Cigital Security Blog

Analysis, news and insights from Cigital’s team of security experts

September 30, 2015
Author: Ping Ning

Building security into the software development lifecycle (SDLC) has become a common practice in many organizations. The development of secure software involves many activities throughout the SDLC. Cigital’s software security touchpoints specify seven best practices that can be incorporated as security activities in a secure SDLC. These activities are Read more

September 28, 2015
Author: Neil Bahadur

You can build security into your waterfall software development lifecycle (SDLC) when you have days or weeks to dot your i’s and cross your t’s. Don’t have time for that? Well then, agile is the expeditious methodology when adding security considerations into your SDLC. What do you do when you’re Read more

September 24, 2015
Author: Mike Lyman

“All software projects are guaranteed to have one artifact in common – source code. Because of this guarantee, it make sense to center a software assurance activity around code itself.” -Gary McGraw, Software Security: Building Security In When an author sits down to write today, they have great tools Read more

September 23, 2015

Apple is currently taking measures to eradicate hundreds (potentially thousands) of malicious apps recently discovered in the iOS App Store. It has come to light that hackers distributed a modified version of Apple’s developer toolkit, Xcode, which embedded malware known as XcodeGhost into iOS apps as they were being Read more

September 22, 2015
Author: Kevin Glavin

Agile and application security are often spoken of together as oil and water, but are they really? Development in contemporary agile methodologies happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development lifecycle Read more

September 18, 2015

Caroline Wong, Cigital’s Security Initiative Director, was recently the guest on Jay Schulman’s Building a Life and Career in Security podcast.  Having worked within the security field for the past decade, Caroline has multiple perspectives on life in the security space. With an education in engineering, she entered the Read more

September 17, 2015

The approach needed for scaling a software security initiative (SSI) varies from industry to industry and from business to business, right? That’s one of the questions explored by the Building Security In Maturity Model (BSIMM). But, why now? Computers and software have been around for decades. Why have software Read more

September 16, 2015
Author: Gary McGraw

The facts The U.S. Circuit Court of Appeals recently ruled that the Federal Trade Commission (FTC) has the authority to regulate aspects of corporate cyber security and may penalize those who fail to properly safeguard customer information.  Some background is in order. For a number of years, the FTC Read more

September 16, 2015
Author: Jim Ivers

Benjamin Franklin once said there were only two things certain in life: death and taxes—unless you’re responsible for information security, of course. In that case, you can add a third, technical debt. However, instead of discussing the general concept of technical debt, let’s talk about: The three areas you Read more

September 15, 2015
Author: Jim Ivers

In a July blog post we addressed why Cigital has not appeared in the Gartner and Forrester reports for application security testing tools.  Since that post, Gartner released a new Magic Quadrant for Application Security Testing (AST) and, for the very first time, companies like Cigital, who leverage IP Read more

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business.

Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Learn More
Subscribe to our Blog
2015 (71)
2014 (44)
2013 (8)
2012 (3)
2011 (8)
2010 (2)
2009 (3)
2008 (3)
2007 (8)
2004 (2)