The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]
Agile and application security are often spoken of together as oil and water, but are they really? Agile software development happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development life cycle (SDLC). This iterative approach enables teams to […]
Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place? If you are like most eCommerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized […]
Data breaches can result in severe damages to an organization’s brand, financial standing, or customer trust. Many of these, including recent breaches in the news, are not the result of a single, easy to find weakness that just happened to be overlooked or the common “low hanging fruit” that is adequately detected by automated scanners […]
How can business leaders guarantee that they won’t be the next headline security breach? How should companies even start to address software security? Watch the HP Discover Performance Weekly video featuring Cigital CTO, Dr. Gary McGraw, to find out.
You all know by now that the BSIMM is a descriptive model and not a prescriptive one. We’re happy to give prescriptive advice about software security based on our experience as well. It’s what we do for a living. In fact, every prescriptive model (think the Touchpoints) needs to be measured with a measuring stick […]
Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage). These tools are degenerate, at best, in facilitating a security testing strategy. Why? Because, these tools are “black box” tools. What are […]