Risk
8/12/2010
04:23 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cigital Releases Software Security Training For Developers

SecureAssist plug-in integrates into Eclipse development environment and examines code in real time

DULLES, Va., August 12, 2010—Cigital, Inc., a leading software security consulting firm, announces the public availability of SecureAssist , a real-time software security training service in its WhiteBox line. SecureAssist is a small rule-driven plug-in that integrates into the Eclipse development environment and examines code in real time. As developers are working with the code, SecureAssist can be invoked to look for a wide variety of software security defects, including many of the OWASP Top Ten and related issues. When a potential defect is found, SecureAssist provides to the developer detailed feedback on the issue, remediation strategies, and sources of additional information.

To make SecureAssist as easy to deploy as eLearning, Cigital provides the service through seat-based licensing with an easy-to-use knowledge update feature. This allows Cigital to continuously push new rules and knowledge directly to developers. It also allows firms to easily add in local coding standards and guidance as part on their ongoing software security program.

The SecureAssist service is an annual subscription that provides built-in training material, a growing rule set, and the ability for developers to mark potential issues as false positives. Because the underlying knowledge base is in XML, it also allows for easy customization, including addition of local policies, coding standards, references, pointers to secure-by-design libraries, and even additional eLearning modules.

"SecureAssist pushes software security training and defect prevention even earlier in the software development lifecycle," said Sammy Migues, Principal and Director of Training at Cigital. "This means developers actually learn about the problem and the solution while they are coding, dramatically reducing future defect creation, and reducing other expenses associated with static analysis, dynamic analysis, and pen testing because there are simply fewer defects to remediate."

Cigital is currently taking orders for SecureAssist for Java for the Eclipse development environment. It will begin taking orders for SecureAssist for C# and VB.NET for the Visual Studio environment in October 2010.

For more information and to schedule a demonstration visit http://www.cigital.com/services/training/secureassist/.

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving the way they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information, visit http://www.cigital.com.

Contact: Terri Randolph Cigital 703-404-5757 trandolph@cigital.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Listen Now Incident Response War Gaming: Practicing the Post-Breach Panicking
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?