Software Security
Improving Software Security from the Ground Up and from the Top Down
Cigital's Software Security Program maintains an extensive suite of services delivering solutions that:
- Build Security In
- Improving software application security from development to deployment by integrating security development and assurance best practices "touch points" and repeatable metric driven processes into the software development lifecycle (SDLC).
- Delivering assurance and development services to meet software development and integration security requirements, standards and procedures, including a full lifecycle security development and audit of your software.
- Deliver Enterprise Application Security
- Improving security controls, governance and compliance requirements across the enterprise by implementing an application-centric security risk mitigation plan, impacting all levels of the organization.
- Delivering assurance and development services to enforce application security across the enterprise, with a full lifecycle security development and audit of your enterprise architecture and application integration.
Solutions that Enforce Security across the Application Lifecycle
- Cigital's Build Security In Delivery Solutions:
- Use and Abuse Case Analysis
- Security Requirements Management
- Architectural and Design Risk Management
- Secure Code Review with Automated Tools
- Full Lifecycle Testing
- Penetration Testing and Ops Analysis
- Incident Response
- "Holistic" Assessment of the SDLC
- Tool Assessment and Analysis
- Cigital's Build Security In Improvement Solutions:
- SDLC Process Improvement
- Software Measurement and Metrics
- Standards, Benchmarking and Compliance
- Security Knowledge Repository
- Security Training and Awareness
- Cigital Enterprise Application Security Delivery Solutions:
- Enterprise Security Framework
- Security Plan Strategy and Roadmap
- Governance Framework
- Legacy System and COTS Integration
- Application/Technology Evaluation and Integration
- Cigital Enterprise Application Security Improvement Solutions:
- Change Management
- Governance and Policy Enforcement
- Outsource Management and Controls
- Partner and Vendor Collaboration and Compliance
- Security Trading and Awareness
Exceeding Software Application Security Requirements
- Successfully build security in within SDLC.
- Cost effectively assure that existing and delivered software meets security requirements, standards and procedures.
- Apply best practices that detect, analyze, classify and correct security threats within software before and after software is delivered.
- Improve time to release and delivery of projects under budget while meeting security objectives.
- Successfully improve organizational productivity while ensuring the repeated delivery of secure software.
- Empower businesses to apply application security expertise to software acquisition, development (build or buy) and maintenance activities, meeting compliance and policy requirements.
- Define or iterate the organization's strategic security vision, creating a roadmap for the adoption of best practices.
- Understand the gap present between current organizational practice and the companies internal policies and standards, partner needs, and compliance requirements.
- Successfully attain IT governance and compliance requirements.
- Positively promote and train secure application development and delivery.
- Successfully deliver enterprise-wide application security.
