Code Review

Reveal Flaws In Your Application With Code Review

According to Gartner, 90 percent of all security vulnerabilities exist within the application layer. Malicious intruders look to exploit software flaws and defects in order to gain control of company computers that can access confidential information like Social Security numbers, banking information, or personal medical data.

As software becomes more complex and the likelihood of attacks increases, organizations need to take software security more seriously. With data from BSIMM-V showing the average software security initiative only has one software security group member for every 71 developers (based on study sample size), it is imperative for organizations to incorporate software security activities throughout the SDLC.

Whether you are developing software internally or procuring it from a third party, your company needs to test application code for flaws or threats which could expose your business to unnecessary risks. Cigital offers three code review services that help you build security in to your organization.

Secure Code Review (Static Analysis)
We test your applications from the inside out by examining your source code (without the code ever leaving your environment) using a combination of commercial tools like Cigital SecureAssist, Fortify, IBM AppScan, and Klocwork and manual code review to identify application vulnerabilities and weaknesses. Learn More

Static Analysis Tool Deployment
Having invented the first commercially available static analysis tool, Cigital software security experts have considerable insight into how static analysis tools work and how they can be optimized to discover more vulnerabilities, generate fewer false positives, and drive usage and adoption across the organization. Learn More

Malicious Code Detection
Cigital Malicious Code Detection augments network-based tools to uncover suspicious constructs in production binaries, configuration, and data before malware can use the network to trigger an attack or exfiltrate data. Learn More

Enterprise Security Portal
The Cigital Enterprise Security Portal (ESP) is a framework that simplifies automated application analysis with HP Fortify. It tracks and manages the data submission process, checking for omissions to ensure that analysis yields complete and accurate results. ESP can be delivered as part of a complete Cigital Code Review Service to ensure complete security testing coverage with an exceptionally high degree of accuracy. Learn More