Risk
8/12/2010
04:23 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cigital Releases Software Security Training For Developers

SecureAssist plug-in integrates into Eclipse development environment and examines code in real time

DULLES, Va., August 12, 2010—Cigital, Inc., a leading software security consulting firm, announces the public availability of SecureAssist , a real-time software security training service in its WhiteBox line. SecureAssist is a small rule-driven plug-in that integrates into the Eclipse development environment and examines code in real time. As developers are working with the code, SecureAssist can be invoked to look for a wide variety of software security defects, including many of the OWASP Top Ten and related issues. When a potential defect is found, SecureAssist provides to the developer detailed feedback on the issue, remediation strategies, and sources of additional information.

To make SecureAssist as easy to deploy as eLearning, Cigital provides the service through seat-based licensing with an easy-to-use knowledge update feature. This allows Cigital to continuously push new rules and knowledge directly to developers. It also allows firms to easily add in local coding standards and guidance as part on their ongoing software security program.

The SecureAssist service is an annual subscription that provides built-in training material, a growing rule set, and the ability for developers to mark potential issues as false positives. Because the underlying knowledge base is in XML, it also allows for easy customization, including addition of local policies, coding standards, references, pointers to secure-by-design libraries, and even additional eLearning modules.

"SecureAssist pushes software security training and defect prevention even earlier in the software development lifecycle," said Sammy Migues, Principal and Director of Training at Cigital. "This means developers actually learn about the problem and the solution while they are coding, dramatically reducing future defect creation, and reducing other expenses associated with static analysis, dynamic analysis, and pen testing because there are simply fewer defects to remediate."

Cigital is currently taking orders for SecureAssist for Java for the Eclipse development environment. It will begin taking orders for SecureAssist for C# and VB.NET for the Visual Studio environment in October 2010.

For more information and to schedule a demonstration visit http://www.cigital.com/services/training/secureassist/.

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving the way they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information, visit http://www.cigital.com.

Contact: Terri Randolph Cigital 703-404-5757 trandolph@cigital.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

CVE-2014-3024
Published: 2014-08-29
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitr...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.