Case Study: US Large Insurer identifies and remediates critical system-level security vulnerabilities with CAST AIP

Finding system level security vulnerabilities

One of the major insurers in the US faced difficulty prioritizing and fixing security flaws across numerous internal and customer‑facing applications. They were already using Veracode but wanted a complementary analysis to surface system‑level vulnerabilities and issues Veracode might miss.

CAST AIP ranked web‑based, client‑facing products by security score, identified and prioritized the lowest‑ranking CWEs (including XSS, file path manipulation, SQL injection and log forging), and uncovered rule violations that Veracode did not detect. By focusing remediation on the most critical defects, the customer was able to remediate high‑risk issues quickly and track security score trends across 35 apps.