Risk
8/12/2010
04:23 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Cigital Releases Software Security Training For Developers

SecureAssist plug-in integrates into Eclipse development environment and examines code in real time

DULLES, Va., August 12, 2010—Cigital, Inc., a leading software security consulting firm, announces the public availability of SecureAssist , a real-time software security training service in its WhiteBox line. SecureAssist is a small rule-driven plug-in that integrates into the Eclipse development environment and examines code in real time. As developers are working with the code, SecureAssist can be invoked to look for a wide variety of software security defects, including many of the OWASP Top Ten and related issues. When a potential defect is found, SecureAssist provides to the developer detailed feedback on the issue, remediation strategies, and sources of additional information.

To make SecureAssist as easy to deploy as eLearning, Cigital provides the service through seat-based licensing with an easy-to-use knowledge update feature. This allows Cigital to continuously push new rules and knowledge directly to developers. It also allows firms to easily add in local coding standards and guidance as part on their ongoing software security program.

The SecureAssist service is an annual subscription that provides built-in training material, a growing rule set, and the ability for developers to mark potential issues as false positives. Because the underlying knowledge base is in XML, it also allows for easy customization, including addition of local policies, coding standards, references, pointers to secure-by-design libraries, and even additional eLearning modules.

"SecureAssist pushes software security training and defect prevention even earlier in the software development lifecycle," said Sammy Migues, Principal and Director of Training at Cigital. "This means developers actually learn about the problem and the solution while they are coding, dramatically reducing future defect creation, and reducing other expenses associated with static analysis, dynamic analysis, and pen testing because there are simply fewer defects to remediate."

Cigital is currently taking orders for SecureAssist for Java for the Eclipse development environment. It will begin taking orders for SecureAssist for C# and VB.NET for the Visual Studio environment in October 2010.

For more information and to schedule a demonstration visit http://www.cigital.com/services/training/secureassist/.

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving the way they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information, visit http://www.cigital.com.

Contact: Terri Randolph Cigital 703-404-5757 trandolph@cigital.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.