IBM and Cigital: Changing the game for application security testing

by Cigital on Thursday, April 23, 2015

Web applications account for almost one third of all security vulnerabilities. Yet, many organizations have struggled to devote the necessary time and expert resources to meet compliance requirements and mitigate their security risk. Even among large enterprises that employ dedicated application security pros, ever-changing application portfolios, development cycles and the growing list of emerging threats… Read More

Five Ways to Connect with Cigital at RSA Conference 2015

by Cigital on Thursday, April 16, 2015

We are heading to San Francisco next week for RSA, one of the most dynamic conferences of the year for enterprise and technical information security pros. We’d love to see you there! Here are five ways you can connect with Cigital at RSA, including a sneak peek of what we’ll be sharing. 1. Stop by… Read More

Why A Software Security Group is Needed

by Cigital on Wednesday, April 1, 2015

As software security evolves it becomes more difficult to manage, making a Software Security Group (SSG) a necessity for your organization. Without a core group of individuals fighting to keep the security of the firm strong, it will be nearly impossible to stay safe in today’s environment. In his latest Search Security article, Gary McGraw,… Read More

You Can’t Take a One-Size-Fits-All Approach to Application Security

by Cigital on Tuesday, March 31, 2015

What’s in your security toolbox? If you’ve invested in a tool to assist with your security efforts, you’re not alone. According to a recent survey by 451 Research, tool acquisition is on the rise: Web application scanning (dynamic scanning) – 60% adoption rate Web application firewalls – 38% adoption rate Database security – 36% adoption… Read More

Why Conventional Penetration Testing is Not Enough for E-commerce Applications

by Cigital on Monday, March 30, 2015

Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place? If you are like most E-commerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized… Read More

The Three Laws of Robots.txt

by Cigital on Tuesday, March 24, 2015

Post written by Aladdin Elston, Consultant. A robot may not injure a human being or, through inaction, allow a human being to come to harm In this blog post I will discuss how the robots.txt can be used by attackers to gain a foothold in your environment and how a low risk finding in the… Read More

Malicious Code: The Threat Within Your Own Software Supply Chain

by Cigital on Monday, March 9, 2015

Post written by Brenton Kohler, Senior Consultant. Everyone wants to believe that the code developed within a trusted software supply chain is legitimate. The unfortunate reality is that malicious coders have subtle ways to secretly embed code that exposes your business to risk. Malicious code can be challenging to recognize and can remain undetected within… Read More

Cigital Celebrates International Women’s Day Every Day

by Cigital on Sunday, March 8, 2015

Post co-authored by by Meera Subbarao, Apoorva Phadke, and Ksenia Dmitrieva Every year International Women’s Day is celebrated on March 8th and this year the United Nations theme for 2015 is “Empowering Women: Empowering Humanity”. As professional women we have to ask, “Are we making enough effort to empower women in technology? How about the… Read More

CSI: Cyber Technically Painful

by Cigital on Thursday, March 5, 2015

Post written by Kaue Pena, Consultant. Last night a few brave Cigitalites stepped away from their regularly scheduled lives to join me in watching the new CBS show CSI: Cyber. Even before the start of the show jokes were flying in anticipation of all that could go wrong based on past portrayals of tech on… Read More

Page 1 of 2712345...1020...Last »