Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


As government and private sector applications move to “the cloud,” system analysts have few ways of measuring their exposure to known and unknown security risks. ATCorp has announced the availability of CSAS, a software tool that helps software developers and analysts discover actual vulnerabilities and configuration problems in their systems. It allows analysts to evaluate the overall risks those vulnerabilities pose in their specific applications, and mitigate those risks as warranted.

CSAS‘s approach applies to multiple applications:

  • Cloud application security analysis
  • Track system requirements
  • Software testing and validation
  • Impact/fault tree analysis to relate possible modes of attack
  • Attack reconstruction
  • Tracking of software vulnerability in complex applications

Key Ingredients

Unlike competing assessment systems, CSAS provides a framework for mapping high-level security concerns, such as the protection of sensitive data. CSAS‘s models also help compute metrics such as minimum remediation cost or attack complexity.

CSAS integrates into existing workflows by employing standards such as the U.S. National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP) and tools such as the NIST National Vulnerability Database (NVD). CSAS‘s tools can query Amazon Web Services (AWS) and OpenStack cloud configurations, as well as examine configuration data on individual cloud machine instances and external databases.

CSAS provides a number of benefits including:

  • Provides more thorough & repeatable analysis, through a structured, hierarchical framework for security models
  • Saves time: performs on-line tests to determine which modeled vulnerabilities are actually present
  • Improves and extends existing host-based security analysis techniques to the cloud and distributed systems
  • Saves labor, pinpoints problems faster; automates routine compliance testing to ensure risks have not been introduced due to configuration changes by the cloud provider or newly-discovered software vulnerabilities
  • Improves system designs: assists with design tradeoffs
  • Improves analytics: computes other tree-derived metrics, such as costs, impact, requirement analysis, or compliance

CSAS is available as a standalone graphical application for security analysts, a command-line edition for automated processing, and a version aimed at software developers that integrates with the Eclipse development environment.