Loops" • The use of "Variant" variables is also damaging • This data type is less efficient and more memory intensive • 19 critical defects for the criterion "Dynamic Instantiation" Summary 3,35 3,47
CAST Confidential Back Office VB.NET – Drivers of Robustness Technical Criteria- Robustness Métier Transverse Architecture - Reuse 1,38 1,34 Architecture - Multi-Layers and Data Access 3,81 1,92 Dead code (static) 2,55 2,02 Architecture - Object-level Dependencies 2,80 3,06 Complexity - Algorithmic and Control Structure Complexity 3,07 3,22 Complexity - Technical Complexity 3,10 3,56 Programming Practices - Error and Exception Handling 3,68 3,28 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - OO Inheritance and Polymorphism 3,99 3,91 Complexity - SQL Queries 4,00 3,30 Architecture - OS and Platform Independence 4,00 4,00 Programming Practices - Structuredness 4,00 4,00 • The absence of a layer dedicated to data access prevents the structuring of the code • SQL queries are scattered throughout the application (business classes, User Controls, screens) to access the data • CAST AIP also detects a large amount of copied / pasted code ("Reuse" criterion) • Defects in the original code are propagated in the copied code, which can be regressive if corrections are postponed • The criteria related to complexity indicate the efforts made to master this complexity 20 years after the first developments • The code also shows good error management practices Summary 3,42 3,18
CAST Confidential Architecture, Security, & Scalability
CAST Confidential Back Office VB.NET – Architecture interne • The Back Office VB.NET (historical version) shows a 2-tier Windows client architecture + SQL Server • There is no layer dedicated to access to the database • The database is interrogated directly by the business classes but also by the "User Controls" and the screens themselves • There are gateways between Back-Office VB.NET and .NET (not shown here) • The system runs on a secure TSE Windows server, sized and hosted by OCTAVE
CAST Confidential Back Office VB.NET – Security & Scalability Evaluates the system's ability to protect its internal state and data integrity Security: 3,38 Technical Criteria Indic. Architecture - Multi-Layers and Data Access 2,71 Secure Coding - Encapsulation 3,60 Programming Practices - Error and Exception Handling 3,62 Architecture - OS and Platform Independence 4,00 Evaluates the effectiveness of the algorithms implemented in the system from the point of view of performance Efficiency: 3,25 Technical Criteria Indic. Efficiency - Expensive Calls in Loops 2,86 Efficiency - SQL and Data Handling Performance 3,15 Complexity - SQL Queries 3,32 Complexity - Dynamic Instantiation 3,86 • The use of the Back-Office VB.NET is subject to authentication of the user via the Resident • The Resident runs on the client computer and connects the user to the TSE environment hosting the Back-Office • The lack of a data access layer in the Back-Office VB.NET is detrimental to security by several aspects • Data Integrity: The spread of SQL queries in the code poses a risk of misaligning business rules or deviating from the data model Note: OCTAVE has a tool to automate the updating of Data models and stored procedures. • Protection against attacks: SQL queries are built by hand by concatenation, often integrating external data, provided by the user. This poses risks of security breach by SQL injection. Note: the Back-Office is an application used by a restricted population on a secure infrastructure, which minimizes the risk. Summary
CAST Confidential Industry Benchmark
CAST Confidential 17 APPLICATION Benchmark • Appmarq is by far the biggest repository of data about real IT systems. It’s built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals (more than 2500 applications registered). 740 applications 457.37M lines of code 87 organizations Security is a bigger focus for the industry than Changeability and Transferability.
CAST Confidential Recommendations
CAST Confidential 19 Overall Summary - In general, on all projects, there is respect for good programming practices and a visible effort to master the complexity of VB.NET and .NET programs. - The replacement of the Back-Office VB.NET is well understood, there are gateways between the VB.NET code and the .NET code. - The architecture of .NET projects corresponds to good practices and is well respected. - The e-Commerce portal has good technical features: latest .NET framework, Elastic Search indexes, and use of external Web services. - The Back-Office VB.NET relies on an obsolete environment - Back-Office requires the installation of a local component (Octave Resident) and the opening of connections to TSE - Databases have evolved significantly over the last 20 years, with a significant increase in the complexity of SQL processing - Robustness and Security share common areas of improvement: management of exceptions and transactions - Management of resources in loops (eg memory) and SQL processing are the main drivers of Performance - The code has few comments overall and unit tests are non-existent, however the structuring of .NET developments is compatible with an efficient testing procedure Postives Tobereviewed/addressed
CAST Confidential Appendix: Critical Violations Found
CAST Confidential Critical Violations by Technology Technology Critical Violations # of Violations T-SQL Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management 665 Avoid using SQL queries inside a loop 188 Avoid Cursors inside a loop 49 Avoid use of "truncate table" 13 Avoid exists independent clauses 1 .NET Avoid instantiations inside loops 288 Avoid declaring public Fields 154 Avoid cyclical calls and inheritances between namespaces content 137 Avoid empty catch blocks 58 Avoid using untyped DataSet 18 The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. 17 Close SQL connection ASAP 4 VB.NET Utilization of "DoEvents" inside a loop 165 Avoid Variables declared as Variants 23
CAST Confidential 22 Performance: Large SQL table access with no suitable index ▪ Large tables accessed with no suitable index
CAST Confidential 23 Robustness: Architecture Compliance
CAST Confidential 24 Security: Cross-site scripting

Recommended

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
Denim Group
 
How Enterprise Architecture Management and Configuration Management DataBase ...
How Enterprise Architecture Management and Configuration Management DataBase ...How Enterprise Architecture Management and Configuration Management DataBase ...
How Enterprise Architecture Management and Configuration Management DataBase ...
LeanIX GmbH
 
Monitoring As a Service
Monitoring As a ServiceMonitoring As a Service
Monitoring As a Service
James Turnbull
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 
App Modernization
App ModernizationApp Modernization
App Modernization
PT Datacomm Diangraha
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution Security
Alan McSweeney
 

Recommended

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
Denim Group
 
How Enterprise Architecture Management and Configuration Management DataBase ...
How Enterprise Architecture Management and Configuration Management DataBase ...How Enterprise Architecture Management and Configuration Management DataBase ...
How Enterprise Architecture Management and Configuration Management DataBase ...
LeanIX GmbH
 
Monitoring As a Service
Monitoring As a ServiceMonitoring As a Service
Monitoring As a Service
James Turnbull
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 
App Modernization
App ModernizationApp Modernization
App Modernization
PT Datacomm Diangraha
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution Security
Alan McSweeney
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
PECB
 
Iso 27001 foundation sample slides
Iso 27001 foundation sample slidesIso 27001 foundation sample slides
Iso 27001 foundation sample slides
Stratos Lazaridis
 
Security Audit Information – Physical
Security Audit Information – PhysicalSecurity Audit Information – Physical
Security Audit Information – Physical
PLN9 Security Services Pvt. Ltd.
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2
infosecedu
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
Corporate Registers Forum
 
Dynatrace
DynatraceDynatrace
Dynatrace
Purnima Kurella
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Data Access - Best Practice
Data Access - Best PracticeData Access - Best Practice
Data Access - Best Practice
Lars-Erik Kindblad
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
Mark S. Mahre
 
Agile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAgile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven Design
Araf Karsh Hamid
 
Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...
Chris Richardson
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
A Practical Guide to Cloud Migration
A Practical Guide to Cloud MigrationA Practical Guide to Cloud Migration
A Practical Guide to Cloud Migration
Alaina Carter
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
John Cachat
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
Alan McSweeney
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
IT Governance Ltd
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
himalya sharma
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
Žilvinas Kuusas
 
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma
 
Resume
ResumeResume
Resume
vijay Vijayarajancs
 

More Related Content

What's hot

7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
PECB
 
Iso 27001 foundation sample slides
Iso 27001 foundation sample slidesIso 27001 foundation sample slides
Iso 27001 foundation sample slides
Stratos Lazaridis
 
Security Audit Information – Physical
Security Audit Information – PhysicalSecurity Audit Information – Physical
Security Audit Information – Physical
PLN9 Security Services Pvt. Ltd.
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2
infosecedu
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
Corporate Registers Forum
 
Dynatrace
DynatraceDynatrace
Dynatrace
Purnima Kurella
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Data Access - Best Practice
Data Access - Best PracticeData Access - Best Practice
Data Access - Best Practice
Lars-Erik Kindblad
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
Mark S. Mahre
 
Agile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAgile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven Design
Araf Karsh Hamid
 
Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...
Chris Richardson
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
A Practical Guide to Cloud Migration
A Practical Guide to Cloud MigrationA Practical Guide to Cloud Migration
A Practical Guide to Cloud Migration
Alaina Carter
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
John Cachat
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
Alan McSweeney
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
IT Governance Ltd
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
himalya sharma
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
Žilvinas Kuusas
 

What's hot (20)

7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
 
Iso 27001 foundation sample slides
Iso 27001 foundation sample slidesIso 27001 foundation sample slides
Iso 27001 foundation sample slides
 
Security Audit Information – Physical
Security Audit Information – PhysicalSecurity Audit Information – Physical
Security Audit Information – Physical
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Dynatrace
DynatraceDynatrace
Dynatrace
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
Data Access - Best Practice
Data Access - Best PracticeData Access - Best Practice
Data Access - Best Practice
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
 
Agile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAgile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven Design
 
Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...Decompose your monolith: Six principles for refactoring a monolith to microse...
Decompose your monolith: Six principles for refactoring a monolith to microse...
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
A Practical Guide to Cloud Migration
A Practical Guide to Cloud MigrationA Practical Guide to Cloud Migration
A Practical Guide to Cloud Migration
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
 
Microservice architecture
Microservice architectureMicroservice architecture
Microservice architecture
 

Similar to Application Assessment - Executive Summary Report

Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma
 
Resume
ResumeResume
Resume
vijay Vijayarajancs
 
20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)
LeClubQualiteLogicielle
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center
VMworld
 
Azure Application Architecture Guide
Azure Application Architecture GuideAzure Application Architecture Guide
Azure Application Architecture Guide
Masashi Narumoto
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
InfoSeption
 
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
KARUNANIDHI ETHIRAJ
 
SAP consulting results
SAP consulting resultsSAP consulting results
SAP consulting results
Konstantin Berger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
QAware GmbH
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Josef Adersberger
 
Atul_T_Biradar_CV
Atul_T_Biradar_CVAtul_T_Biradar_CV
Atul_T_Biradar_CV
Atul Biradar
 
JESSIESEMANA_CV_1
JESSIESEMANA_CV_1JESSIESEMANA_CV_1
JESSIESEMANA_CV_1
Jessie Semana
 
Application Crisis avoidance six things you can do
Application Crisis avoidance six things you can doApplication Crisis avoidance six things you can do
Application Crisis avoidance six things you can do
Apalytics
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
Lessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at DatabricksLessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at Databricks
Matei Zaharia
 
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET Journal
 
A Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere ToolsA Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere Tools
ghodgkinson
 
IRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 ArchitectureIRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET Journal
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
Steve Goeringer
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
IRJET Journal
 

Similar to Application Assessment - Executive Summary Report (20)

Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
 
Resume
ResumeResume
Resume
 
20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center
 
Azure Application Architecture Guide
Azure Application Architecture GuideAzure Application Architecture Guide
Azure Application Architecture Guide
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
 
SAP consulting results
SAP consulting resultsSAP consulting results
SAP consulting results
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Atul_T_Biradar_CV
Atul_T_Biradar_CVAtul_T_Biradar_CV
Atul_T_Biradar_CV
 
JESSIESEMANA_CV_1
JESSIESEMANA_CV_1JESSIESEMANA_CV_1
JESSIESEMANA_CV_1
 
Application Crisis avoidance six things you can do
Application Crisis avoidance six things you can doApplication Crisis avoidance six things you can do
Application Crisis avoidance six things you can do
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
Lessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at DatabricksLessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at Databricks
 
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
 
A Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere ToolsA Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere Tools
 
IRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 ArchitectureIRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 Architecture
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
 

More from CAST

Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systems
CAST
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical Systems
CAST
 
Cloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST HighlightCloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST Highlight
CAST
 
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership OverviewCloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
CAST
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case Study
CAST
 
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
CAST
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
CAST
 
Green indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in codeGreen indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in code
CAST
 
9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets
CAST
 
Improving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based ContractsImproving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based Contracts
CAST
 
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC ToolkitDrive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
CAST
 
CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.
CAST
 
Shifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business OutcomesShifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business Outcomes
CAST
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
CAST
 
The business case for software analysis & measurement
The business case for software analysis & measurementThe business case for software analysis & measurement
The business case for software analysis & measurement
CAST
 
Cast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance InfographicCast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance Infographic
CAST
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysis
CAST
 
Deloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical DebtDeloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical Debt
CAST
 
What you should know about software measurement platforms
What you should know about software measurement platformsWhat you should know about software measurement platforms
What you should know about software measurement platforms
CAST
 
CRASH Report 2014
CRASH Report 2014CRASH Report 2014
CRASH Report 2014
CAST
 

More from CAST (20)

Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systems
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical Systems
 
Cloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST HighlightCloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST Highlight
 
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership OverviewCloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case Study
 
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
 
Green indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in codeGreen indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in code
 
9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets
 
Improving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based ContractsImproving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based Contracts
 
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC ToolkitDrive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
 
CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.
 
Shifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business OutcomesShifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business Outcomes
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
 
The business case for software analysis & measurement
The business case for software analysis & measurementThe business case for software analysis & measurement
The business case for software analysis & measurement
 
Cast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance InfographicCast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance Infographic
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysis
 
Deloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical DebtDeloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical Debt
 
What you should know about software measurement platforms
What you should know about software measurement platformsWhat you should know about software measurement platforms
What you should know about software measurement platforms
 
CRASH Report 2014
CRASH Report 2014CRASH Report 2014
CRASH Report 2014
 

Recently uploaded

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 

Recently uploaded (20)

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 

Application Assessment - Executive Summary Report

  • 1. CAST Confidential CAST The Leader in Software Analytics John Doe
  • 2. CAST Confidential 2 Agenda • Context & Objectives • About CAST • High level results • Critical Violations focus • Complexity & Documentation focus • Architecture Analysis • Detailed results • Industry benchmark • Summary and recommendations • Appendix
  • 3. CAST Confidential 3 Business Objective NOVA is an application that manages the missions, times and invoicing of XXXX. It offers fairly complex management features that also include analysis and reporting. NOVA is based on the XXX software package, which has not attracted users, mainly due to a lack of ergonomics. In 2006, NOVA was redeveloped the application in.NET. Although this new development builds on some components of the initial application, NOVA is now essentially a specific development. XXX considers that the application works properly without any particular pain. On the other hand, it evolves continuously, the team working continuously with tense flow with demands that arrive at the run of the water. 10 years after this rewrite XXX wishes to take stock of the application and define a strategy for the future evolutions. • Objective of the initiative: Study the durability of the application and define a target − Where are the main risks on the application? − How can we position ourselves for the future? • To determine the main risks of the application, this assessment will review: ➢ Performance and Scalability of the application ➢ Robustness and Security of the application ➢ Maintainability of the code and the technical base • This assessment is based on : ➢ The automated system-level analysis provided by CAST AIP ➢ An interpretation of the results by CAST personnel.
  • 5. CAST Confidential Summary of APPLICATION results APPLICATION is a large size application with 781,124 lines of code for 163,205 test cases to cover the whole application. APPLICATION shows a very high risk in Efficiency and high risks in Robustness and Security. Some improvements could be done on Changeability. Transferability has a better score of 2.65 which results in a good team transfer / turnover handling capability. The documentation ratio is good, with 33% of the lines of code commented (the average in the industry is 25%). Documentation Ratio 781,124 / 220,051 = 33% # Test Cases (Cyclomatic Complexity): 163,205 RISQUE A COURT TERME MAINTANABILITY VOLUMETRIE DEFECTSSHORT TERM RISKS SIZING 2.45 2.21 / 4 2.15 / 4 1.84 / 4 2.28 / 4 2.35 / 4
  • 6. CAST Confidential By Technology: T-SQL Prog. Arch. Doc. T-SQL 2,05 3,14 1,66 Conformance to Best Practices TQI Robu. Eff. Sec.. Trans. Chng. T-SQL 2,24 2,39 1,74 2,22 2,13 2,51 Health Factors • The databases present a high level of risk on all health factors, and in particular on the performance of stored procedures. • The SQL code carries more than 50% of the critical defects identified by CAST AIP (916 for 1,701) • More than 70% of these defects are related to insufficient error handling in the stored procedures. 26% of these defects concern loops within SQL queries. • Stored procedures have few comments that strongly degrade the Documentation score • That being said, CAST AIP has not identified calls to more than 1,000 stored procedures: they are no longer used, or are used by peripheral programs (eg batch processes) Summary Technology Inventory T-SQL 100% Nom KLoC Art. Database 154 3120 TOTAL 154 VIOLATIONS Nom Value Critical Violations 5 Number of violations 916 Defect Density in kLoC 5.95 BY MODULE
  • 8. CAST Confidential Maintainability – VB.NET Evaluates the ease and speed of changing an applicationEvaluates ease of appropriation / impact on productivity when the code of an application is taken over by a new team or collaborator Transferability: 2.84 Changeability: 2.93 Technical Criteria Indic. Documentation - Volume of Comments 1.54 Documentation - Style Conformity 1.64 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Documentation - Bad Comments 3.43 Volume - Number of LOC 3.65 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Technical Criteria Indic. Architecture - Reuse 1.37 Documentation - Volume of Comments 1.54 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Programming Practices - Modularity and OO Encapsulation Conformity 2.41 Architecture - Multi-Layers and Data Access 2.71 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Architecture - OS and Platform Independence 4.00 • Primary issue is insufficient documentation • Low rate of comments and low respect for the style of code writing and naming conventions • Quasi-nonexistent test code • Complexity is well controlled in VB.NET • The absence of a centralized data access layer degrades architecture indicators related to data access Summary
  • 9. CAST Confidential Complexity Distribution SQL VB.NET .NET Base 1 523 15 519 18 393 Increasing 506 3 068 1 019 High 285 705 113 Very High 244 377 35 • The SQL code shows strong signs of application erosion with 11.1% + 9.5% components of high complexity and very high • 40% of the stored procedures are not called by the Octave code of which 80 stored procedures are called by an external scheduler (import / export data). • The distribution of complexity is being degraded on the VB.NET code (with 3.6% + 1.9%) • This code being 15 to 20 years old, this shows that the team has tackled to control the drift of complexity. • The complexity of the .NET code is well controlled (with 0.6% + 0.2%) • This code embodies recent code (Octave Web 7 <2 years) and less recent (Back Office .NET 4.5> 6 years) and thus testifies of a good effort of mastery on the part of the team. Summary App Erosion - Advanced with T-SQL - In Progress with VB.NET - Negligble with .NET CAST recommends to not exceed 5-6% complexity rates
  • 11. CAST Confidential Back Office VB.NET – Drivers of Efficiency Technical Criteria – Efficiency Métier Transverse Efficiency - Expensive Calls in Loops 2,42 3,58 Efficiency - SQL and Data Handling Performance 3,63 3,10 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - SQL Queries 4,00 3,30 • Performance indicators are good in both modules • In particular the complexity and performance of SQL queries is well controlled • The business module "VB.NET Octave" often uses "DoEvents" from a loop • By making the hand too systematically, the treatments are suspended • There are 160 critical "Expensive Calls in Loops" • The use of "Variant" variables is also damaging • This data type is less efficient and more memory intensive • 19 critical defects for the criterion "Dynamic Instantiation" Summary 3,35 3,47
  • 12. CAST Confidential Back Office VB.NET – Drivers of Robustness Technical Criteria- Robustness Métier Transverse Architecture - Reuse 1,38 1,34 Architecture - Multi-Layers and Data Access 3,81 1,92 Dead code (static) 2,55 2,02 Architecture - Object-level Dependencies 2,80 3,06 Complexity - Algorithmic and Control Structure Complexity 3,07 3,22 Complexity - Technical Complexity 3,10 3,56 Programming Practices - Error and Exception Handling 3,68 3,28 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - OO Inheritance and Polymorphism 3,99 3,91 Complexity - SQL Queries 4,00 3,30 Architecture - OS and Platform Independence 4,00 4,00 Programming Practices - Structuredness 4,00 4,00 • The absence of a layer dedicated to data access prevents the structuring of the code • SQL queries are scattered throughout the application (business classes, User Controls, screens) to access the data • CAST AIP also detects a large amount of copied / pasted code ("Reuse" criterion) • Defects in the original code are propagated in the copied code, which can be regressive if corrections are postponed • The criteria related to complexity indicate the efforts made to master this complexity 20 years after the first developments • The code also shows good error management practices Summary 3,42 3,18
  • 14. CAST Confidential Back Office VB.NET – Architecture interne • The Back Office VB.NET (historical version) shows a 2-tier Windows client architecture + SQL Server • There is no layer dedicated to access to the database • The database is interrogated directly by the business classes but also by the "User Controls" and the screens themselves • There are gateways between Back-Office VB.NET and .NET (not shown here) • The system runs on a secure TSE Windows server, sized and hosted by OCTAVE
  • 15. CAST Confidential Back Office VB.NET – Security & Scalability Evaluates the system's ability to protect its internal state and data integrity Security: 3,38 Technical Criteria Indic. Architecture - Multi-Layers and Data Access 2,71 Secure Coding - Encapsulation 3,60 Programming Practices - Error and Exception Handling 3,62 Architecture - OS and Platform Independence 4,00 Evaluates the effectiveness of the algorithms implemented in the system from the point of view of performance Efficiency: 3,25 Technical Criteria Indic. Efficiency - Expensive Calls in Loops 2,86 Efficiency - SQL and Data Handling Performance 3,15 Complexity - SQL Queries 3,32 Complexity - Dynamic Instantiation 3,86 • The use of the Back-Office VB.NET is subject to authentication of the user via the Resident • The Resident runs on the client computer and connects the user to the TSE environment hosting the Back-Office • The lack of a data access layer in the Back-Office VB.NET is detrimental to security by several aspects • Data Integrity: The spread of SQL queries in the code poses a risk of misaligning business rules or deviating from the data model Note: OCTAVE has a tool to automate the updating of Data models and stored procedures. • Protection against attacks: SQL queries are built by hand by concatenation, often integrating external data, provided by the user. This poses risks of security breach by SQL injection. Note: the Back-Office is an application used by a restricted population on a secure infrastructure, which minimizes the risk. Summary
  • 17. CAST Confidential 17 APPLICATION Benchmark • Appmarq is by far the biggest repository of data about real IT systems. It’s built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals (more than 2500 applications registered). 740 applications 457.37M lines of code 87 organizations Security is a bigger focus for the industry than Changeability and Transferability.
  • 19. CAST Confidential 19 Overall Summary - In general, on all projects, there is respect for good programming practices and a visible effort to master the complexity of VB.NET and .NET programs. - The replacement of the Back-Office VB.NET is well understood, there are gateways between the VB.NET code and the .NET code. - The architecture of .NET projects corresponds to good practices and is well respected. - The e-Commerce portal has good technical features: latest .NET framework, Elastic Search indexes, and use of external Web services. - The Back-Office VB.NET relies on an obsolete environment - Back-Office requires the installation of a local component (Octave Resident) and the opening of connections to TSE - Databases have evolved significantly over the last 20 years, with a significant increase in the complexity of SQL processing - Robustness and Security share common areas of improvement: management of exceptions and transactions - Management of resources in loops (eg memory) and SQL processing are the main drivers of Performance - The code has few comments overall and unit tests are non-existent, however the structuring of .NET developments is compatible with an efficient testing procedure Postives Tobereviewed/addressed
  • 21. CAST Confidential Critical Violations by Technology Technology Critical Violations # of Violations T-SQL Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management 665 Avoid using SQL queries inside a loop 188 Avoid Cursors inside a loop 49 Avoid use of "truncate table" 13 Avoid exists independent clauses 1 .NET Avoid instantiations inside loops 288 Avoid declaring public Fields 154 Avoid cyclical calls and inheritances between namespaces content 137 Avoid empty catch blocks 58 Avoid using untyped DataSet 18 The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. 17 Close SQL connection ASAP 4 VB.NET Utilization of "DoEvents" inside a loop 165 Avoid Variables declared as Variants 23
  • 22. CAST Confidential 22 Performance: Large SQL table access with no suitable index ▪ Large tables accessed with no suitable index
  • 23. CAST Confidential 23 Robustness: Architecture Compliance
  • 24. CAST Confidential 24 Security: Cross-site scripting