Cigital

Cigital is the global leader in helping organisations design, build and maintain secure software

In essence just breaking software applications via pen-testing, vulnerability scans etc. is a deeply flawed approach to making things secure. Companies have been doing this for years and still systems get compromised on a regular basis. The ‘break’ only approach simply doesn’t work. Businesses have to start engineering security into their software development processes – ‘building security in’ is a Cigital mantra.

The Cigital approach advocates engineering security throughout the Software Development Lifecycle – Gap Analysis, Architecture Risk Analysis, Threat Modelling, Code Review, Whitebox Pen Testing, Blackbox Pen Testing, etc. – to actually build security into critical applications rather than the industry’s over reliance on post-production pen testing to simply identify security vulnerabilities.