Cigital Security Blog

Analysis, news and insights from Cigital’s team of security experts

August 31, 2015

I was a software developer for over 20 years before I switched to the application/software security field. Being a part of several software engineering teams in my early career, and later becoming a security analyst, has put me in a unique position to understand these two worlds. Although I Read more

August 24, 2015
Categories: Software Security

Dynamic language and associated development and operations (DevOps) methodologies change and evolve constantly. Due to these intentionally ever-changing dynamic aspects of software, security measures must also be in a constant state of progression. The old-school software security approach relied on searching for defects at the very end of the Read more

August 14, 2015
Author: Paco Hope

Underlying Mary Ann Davidson’s incendiary blog post about reverse engineering and much of the debate about security vulnerabilities and bug bounties is the classic duality between the Cathedral and the Bazaar In 1997, Eric Raymond published a now-famous essay entitled “The Cathedral and the Bazaar,” which was exploring two Read more

August 6, 2015
Tags: ,

You know how AppScan Standard and other dynamic testing tools report a finding when an HTTPS page accesses some HTTP resources? How do you fix this issue effectively? Perhaps, the owners of those resources already did all the server-side legwork: obtaining a certificate, configuring the server and setting up Read more

August 4, 2015

What is Touch ID? Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). As of iOS version 8.0, Apple opened up Touch ID to developers by making APIs available for use in the SDK. Read more

July 29, 2015

If you’re attempting to create and maintain secure software and you’re operating without a clear governance structure, here are five reasons you should reconsider. Read more

July 28, 2015
Author: Carter Jones

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining Read more

July 23, 2015

Putting together a game changing Red Team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an Read more

July 20, 2015
Author: Jim Hartnett

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding Read more

July 16, 2015
Categories: Software Security

Content Security Policy (CSP) is the newest technology for preventing cross-site scripting. Cross-site scripting has been a leading web application vulnerability for years, consistently found in many corporate applications, regardless of traditional defense techniques, such as input validation and output encoding. CSP presents a new approach to secure the Read more

July 14, 2015
Author: Jim Ivers
Tags:

When selecting an application security testing vendor, customers will often use the industry analysts to provide guidance. However, if you view the latest research on application security testing tools from Gartner and Forrester, Cigital does not appear on either report. The reason for Cigital’s absence is easily explained. Both Read more

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business.

Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Learn More
Subscribe to our Blog
2015 (58)
2014 (44)
2013 (8)
2012 (3)
2011 (8)
2010 (2)
2009 (3)
2008 (3)
2007 (8)
2004 (2)
Categories