Resources
Input Validation and Data Dictionaries
Our internal discussion board brought up the topic of input validation last week. The discussion was around the regex for validating an email address. The message was that what seems like a very sim...
Publications and Presentations
The resources gathered here are designed to provide additional technical and/or background information on Cigital's approach to protecting companies from the severe business risks of failed or flawed software.
Books: Cigital's experts have authored numerous books on cutting-edge software reliability, security and quality techniques.
Presentations and Videos: Our experts are highly sought-after conference speakers.
Publications: Hundreds of published trade and technical papers about software security, reliabilty and quality.
Software Security Articles by Cigital Experts: Software security-themed articles previously published in IEEE Security & Privacy and Network Magazine.
White Papers: Cigital experts discuss the importance of protecting your business from the severe consequences of software failure.
Gaming Industry
Cigital has been leading the charge since 1992 in software security and quality and along the way we have developed a set of core offerings to bring that expertise to the online gaming marketing.
See here for additional information on our services:
- Internet Gaming (PDF)
- RNG Assessments (PDF)
- The SafeBet Certification (PDF)
More Resources
What Fuzzing Can Do For Product Security webinar: View the March 31, 2009 webinar featuring Sammy Migues, Principal. Available for a limited time.
Cigital Java Security Rulepack: Cigital developed a set of Java custom rules for the Fortify Source Code Analyzer(version 4.5 or later) to help automate source code review. This rule pack aims to extend the existing set of supported Java rules by Fortify. It builds upon Fortify's default set of rules by checking for additional security vulnerabilities.
Build Security In Maturity Model (BSIMM): The Building Security In Maturity Model (BSIMM) is the first objective yardstick for software security. As such, the BSIMM can provide empirical evidence for where your software security initiative sits relative to organizations like yours. The BSIMM is also useful in planning the evolution of your software security initiative by clearly describing what activities real organizations like yours carry out.
Virtual Forge's Security Lessons (mirror):
Example 1: Car Auction, Example 2: Online Application, Cross Site Request Forgery, Forceful Browsing
