Cigital is the global leader in helping organisations design, build and maintain secure software.
Simply breaking software applications via penetration testing, vulnerability scans, or other methods is a deeply flawed approach to making things secure. Companies have been doing this for years and still systems get compromised on a daily basis. The ‘break-only’ approach just doesn’t work. Businesses must start engineering security into their software development processes; ‘building security in’ is a Cigital mantra.
The Cigital approach advocates engineering security throughout the Software Development Lifecycle – from Architecture Risk Analysis and Threat Modelling to Code Review and Whitebox/Blackbox Pen Testing – and actually building security into critical applications rather than the widespread (and proven to be insufficient) dependency on post-production pen testing to simply identify security vulnerabilities.