Risk
8/12/2010
04:23 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cigital Releases Software Security Training For Developers

SecureAssist plug-in integrates into Eclipse development environment and examines code in real time

DULLES, Va., August 12, 2010—Cigital, Inc., a leading software security consulting firm, announces the public availability of SecureAssist , a real-time software security training service in its WhiteBox line. SecureAssist is a small rule-driven plug-in that integrates into the Eclipse development environment and examines code in real time. As developers are working with the code, SecureAssist can be invoked to look for a wide variety of software security defects, including many of the OWASP Top Ten and related issues. When a potential defect is found, SecureAssist provides to the developer detailed feedback on the issue, remediation strategies, and sources of additional information.

To make SecureAssist as easy to deploy as eLearning, Cigital provides the service through seat-based licensing with an easy-to-use knowledge update feature. This allows Cigital to continuously push new rules and knowledge directly to developers. It also allows firms to easily add in local coding standards and guidance as part on their ongoing software security program.

The SecureAssist service is an annual subscription that provides built-in training material, a growing rule set, and the ability for developers to mark potential issues as false positives. Because the underlying knowledge base is in XML, it also allows for easy customization, including addition of local policies, coding standards, references, pointers to secure-by-design libraries, and even additional eLearning modules.

"SecureAssist pushes software security training and defect prevention even earlier in the software development lifecycle," said Sammy Migues, Principal and Director of Training at Cigital. "This means developers actually learn about the problem and the solution while they are coding, dramatically reducing future defect creation, and reducing other expenses associated with static analysis, dynamic analysis, and pen testing because there are simply fewer defects to remediate."

Cigital is currently taking orders for SecureAssist for Java for the Eclipse development environment. It will begin taking orders for SecureAssist for C# and VB.NET for the Visual Studio environment in October 2010.

For more information and to schedule a demonstration visit http://www.cigital.com/services/training/secureassist/.

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving the way they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information, visit http://www.cigital.com.

Contact: Terri Randolph Cigital 703-404-5757 trandolph@cigital.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?