Likelihood to Recommend I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited
Read full review Pros Identifies common coding vulnerabilities. Compares code to industry best practices. Assesses the code for data privacy compliance. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Scanning our network for new or existing vulnerable systems. Automation of manual tests and exploits to allow what used to be days of effort to be squeezed into hours. Metasploit has become an integral part in our validation of new systems before their inclusion in our production network. Read full review Cons Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans. We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Have encountered issues with updating especially after moving from BackTrack to Kali. Sometimes it gets a little buggy, but that's a rare occurrence. Read full review Support Rating Tech support and pro services are top-notch.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review We don't use it.
Read full review Alternatives Considered These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Metasploit is an all around good suite of tools to test and validate potential vulnerabilites. Other tools have bits and pecies such as
Nmap , Nessus,
Burp Suite , etc. but Metasploit can function in the same way but more.
Read full review Return on Investment I believe once we had the tool working for our code base, we immediately saw positive ROI. We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review If you prevent an attack you will save a lot of money. There is a free version that has a lot of useful exploits. You can run it in an open source OS. Read full review ScreenShots CAST Highlight Screenshots