Cigital Security Blog

Analysis, news and insights from Cigital’s team of security experts

October 12, 2015

As you probably well know, new technologies are moving at incredible speeds these days. That’s why building secure software should be a top priority in your organization. As more software is created, more vulnerabilities are also created. As these vulnerabilities (a.k.a. the broken stuff) are created, attackers end up Read more

October 9, 2015

The SafetyNet attestation API is a Google Play Services API that any developer can use in order to gain a degree of assurance that the device their application is running on is “CTS compatible.” CTS stands for Compatibility Test Suite, which is a suite of tests a device must Read more

October 7, 2015

You take calculated risks every day. Just this morning, say you decided to walk across the street against the light because no cars were in sight and you had to get to work on time. But had that street been a highway—or if you had been with your child—you Read more

October 5, 2015

The 17th annual AT&T Cybersecurity Conference is taking place in New York City on October 5-6. During the two-day event, a security conversation will be taking place among industry leaders about the past, present and bright future of security. Cigital CTO, Gary McGraw, will take the stage on day Read more

September 30, 2015
Author: Ping Ning

Building security into the software development lifecycle (SDLC) has become a common practice in many organizations. The development of secure software involves many activities throughout the SDLC. Cigital’s software security touchpoints specify seven best practices that can be incorporated as security activities in a secure SDLC. These activities are Read more

September 28, 2015
Author: Neil Bahadur

You can build security into your waterfall software development lifecycle (SDLC) when you have days or weeks to dot your i’s and cross your t’s. Don’t have time for that? Well then, agile is the expeditious methodology when adding security considerations into your SDLC. What do you do when you’re Read more

September 24, 2015
Author: Mike Lyman

“All software projects are guaranteed to have one artifact in common – source code. Because of this guarantee, it make sense to center a software assurance activity around code itself.” -Gary McGraw, Software Security: Building Security In When an author sits down to write today, they have great tools Read more

September 23, 2015

Apple is currently taking measures to eradicate hundreds (potentially thousands) of malicious apps recently discovered in the iOS App Store. It has come to light that hackers distributed a modified version of Apple’s developer toolkit, Xcode, which embedded malware known as XcodeGhost into iOS apps as they were being Read more

September 22, 2015
Author: Kevin Glavin

Agile and application security are often spoken of together as oil and water, but are they really? Development in contemporary agile methodologies happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development lifecycle Read more

September 18, 2015

Caroline Wong, Cigital’s Security Initiative Director, was recently the guest on Jay Schulman’s Building a Life and Career in Security podcast.  Having worked within the security field for the past decade, Caroline has multiple perspectives on life in the security space. With an education in engineering, she entered the Read more

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business.

Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Learn More
Subscribe to our Blog