Cigital Security Blog

Analysis, news and insights from Cigital’s team of security experts

July 29, 2015

If you’re attempting to create and maintain secure software and you’re operating without a clear governance structure, here are five reasons you should reconsider. Read more

July 28, 2015
Author: Carter Jones

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining Read more

July 23, 2015

Putting together a game changing Red Team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an Read more

July 20, 2015
Author: Jim Hartnett

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding Read more

July 16, 2015
Categories: Software Security

Content Security Policy (CSP) is the newest technology for preventing cross-site scripting. Cross-site scripting has been a leading web application vulnerability for years, consistently found in many corporate applications, regardless of traditional defense techniques, such as input validation and output encoding. CSP presents a new approach to secure the Read more

July 14, 2015
Author: Jim Ivers
Tags:

When selecting an application security testing vendor, customers will often use the industry analysts to provide guidance. However, if you view the latest research on application security testing tools from Gartner and Forrester, Cigital does not appear on either report. The reason for Cigital’s absence is easily explained. Both Read more

July 8, 2015
Author: Jim Ivers
Tags:

Firms often debate on whether it’s better to do dynamic testing in-house or to outsource the work. Only you can decide what’s best for your organization, but we’ve listed four benefits to working with a managed services partner like Cigital before you consider before making your decision. On-demand testing. Read more

July 1, 2015
Author: Jim Ivers

The Samsung Smartphone Swiftkey security slipup grabbed headlines in mid-June when it was discovered that 600 million Samsung Smartphones were vulnerable to remote code execution (RCE) attacks. Cigital’s security experts were all over the issue, providing analysis of the problem and guidance to help organizations avoid the same common Read more

June 19, 2015
Categories: Blog, Mobile Security
Tags:

This week was particularly newsworthy regarding mobile security. Three different cloud storage vulnerabilities were announced affecting users and platforms in various ways. We had the Samsung+Swift keyboard that was not a single problem but a chain of failures. We also heard from researchers from Indiana University, Peking University and Read more

June 18, 2015

As the builders of applications, developers are the frontline defense against security threats.   Unfortunately, most don’t have the training to make sure the code they create is secure. As a result, their work may be riddled with vulnerabilities that open the door for hackers to access sensitive data and Read more

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business.

Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Learn More
Subscribe to our Blog
2015 (53)
2014 (44)
2013 (8)
2012 (3)
2011 (8)
2010 (2)
2009 (3)
2008 (3)
2007 (8)
Categories