Cigital - A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network
"Microsoft is excited to have Cigital involved as a partner in the SDL Pro Network. Cigital will help us deliver the secure development processes and training concepts found within the SDL to the software development community."
- David Ladd, principal security program manager, Microsoft's Trustworthy Computing Group
For more information on the Microsoft SDL Pro Network visit: http://msdn.microsoft.com/en-us/security/dd219581.aspx.
Contact Us
Cigital can customize a program to meet your specific SDL needs, call us at 800-824-0022 or e-mail us to discuss a tailored solution.
The SDL Pro Network is part of Microsoft's commitment to enable organizations outside of Microsoft to develop more secure applications through SDL technologies, prescriptive guidance and industry partnerships. The Network itself is a group of security consultants and trainers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL) created by Microsoft and proven effective since 2004.
Why Cigital
At Cigital we are proud of our extensive experience running a significant number of large-scale enterprise software security initiatives spanning customers in financial services, independent software vendors, gaming, retail and embedded systems. Established in 1992, we have trained several thousand developers, architects and executives on the fundamentals of software security. We have rolled out tools and best practices for many of our best customers. Cigital experts are thought leaders in the industry and have written more than a dozen books and hundreds of peer-reviewed articles on software reliability, security and performance - We have helped to grow the software security market from its genesis.
Cigital IS the largest and most experienced software security services provider in the world and as a member of the SDL Pro Network, Cigital will be able to bring its extensive experience in delivering software security initiatives.
Cigital's SDL service offerings include:
You can find a complete list of Cigital's offerings by visiting the Services section of our website.
Training (SDL Stage 0)
Cigital can recommend the appropriate training for developers, testers and program/project management roles within your organization. SDL Specific courses include:
- Introduction to the Microsoft Security Development Lifecycle
- Introduction to Threat Modeling
- Basics of Secure Design, Development and Test
- Privacy in Development
A complete list of Cigital's course offerings to round out your security practices can be found online.
Requirements (SDL Stages 1 and 2)
- Security Requirements
Cigital can assist your organization in identifying and enumerating security and privacy functionality for a given software project - Design Requirements
Cigital we can validate your technical design specifications and ensure they are appropriate relative to your security requirements for a given software project - Quality Gates
Cigital can assist you in the creation of appropriate security and privacy quality measures ("bug bars")
Design (SDL Stages 3 and 4)
- Threat Modeling
Cigital can help create new threat models or validate your existing threat models for correctness based on your design - Attack Surface Reduction
Cigital can recommend the appropriate actions to undertake on your design to help reduce attack surfaces
Implementation (SDL Stages 5 and 6)
- Security Tools
Cigital can assist you in making the right choice when it comes to commercially available or open source security tools to assist your organization. - Banned Functions
Cigital can clarify the rationale for the deprecation of unsafe functions and help identify and recommend alternatives for these unsafe functions - Static Analysis
Cigital can bring best of breed products in-house or as a service to perform code scans, results analysis, prioritization and develop a mitigation strategy for you. For those looking to implement a tool within your organization we can develop a deployment strategy, tune the configuration and train your people on how to use it effectively to get maximum ROI.
Verification (SDL Stages 7 and 8)
- Dynamic Analysis
Cigital can assist you with identifying the appropriate dynamic testing tools and perform an evaluation, triage the output, explain the results and develop a mitigation strategy for a given software program - Fuzzing
Cigital can assist you with identifying the appropriate fuzz test tools and perform an evaluation, triage the output, explain the results and develop a mitigation strategy for a given software program - Code Review
Cigital can dig deeper into your code beyond the reach of any tool to perform and in-depth analysis of the security posture of your application providing you with a clear prioritization of vulnerabilities and a mitigation strategy to go along with it.
Release (SDL Stages 9, 10, 11 and 12)
- Incedent Response Planning
Cigital can help create an incident response plan that outlines 24x7 contact information for engineering, marketing and management for your mission critical systems - Final Security Review
Cigital can help in the creation and conducting of a Final Security Review for a given software project to include: - Review of all threat models
- Validation of security tool results
- Review of all outstanding/deferred security bugs
- Review of all exception requests as part of your security program
You can find a complete list of Cigital's offerings by visiting the Services section of our website.
Cigital can customize a program to meet your specific SDL needs, call us at 800-824-0022 or e-mail us to discuss a tailored solution.