The Three Laws of Robots.txt

by Cigital on Tuesday, March 24, 2015

Post written by Aladdin Elston, Consultant. A robot may not injure a human being or, through inaction, allow a human being to come to harm In this blog post I will discuss how the robots.txt can be used by attackers to gain a foothold in your environment and how a low risk finding in the… Read More

Malicious Code: The Threat Within Your Own Software Supply Chain

by Cigital on Monday, March 9, 2015

Post written by Brenton Kohler, Senior Consultant. Everyone wants to believe that the code developed within a trusted software supply chain is legitimate. The unfortunate reality is that malicious coders have subtle ways to secretly embed code that exposes your business to risk. Malicious code can be challenging to recognize and can remain undetected within… Read More

Cigital Celebrates International Women’s Day Every Day

by Cigital on Sunday, March 8, 2015

Post co-authored by by Meera Subbarao, Apoorva Phadke, and Ksenia Dmitrieva Every year International Women’s Day is celebrated on March 8th and this year the United Nations theme for 2015 is “Empowering Women: Empowering Humanity”. As professional women we have to ask, “Are we making enough effort to empower women in technology? How about the… Read More

CSI: Cyber Technically Painful

by Cigital on Thursday, March 5, 2015

Post written by Kaue Pena, Consultant. Last night a few brave Cigitalites stepped away from their regularly scheduled lives to join me in watching the new CBS show CSI: Cyber. Even before the start of the show jokes were flying in anticipation of all that could go wrong based on past portrayals of tech on… Read More

Software Security Sees a Ghost

by Cigital on Thursday, February 26, 2015

In early February, the software security industry saw a ghost. A previously overlooked flaw in Linux’s GNU C Library (glibc) was uncovered as a critical vulnerability that can be triggered by the “GetHOST” function (hence, the name “Ghost”). While this Ghost vulnerability is no otherworldly apparition, it still strikes fear in the hearts of organizations… Read More

5 Tips to Break through the Information Security Bubble

by Cigital on Thursday, February 19, 2015

Post written by Caroline Wong, CISSP Security Initiative Director. Step 1: Become your own champion If you have access to a local technology or engineering association at your school or in your community get involved. Many state and private universities offer online courses geared towards these fields, and some even provide more technical tracks for… Read More

MEMSCAN Defined

by Cigital on Wednesday, February 18, 2015

What is MEMSCAN A Cigital consultant – Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to… Read More

Breach in Heathcare Data: One Step Too Far

by Cigital on Wednesday, February 11, 2015

Post written by Jim Ivers, Vice President. I am a victim. One of every nine of you is also a victim. I am an Anthem customer, and according to CSO: “one in nine Americans have medical coverage through one of Anthem’s affiliated plans” (CSO, “Anthem: How does a breach like this happen?”, Steve Ragan). It… Read More

Striking the Balance: App Security Features and Usability

by Cigital on Monday, February 9, 2015

Post written by Zack Allen, Consultant Last week, I installed a new app from the Google Play store onto an Android device. While the app was downloading and installing, I took a look at a few of the user reviews and found their contents interesting. Four of the top ten comments were both negative and… Read More

Page 1 of 2612345...1020...Last »