Why You Fix Logjam Later

by Cigital on Thursday, May 21, 2015

Post written by Paco Hope, Principal Consultant & John Kazyrakis, Senior Consultant The Internet is buzzing with talk of “Logjam”, a vulnerability in Diffie-Helman key exchange that allows us to downgrade the cryptography on a connection to something practical to decrypt. An attack leveraging Logjam would be able to see in the clear all the… Read More

IEEE Helps Against Software Development Design Flaws

by Cigital on Monday, May 18, 2015

One of the main focuses of the Software Security industry is ensuring that all code is clear of bugs. But this is only a half of the problem. The other half is the design flaws in the applications coding, which can be avoided in the earlier stages. Examples of this include forgetting to authenticate the… Read More

Reflections from RSA 2015

by Cigital on Tuesday, May 12, 2015

Post written by Jim Ivers, VP of Marketing The 2015 RSA Conference was held April 19-24 at the Moscone Center in San Francisco. I’ve been attending RSA Conferences since 2005, as an attendee and an exhibitor. Here are some reflections on what I saw and heard at the show this year. Sea of People! RSA… Read More

Building Meaningful Security Metrics

by Cigital on Monday, May 11, 2015

Post written by Sammy Migues, Principal, Technology Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what… Read More

Your Front Door is Locked, but is Your Basement Window?

by Cigital on Tuesday, May 5, 2015

For the average home, the front door is likely the most heavily fortified entry point and, therefore, the hardest to compromise. Similarly, it is a natural inclination to rank applications by perceived risk and then concentrate application security testing on those applications with the highest risk. However, the days when an organization only tests its… Read More

Medical App Users: How Safe Is Your Personal Information?

by Cigital on Tuesday, May 5, 2015

Post written by Dan Lyon, Senior Consultant. I recently attended the MobCon Digital Health conference in downtown Minneapolis, which highlighted the healthcare hot topic: mobile digital health . The sessions I attended ranged from FDA representative Bakul Patel’s on FDA’s classification of mobile apps to PhysIQ and the Mayo Clinic’s combined talk about remote care… Read More

12 Questions to Ask Your Application Testing Provider

by Cigital on Thursday, April 30, 2015

Security is no longer a “nice to have” feature in your software. In a world of emerging threats and increasing compliance requirements, your customers and employees expect that you have done the work to uncover and address security issues. Your security testing strategy is fundamental to how you do business. But, not all security testing… Read More

IBM and Cigital: Changing the game for application security testing

by Cigital on Thursday, April 23, 2015

Web applications account for almost one third of all security vulnerabilities. Yet, many organizations have struggled to devote the necessary time and expert resources to meet compliance requirements and mitigate their security risk. Even among large enterprises that employ dedicated application security pros, ever-changing application portfolios, development cycles and the growing list of emerging threats… Read More

Five Ways to Connect with Cigital at RSA Conference 2015

by Cigital on Thursday, April 16, 2015

We are heading to San Francisco next week for RSA, one of the most dynamic conferences of the year for enterprise and technical information security pros. We’d love to see you there! Here are five ways you can connect with Cigital at RSA, including a sneak peek of what we’ll be sharing. 1. Stop by… Read More

Page 1 of 2812345...1020...Last »