SlideShare une entreprise Scribd logo

Application Assessment - Executive Summary Report

CAST
CAST

See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment Assessing application development like the rest of the business Well overdue, it is time to measure application development and maintenance the same way as the rest of the business, based on not just how much work someone does, but how well they do the work. As we know, looking to see if the code works as expected is only a single measurement. Knowing how easy it will be to maintain over time, how flexible it is to change as required by business changes, how quickly new team members can understand the code and get working on it and how easily the application can be tested are just some of the things that we need to look at in order to understand the real quality of the work being done by application development teams. When these measurements are combined with ways of counting the productivity (quantity) of development teams, we can get a real understanding of how well the teams are performing and what return is being realized from the investment. These measurements can be assessed both for in-house development organizations as well as the work being done by outsourcers. The applications delivered by IT are a significant differentiator between competitors and therefore it needs to be managed as a core business process. Held up against corporate standards and no matter how or where the development work is done, it must be done well and the resulting applications need to be able to withstand time. See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment

Technologie
1  sur  24
Télécharger pour lire hors ligne
CAST Confidential CAST The Leader in Software Analytics John Doe
CAST Confidential 2 Agenda • Context & Objectives • About CAST • High level results • Critical Violations focus • Complexity & Documentation focus • Architecture Analysis • Detailed results • Industry benchmark • Summary and recommendations • Appendix
CAST Confidential 3 Business Objective NOVA is an application that manages the missions, times and invoicing of XXXX. It offers fairly complex management features that also include analysis and reporting. NOVA is based on the XXX software package, which has not attracted users, mainly due to a lack of ergonomics. In 2006, NOVA was redeveloped the application in.NET. Although this new development builds on some components of the initial application, NOVA is now essentially a specific development. XXX considers that the application works properly without any particular pain. On the other hand, it evolves continuously, the team working continuously with tense flow with demands that arrive at the run of the water. 10 years after this rewrite XXX wishes to take stock of the application and define a strategy for the future evolutions. • Objective of the initiative: Study the durability of the application and define a target − Where are the main risks on the application? − How can we position ourselves for the future? • To determine the main risks of the application, this assessment will review: ➢ Performance and Scalability of the application ➢ Robustness and Security of the application ➢ Maintainability of the code and the technical base • This assessment is based on : ➢ The automated system-level analysis provided by CAST AIP ➢ An interpretation of the results by CAST personnel.
CAST Confidential Executive Summary
CAST Confidential Summary of APPLICATION results APPLICATION is a large size application with 781,124 lines of code for 163,205 test cases to cover the whole application. APPLICATION shows a very high risk in Efficiency and high risks in Robustness and Security. Some improvements could be done on Changeability. Transferability has a better score of 2.65 which results in a good team transfer / turnover handling capability. The documentation ratio is good, with 33% of the lines of code commented (the average in the industry is 25%). Documentation Ratio 781,124 / 220,051 = 33% # Test Cases (Cyclomatic Complexity): 163,205 RISQUE A COURT TERME MAINTANABILITY VOLUMETRIE DEFECTSSHORT TERM RISKS SIZING 2.45 2.21 / 4 2.15 / 4 1.84 / 4 2.28 / 4 2.35 / 4
CAST Confidential By Technology: T-SQL Prog. Arch. Doc. T-SQL 2,05 3,14 1,66 Conformance to Best Practices TQI Robu. Eff. Sec.. Trans. Chng. T-SQL 2,24 2,39 1,74 2,22 2,13 2,51 Health Factors • The databases present a high level of risk on all health factors, and in particular on the performance of stored procedures. • The SQL code carries more than 50% of the critical defects identified by CAST AIP (916 for 1,701) • More than 70% of these defects are related to insufficient error handling in the stored procedures. 26% of these defects concern loops within SQL queries. • Stored procedures have few comments that strongly degrade the Documentation score • That being said, CAST AIP has not identified calls to more than 1,000 stored procedures: they are no longer used, or are used by peripheral programs (eg batch processes) Summary Technology Inventory T-SQL 100% Nom KLoC Art. Database 154 3120 TOTAL 154 VIOLATIONS Nom Value Critical Violations 5 Number of violations 916 Defect Density in kLoC 5.95 BY MODULE
CAST Confidential Maintainability & Complexity
CAST Confidential Maintainability – VB.NET Evaluates the ease and speed of changing an applicationEvaluates ease of appropriation / impact on productivity when the code of an application is taken over by a new team or collaborator Transferability: 2.84 Changeability: 2.93 Technical Criteria Indic. Documentation - Volume of Comments 1.54 Documentation - Style Conformity 1.64 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Documentation - Bad Comments 3.43 Volume - Number of LOC 3.65 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Technical Criteria Indic. Architecture - Reuse 1.37 Documentation - Volume of Comments 1.54 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Programming Practices - Modularity and OO Encapsulation Conformity 2.41 Architecture - Multi-Layers and Data Access 2.71 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Architecture - OS and Platform Independence 4.00 • Primary issue is insufficient documentation • Low rate of comments and low respect for the style of code writing and naming conventions • Quasi-nonexistent test code • Complexity is well controlled in VB.NET • The absence of a centralized data access layer degrades architecture indicators related to data access Summary
CAST Confidential Complexity Distribution SQL VB.NET .NET Base 1 523 15 519 18 393 Increasing 506 3 068 1 019 High 285 705 113 Very High 244 377 35 • The SQL code shows strong signs of application erosion with 11.1% + 9.5% components of high complexity and very high • 40% of the stored procedures are not called by the Octave code of which 80 stored procedures are called by an external scheduler (import / export data). • The distribution of complexity is being degraded on the VB.NET code (with 3.6% + 1.9%) • This code being 15 to 20 years old, this shows that the team has tackled to control the drift of complexity. • The complexity of the .NET code is well controlled (with 0.6% + 0.2%) • This code embodies recent code (Octave Web 7 <2 years) and less recent (Back Office .NET 4.5> 6 years) and thus testifies of a good effort of mastery on the part of the team. Summary App Erosion - Advanced with T-SQL - In Progress with VB.NET - Negligble with .NET CAST recommends to not exceed 5-6% complexity rates
CAST Confidential Efficiency & Robustness
CAST Confidential Back Office VB.NET – Drivers of Efficiency Technical Criteria – Efficiency Métier Transverse Efficiency - Expensive Calls in Loops 2,42 3,58 Efficiency - SQL and Data Handling Performance 3,63 3,10 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - SQL Queries 4,00 3,30 • Performance indicators are good in both modules • In particular the complexity and performance of SQL queries is well controlled • The business module "VB.NET Octave" often uses "DoEvents" from a loop • By making the hand too systematically, the treatments are suspended • There are 160 critical "Expensive Calls in Loops" • The use of "Variant" variables is also damaging • This data type is less efficient and more memory intensive • 19 critical defects for the criterion "Dynamic Instantiation" Summary 3,35 3,47
CAST Confidential Back Office VB.NET – Drivers of Robustness Technical Criteria- Robustness Métier Transverse Architecture - Reuse 1,38 1,34 Architecture - Multi-Layers and Data Access 3,81 1,92 Dead code (static) 2,55 2,02 Architecture - Object-level Dependencies 2,80 3,06 Complexity - Algorithmic and Control Structure Complexity 3,07 3,22 Complexity - Technical Complexity 3,10 3,56 Programming Practices - Error and Exception Handling 3,68 3,28 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - OO Inheritance and Polymorphism 3,99 3,91 Complexity - SQL Queries 4,00 3,30 Architecture - OS and Platform Independence 4,00 4,00 Programming Practices - Structuredness 4,00 4,00 • The absence of a layer dedicated to data access prevents the structuring of the code • SQL queries are scattered throughout the application (business classes, User Controls, screens) to access the data • CAST AIP also detects a large amount of copied / pasted code ("Reuse" criterion) • Defects in the original code are propagated in the copied code, which can be regressive if corrections are postponed • The criteria related to complexity indicate the efforts made to master this complexity 20 years after the first developments • The code also shows good error management practices Summary 3,42 3,18
CAST Confidential Architecture, Security, & Scalability
CAST Confidential Back Office VB.NET – Architecture interne • The Back Office VB.NET (historical version) shows a 2-tier Windows client architecture + SQL Server • There is no layer dedicated to access to the database • The database is interrogated directly by the business classes but also by the "User Controls" and the screens themselves • There are gateways between Back-Office VB.NET and .NET (not shown here) • The system runs on a secure TSE Windows server, sized and hosted by OCTAVE
CAST Confidential Back Office VB.NET – Security & Scalability Evaluates the system's ability to protect its internal state and data integrity Security: 3,38 Technical Criteria Indic. Architecture - Multi-Layers and Data Access 2,71 Secure Coding - Encapsulation 3,60 Programming Practices - Error and Exception Handling 3,62 Architecture - OS and Platform Independence 4,00 Evaluates the effectiveness of the algorithms implemented in the system from the point of view of performance Efficiency: 3,25 Technical Criteria Indic. Efficiency - Expensive Calls in Loops 2,86 Efficiency - SQL and Data Handling Performance 3,15 Complexity - SQL Queries 3,32 Complexity - Dynamic Instantiation 3,86 • The use of the Back-Office VB.NET is subject to authentication of the user via the Resident • The Resident runs on the client computer and connects the user to the TSE environment hosting the Back-Office • The lack of a data access layer in the Back-Office VB.NET is detrimental to security by several aspects • Data Integrity: The spread of SQL queries in the code poses a risk of misaligning business rules or deviating from the data model Note: OCTAVE has a tool to automate the updating of Data models and stored procedures. • Protection against attacks: SQL queries are built by hand by concatenation, often integrating external data, provided by the user. This poses risks of security breach by SQL injection. Note: the Back-Office is an application used by a restricted population on a secure infrastructure, which minimizes the risk. Summary
CAST Confidential Industry Benchmark
CAST Confidential 17 APPLICATION Benchmark • Appmarq is by far the biggest repository of data about real IT systems. It’s built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals (more than 2500 applications registered). 740 applications 457.37M lines of code 87 organizations Security is a bigger focus for the industry than Changeability and Transferability.
CAST Confidential Recommendations
CAST Confidential 19 Overall Summary - In general, on all projects, there is respect for good programming practices and a visible effort to master the complexity of VB.NET and .NET programs. - The replacement of the Back-Office VB.NET is well understood, there are gateways between the VB.NET code and the .NET code. - The architecture of .NET projects corresponds to good practices and is well respected. - The e-Commerce portal has good technical features: latest .NET framework, Elastic Search indexes, and use of external Web services. - The Back-Office VB.NET relies on an obsolete environment - Back-Office requires the installation of a local component (Octave Resident) and the opening of connections to TSE - Databases have evolved significantly over the last 20 years, with a significant increase in the complexity of SQL processing - Robustness and Security share common areas of improvement: management of exceptions and transactions - Management of resources in loops (eg memory) and SQL processing are the main drivers of Performance - The code has few comments overall and unit tests are non-existent, however the structuring of .NET developments is compatible with an efficient testing procedure Postives Tobereviewed/addressed
CAST Confidential Appendix: Critical Violations Found
CAST Confidential Critical Violations by Technology Technology Critical Violations # of Violations T-SQL Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management 665 Avoid using SQL queries inside a loop 188 Avoid Cursors inside a loop 49 Avoid use of "truncate table" 13 Avoid exists independent clauses 1 .NET Avoid instantiations inside loops 288 Avoid declaring public Fields 154 Avoid cyclical calls and inheritances between namespaces content 137 Avoid empty catch blocks 58 Avoid using untyped DataSet 18 The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. 17 Close SQL connection ASAP 4 VB.NET Utilization of "DoEvents" inside a loop 165 Avoid Variables declared as Variants 23
CAST Confidential 22 Performance: Large SQL table access with no suitable index ▪ Large tables accessed with no suitable index
CAST Confidential 23 Robustness: Architecture Compliance
CAST Confidential 24 Security: Cross-site scripting

Recommandé

State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
What is Enterprise Architecture?
What is Enterprise Architecture?What is Enterprise Architecture?
What is Enterprise Architecture?BOC Group
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020Jose Palanco
 

Recommandé

State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
What is Enterprise Architecture?
What is Enterprise Architecture?What is Enterprise Architecture?
What is Enterprise Architecture?BOC Group
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020Jose Palanco
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Successaccenture
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Fahmi Abdul Latip
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small businessBDPA Charlotte - Information Technology Thought Leaders
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxdamilolasunmola
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma
 
Resume
ResumeResume
Resumevijay Vijayarajancs
 

Contenu connexe

Tendances

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Successaccenture
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Fahmi Abdul Latip
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxdamilolasunmola
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 

Tendances (20)

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small business
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptx
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Similaire à Application Assessment - Executive Summary Report

Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma
 
20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)LeClubQualiteLogicielle
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld
 
Azure Application Architecture Guide
Azure Application Architecture GuideAzure Application Architecture Guide
Azure Application Architecture GuideMasashi Narumoto
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual KARUNANIDHI ETHIRAJ
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
 
Application Crisis avoidance six things you can do
Application Crisis avoidance six things you can doApplication Crisis avoidance six things you can do
Application Crisis avoidance six things you can doApalytics
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
Lessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at DatabricksLessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at DatabricksMatei Zaharia
 
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...IRJET Journal
 
A Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere ToolsA Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere Toolsghodgkinson
 
IRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 ArchitectureIRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 ArchitectureIRJET Journal
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420Steve Goeringer
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreIRJET Journal
 

Similaire à Application Assessment - Executive Summary Report (20)

Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
Nesma autumn conference 2015 - Is FPA a valuable addition to predictable agil...
 
Resume
ResumeResume
Resume
 
20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)20100309 01 - Maintenance and re-engineering (McCabe)
20100309 01 - Maintenance and re-engineering (McCabe)
 
VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center VMworld 2013: Architecting the Software-Defined Data Center
VMworld 2013: Architecting the Software-Defined Data Center
 
Azure Application Architecture Guide
Azure Application Architecture GuideAzure Application Architecture Guide
Azure Application Architecture Guide
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
Karunanidhi e qa in 8 +years exp in automation selenium jmeter jenkins manual
 
SAP consulting results
SAP consulting resultsSAP consulting results
SAP consulting results
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Atul_T_Biradar_CV
Atul_T_Biradar_CVAtul_T_Biradar_CV
Atul_T_Biradar_CV
 
JESSIESEMANA_CV_1
JESSIESEMANA_CV_1JESSIESEMANA_CV_1
JESSIESEMANA_CV_1
 
Application Crisis avoidance six things you can do
Application Crisis avoidance six things you can doApplication Crisis avoidance six things you can do
Application Crisis avoidance six things you can do
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
Lessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at DatabricksLessons from Large-Scale Cloud Software at Databricks
Lessons from Large-Scale Cloud Software at Databricks
 
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
IRJET- Analysis of Micro Inversion to Improve Fault Tolerance in High Spe...
 
A Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere ToolsA Software Factory Integrating Rational & WebSphere Tools
A Software Factory Integrating Rational & WebSphere Tools
 
IRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 ArchitectureIRJET- Adding Support for Vector Instructions to 8051 Architecture
IRJET- Adding Support for Vector Instructions to 8051 Architecture
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
 

Plus de CAST

Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsCAST
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsCAST
 
Cloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST HighlightCloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST HighlightCAST
 
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership OverviewCloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership OverviewCAST
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
 
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...CAST
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safeCAST
 
Green indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in codeGreen indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in codeCAST
 
9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets9 Steps to Creating ADM Budgets
9 Steps to Creating ADM BudgetsCAST
 
Improving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based ContractsImproving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based ContractsCAST
 
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC ToolkitDrive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC ToolkitCAST
 
CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.CAST
 
Shifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business OutcomesShifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business OutcomesCAST
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityCAST
 
The business case for software analysis & measurement
The business case for software analysis & measurementThe business case for software analysis & measurement
The business case for software analysis & measurementCAST
 
Cast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance InfographicCast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance InfographicCAST
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysisCAST
 
Deloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical DebtDeloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical DebtCAST
 
What you should know about software measurement platforms
What you should know about software measurement platformsWhat you should know about software measurement platforms
What you should know about software measurement platformsCAST
 
CRASH Report 2014
CRASH Report 2014CRASH Report 2014
CRASH Report 2014CAST
 

Plus de CAST (20)

Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systems
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical Systems
 
Cloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST HighlightCloud Migration: Azure acceleration with CAST Highlight
Cloud Migration: Azure acceleration with CAST Highlight
 
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership OverviewCloud Readiness : CAST & Microsoft Azure Partnership Overview
Cloud Readiness : CAST & Microsoft Azure Partnership Overview
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case Study
 
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
Digital Transformation e-book: Taking the 20X20n approach to accelerating Dig...
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
 
Green indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in codeGreen indexes used in CAST to measure the energy consumption in code
Green indexes used in CAST to measure the energy consumption in code
 
9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets9 Steps to Creating ADM Budgets
9 Steps to Creating ADM Budgets
 
Improving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based ContractsImproving ADM Vendor Relationship through Outcome Based Contracts
Improving ADM Vendor Relationship through Outcome Based Contracts
 
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC ToolkitDrive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
Drive Business Excellence with Outcomes-Based Contracting: The OBC Toolkit
 
CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.CAST Highlight: Code-level portfolio analysis. FAST.
CAST Highlight: Code-level portfolio analysis. FAST.
 
Shifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business OutcomesShifting Vendor Management Focus to Risk and Business Outcomes
Shifting Vendor Management Focus to Risk and Business Outcomes
 
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software SecurityApplying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
 
The business case for software analysis & measurement
The business case for software analysis & measurementThe business case for software analysis & measurement
The business case for software analysis & measurement
 
Cast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance InfographicCast Highlight Software Maintenance Infographic
Cast Highlight Software Maintenance Infographic
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysis
 
Deloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical DebtDeloitte Tech Trends 2014 Technical Debt
Deloitte Tech Trends 2014 Technical Debt
 
What you should know about software measurement platforms
What you should know about software measurement platformsWhat you should know about software measurement platforms
What you should know about software measurement platforms
 
CRASH Report 2014
CRASH Report 2014CRASH Report 2014
CRASH Report 2014
 

Dernier

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Application Assessment - Executive Summary Report

  • 1. CAST Confidential CAST The Leader in Software Analytics John Doe
  • 2. CAST Confidential 2 Agenda • Context & Objectives • About CAST • High level results • Critical Violations focus • Complexity & Documentation focus • Architecture Analysis • Detailed results • Industry benchmark • Summary and recommendations • Appendix
  • 3. CAST Confidential 3 Business Objective NOVA is an application that manages the missions, times and invoicing of XXXX. It offers fairly complex management features that also include analysis and reporting. NOVA is based on the XXX software package, which has not attracted users, mainly due to a lack of ergonomics. In 2006, NOVA was redeveloped the application in.NET. Although this new development builds on some components of the initial application, NOVA is now essentially a specific development. XXX considers that the application works properly without any particular pain. On the other hand, it evolves continuously, the team working continuously with tense flow with demands that arrive at the run of the water. 10 years after this rewrite XXX wishes to take stock of the application and define a strategy for the future evolutions. • Objective of the initiative: Study the durability of the application and define a target − Where are the main risks on the application? − How can we position ourselves for the future? • To determine the main risks of the application, this assessment will review: ➢ Performance and Scalability of the application ➢ Robustness and Security of the application ➢ Maintainability of the code and the technical base • This assessment is based on : ➢ The automated system-level analysis provided by CAST AIP ➢ An interpretation of the results by CAST personnel.
  • 5. CAST Confidential Summary of APPLICATION results APPLICATION is a large size application with 781,124 lines of code for 163,205 test cases to cover the whole application. APPLICATION shows a very high risk in Efficiency and high risks in Robustness and Security. Some improvements could be done on Changeability. Transferability has a better score of 2.65 which results in a good team transfer / turnover handling capability. The documentation ratio is good, with 33% of the lines of code commented (the average in the industry is 25%). Documentation Ratio 781,124 / 220,051 = 33% # Test Cases (Cyclomatic Complexity): 163,205 RISQUE A COURT TERME MAINTANABILITY VOLUMETRIE DEFECTSSHORT TERM RISKS SIZING 2.45 2.21 / 4 2.15 / 4 1.84 / 4 2.28 / 4 2.35 / 4
  • 6. CAST Confidential By Technology: T-SQL Prog. Arch. Doc. T-SQL 2,05 3,14 1,66 Conformance to Best Practices TQI Robu. Eff. Sec.. Trans. Chng. T-SQL 2,24 2,39 1,74 2,22 2,13 2,51 Health Factors • The databases present a high level of risk on all health factors, and in particular on the performance of stored procedures. • The SQL code carries more than 50% of the critical defects identified by CAST AIP (916 for 1,701) • More than 70% of these defects are related to insufficient error handling in the stored procedures. 26% of these defects concern loops within SQL queries. • Stored procedures have few comments that strongly degrade the Documentation score • That being said, CAST AIP has not identified calls to more than 1,000 stored procedures: they are no longer used, or are used by peripheral programs (eg batch processes) Summary Technology Inventory T-SQL 100% Nom KLoC Art. Database 154 3120 TOTAL 154 VIOLATIONS Nom Value Critical Violations 5 Number of violations 916 Defect Density in kLoC 5.95 BY MODULE
  • 8. CAST Confidential Maintainability – VB.NET Evaluates the ease and speed of changing an applicationEvaluates ease of appropriation / impact on productivity when the code of an application is taken over by a new team or collaborator Transferability: 2.84 Changeability: 2.93 Technical Criteria Indic. Documentation - Volume of Comments 1.54 Documentation - Style Conformity 1.64 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Documentation - Bad Comments 3.43 Volume - Number of LOC 3.65 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Technical Criteria Indic. Architecture - Reuse 1.37 Documentation - Volume of Comments 1.54 Documentation - Naming Convention Conformity 1.86 Dead code (static) 2.31 Programming Practices - Modularity and OO Encapsulation Conformity 2.41 Architecture - Multi-Layers and Data Access 2.71 Architecture - Object-level Dependencies 2.87 Complexity - Algorithmic and Control Structure Complexity 3.15 Complexity - SQL Queries 3.32 Complexity - Dynamic Instantiation 3.86 Complexity - OO Inheritance and Polymorphism 3.98 Programming Practices - Structuredness 4.00 Architecture - OS and Platform Independence 4.00 • Primary issue is insufficient documentation • Low rate of comments and low respect for the style of code writing and naming conventions • Quasi-nonexistent test code • Complexity is well controlled in VB.NET • The absence of a centralized data access layer degrades architecture indicators related to data access Summary
  • 9. CAST Confidential Complexity Distribution SQL VB.NET .NET Base 1 523 15 519 18 393 Increasing 506 3 068 1 019 High 285 705 113 Very High 244 377 35 • The SQL code shows strong signs of application erosion with 11.1% + 9.5% components of high complexity and very high • 40% of the stored procedures are not called by the Octave code of which 80 stored procedures are called by an external scheduler (import / export data). • The distribution of complexity is being degraded on the VB.NET code (with 3.6% + 1.9%) • This code being 15 to 20 years old, this shows that the team has tackled to control the drift of complexity. • The complexity of the .NET code is well controlled (with 0.6% + 0.2%) • This code embodies recent code (Octave Web 7 <2 years) and less recent (Back Office .NET 4.5> 6 years) and thus testifies of a good effort of mastery on the part of the team. Summary App Erosion - Advanced with T-SQL - In Progress with VB.NET - Negligble with .NET CAST recommends to not exceed 5-6% complexity rates
  • 11. CAST Confidential Back Office VB.NET – Drivers of Efficiency Technical Criteria – Efficiency Métier Transverse Efficiency - Expensive Calls in Loops 2,42 3,58 Efficiency - SQL and Data Handling Performance 3,63 3,10 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - SQL Queries 4,00 3,30 • Performance indicators are good in both modules • In particular the complexity and performance of SQL queries is well controlled • The business module "VB.NET Octave" often uses "DoEvents" from a loop • By making the hand too systematically, the treatments are suspended • There are 160 critical "Expensive Calls in Loops" • The use of "Variant" variables is also damaging • This data type is less efficient and more memory intensive • 19 critical defects for the criterion "Dynamic Instantiation" Summary 3,35 3,47
  • 12. CAST Confidential Back Office VB.NET – Drivers of Robustness Technical Criteria- Robustness Métier Transverse Architecture - Reuse 1,38 1,34 Architecture - Multi-Layers and Data Access 3,81 1,92 Dead code (static) 2,55 2,02 Architecture - Object-level Dependencies 2,80 3,06 Complexity - Algorithmic and Control Structure Complexity 3,07 3,22 Complexity - Technical Complexity 3,10 3,56 Programming Practices - Error and Exception Handling 3,68 3,28 Complexity - Dynamic Instantiation 3,86 3,91 Complexity - OO Inheritance and Polymorphism 3,99 3,91 Complexity - SQL Queries 4,00 3,30 Architecture - OS and Platform Independence 4,00 4,00 Programming Practices - Structuredness 4,00 4,00 • The absence of a layer dedicated to data access prevents the structuring of the code • SQL queries are scattered throughout the application (business classes, User Controls, screens) to access the data • CAST AIP also detects a large amount of copied / pasted code ("Reuse" criterion) • Defects in the original code are propagated in the copied code, which can be regressive if corrections are postponed • The criteria related to complexity indicate the efforts made to master this complexity 20 years after the first developments • The code also shows good error management practices Summary 3,42 3,18
  • 14. CAST Confidential Back Office VB.NET – Architecture interne • The Back Office VB.NET (historical version) shows a 2-tier Windows client architecture + SQL Server • There is no layer dedicated to access to the database • The database is interrogated directly by the business classes but also by the "User Controls" and the screens themselves • There are gateways between Back-Office VB.NET and .NET (not shown here) • The system runs on a secure TSE Windows server, sized and hosted by OCTAVE
  • 15. CAST Confidential Back Office VB.NET – Security & Scalability Evaluates the system's ability to protect its internal state and data integrity Security: 3,38 Technical Criteria Indic. Architecture - Multi-Layers and Data Access 2,71 Secure Coding - Encapsulation 3,60 Programming Practices - Error and Exception Handling 3,62 Architecture - OS and Platform Independence 4,00 Evaluates the effectiveness of the algorithms implemented in the system from the point of view of performance Efficiency: 3,25 Technical Criteria Indic. Efficiency - Expensive Calls in Loops 2,86 Efficiency - SQL and Data Handling Performance 3,15 Complexity - SQL Queries 3,32 Complexity - Dynamic Instantiation 3,86 • The use of the Back-Office VB.NET is subject to authentication of the user via the Resident • The Resident runs on the client computer and connects the user to the TSE environment hosting the Back-Office • The lack of a data access layer in the Back-Office VB.NET is detrimental to security by several aspects • Data Integrity: The spread of SQL queries in the code poses a risk of misaligning business rules or deviating from the data model Note: OCTAVE has a tool to automate the updating of Data models and stored procedures. • Protection against attacks: SQL queries are built by hand by concatenation, often integrating external data, provided by the user. This poses risks of security breach by SQL injection. Note: the Back-Office is an application used by a restricted population on a secure infrastructure, which minimizes the risk. Summary
  • 17. CAST Confidential 17 APPLICATION Benchmark • Appmarq is by far the biggest repository of data about real IT systems. It’s built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals (more than 2500 applications registered). 740 applications 457.37M lines of code 87 organizations Security is a bigger focus for the industry than Changeability and Transferability.
  • 19. CAST Confidential 19 Overall Summary - In general, on all projects, there is respect for good programming practices and a visible effort to master the complexity of VB.NET and .NET programs. - The replacement of the Back-Office VB.NET is well understood, there are gateways between the VB.NET code and the .NET code. - The architecture of .NET projects corresponds to good practices and is well respected. - The e-Commerce portal has good technical features: latest .NET framework, Elastic Search indexes, and use of external Web services. - The Back-Office VB.NET relies on an obsolete environment - Back-Office requires the installation of a local component (Octave Resident) and the opening of connections to TSE - Databases have evolved significantly over the last 20 years, with a significant increase in the complexity of SQL processing - Robustness and Security share common areas of improvement: management of exceptions and transactions - Management of resources in loops (eg memory) and SQL processing are the main drivers of Performance - The code has few comments overall and unit tests are non-existent, however the structuring of .NET developments is compatible with an efficient testing procedure Postives Tobereviewed/addressed
  • 21. CAST Confidential Critical Violations by Technology Technology Critical Violations # of Violations T-SQL Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management 665 Avoid using SQL queries inside a loop 188 Avoid Cursors inside a loop 49 Avoid use of "truncate table" 13 Avoid exists independent clauses 1 .NET Avoid instantiations inside loops 288 Avoid declaring public Fields 154 Avoid cyclical calls and inheritances between namespaces content 137 Avoid empty catch blocks 58 Avoid using untyped DataSet 18 The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. 17 Close SQL connection ASAP 4 VB.NET Utilization of "DoEvents" inside a loop 165 Avoid Variables declared as Variants 23
  • 22. CAST Confidential 22 Performance: Large SQL table access with no suitable index ▪ Large tables accessed with no suitable index
  • 23. CAST Confidential 23 Robustness: Architecture Compliance
  • 24. CAST Confidential 24 Security: Cross-site scripting