Risk
8/12/2010
04:23 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cigital Releases Software Security Training For Developers

SecureAssist plug-in integrates into Eclipse development environment and examines code in real time

DULLES, Va., August 12, 2010—Cigital, Inc., a leading software security consulting firm, announces the public availability of SecureAssist , a real-time software security training service in its WhiteBox line. SecureAssist is a small rule-driven plug-in that integrates into the Eclipse development environment and examines code in real time. As developers are working with the code, SecureAssist can be invoked to look for a wide variety of software security defects, including many of the OWASP Top Ten and related issues. When a potential defect is found, SecureAssist provides to the developer detailed feedback on the issue, remediation strategies, and sources of additional information.

To make SecureAssist as easy to deploy as eLearning, Cigital provides the service through seat-based licensing with an easy-to-use knowledge update feature. This allows Cigital to continuously push new rules and knowledge directly to developers. It also allows firms to easily add in local coding standards and guidance as part on their ongoing software security program.

The SecureAssist service is an annual subscription that provides built-in training material, a growing rule set, and the ability for developers to mark potential issues as false positives. Because the underlying knowledge base is in XML, it also allows for easy customization, including addition of local policies, coding standards, references, pointers to secure-by-design libraries, and even additional eLearning modules.

"SecureAssist pushes software security training and defect prevention even earlier in the software development lifecycle," said Sammy Migues, Principal and Director of Training at Cigital. "This means developers actually learn about the problem and the solution while they are coding, dramatically reducing future defect creation, and reducing other expenses associated with static analysis, dynamic analysis, and pen testing because there are simply fewer defects to remediate."

Cigital is currently taking orders for SecureAssist for Java for the Eclipse development environment. It will begin taking orders for SecureAssist for C# and VB.NET for the Visual Studio environment in October 2010.

For more information and to schedule a demonstration visit http://www.cigital.com/services/training/secureassist/.

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving the way they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information, visit http://www.cigital.com.

Contact: Terri Randolph Cigital 703-404-5757 trandolph@cigital.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.