Software Integrity

Archive for the 'Penetration Testing' Category

 

Is conventional penetration testing enough to secure eCommerce applications?

Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place? If you are like most eCommerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized […]

Continue Reading...

Posted in Penetration Testing, Threat Modeling, Vulnerability Assessment | Comments Off on Is conventional penetration testing enough to secure eCommerce applications?

 

Are you red team secure?

Data breaches can result in severe damages to an organization’s brand, financial standing, or customer trust. Many of these, including recent breaches in the news, are not the result of a single, easy to find weakness that just happened to be overlooked or the common “low hanging fruit” that is adequately detected by automated scanners […]

Continue Reading...

Posted in Penetration Testing, Red Teaming, Threat Modeling | Comments Off on Are you red team secure?

 

Is it time for Enterprise IT to declare defeat in the cyber security war?

How can business leaders guarantee that they won’t be the next headline security breach? How should companies even start to address software security? Watch the HP Discover Performance Weekly video featuring Cigital CTO, Dr. Gary McGraw, to find out.






Continue Reading...

Posted in Code Review, Financial Services Security, Penetration Testing, Software Security Testing | Comments Off on Is it time for Enterprise IT to declare defeat in the cyber security war?

 

The 10 commandments for software security

You all know by now that the BSIMM is a descriptive model and not a prescriptive one.  We’re happy to give prescriptive advice about software security based on our experience as well.  It’s what we do for a living.  In fact, every prescriptive model (think the Touchpoints) needs to be measured with a measuring stick […]

Continue Reading...

Posted in Maturity Model (BSIMM), Penetration Testing, Software Security Testing | Comments Off on The 10 commandments for software security

 

Is pen testing security testing?

Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage). These tools are degenerate, at best, in facilitating a security testing strategy. Why? Because, these tools are “black box” tools. What are […]

Continue Reading...

Posted in Application Security, Penetration Testing | Comments Off on Is pen testing security testing?