Download Free Hacking & Security White Papers, Articles by cigital

White Papers

Software Assurance: Agile Testing (March 2008)

Agile testing enables clients to achieve improved coordination of their test resources with the agile development team by allowing automated tests to be developed in tandem with code development on the same set of requirements. The methodology employed eschews the concept of building automated tests after code has been released, unit tested, and manually tested. Instead, the test team creates automated tests in parallel with the code development team for the same set of requirements.

Software Assurance: Test Automation (March 2008)

Test automation enables clients to achieve improved productivity of their test resources, and to reduce the length of regression testing cycles while increasing test coverage. It complements and vastly improves the efficacy of existing manual testing and integrates with the overall testing effort. Instead of executing basic system tests time and time again, test resources can instead concentrate on: test case design, execution of test cases via the use of automated tests, as well as execution of remaining manual tests. These are tasks that best utilize a tester’s domain expertise and knowledge of test methodologies and practices. The Cigital offering for Test Automation covers all levels of test at the various phases of the SDLC, from unit level to sub-system and system level.

Training: the secret to ongoing compliance (July 2007)

Hundreds of thousands of companies around the world have collectively spent billions of dollars in response to the security- and privacy-related compliance mandates of the past 10 years. They have all increased staffing, upgraded physical security, deployed technology point solutions, rolled out new processes and digested hundreds of vulnerability and application scanner reports. So, why are data breaches and other security failures still a common occurrence?

How Now Software Security? (June 2006), by Gary McGraw, Ph.D.

Today, everyone seems to agree that we need to do something to address the security problem at the software level, and a number of companies are even starting to do something about it. It's still early days for software security, though, and it's a very good time to assess the state of the problem, how far we've come to address it, and how far we have to go. In general, we are very optimistic about the state the industry is in, especially considering the progress that leading software producers are making.

Software Security (June 2004), by Gary McGraw, Ph.D.

Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. This paper aims to provide that help by exploring software security best practices.

And Many More.............................

CLICK HERE TO DOWNLOAD

Security Articles

• You Really Need a Software Security Group (December 21, 2009)
• BSIMM Europe (November 10, 2009)
• Startup Lessons (October 22, 2009)
• BSIMM Begin (September 24, 2009)
• Attack Categories and History Prediction (August 25, 2009)
• Moving U.S. Cybersecurity Beyond Cyberplatitudes (July 16, 2009)
• Measuring Software Security (June 18, 2009)
• Twitter Security (May 15, 2009)
• Software Security Comes of Age (April 16, 2009)
• The Building Security In Maturity Model (BSIMM) (March 16, 2009)
• Nine Things Everybody Does: Software Security Activities from the BSIMM (February 9, 2009)
• Top 11 Reasons Why Top 10 (or Top 25) Lists Don't Work (January 13, 2009)
• Software Security Top 10 Surprises (December 15, 2008)
• Web Applications and Software Security (November 14, 2008)
• A Software Security Framework: Working Towards a Realistic Maturity Model (October 15, 2008)
• Getting Past the Bug Parade (September 17, 2008)
• Software Security Demand Rising (August 11, 2008)
• Application Assessment as a Factory (July 17, 2008)
• DMCA Rent-a-cops Accept Fake IDs (June 12, 2008)
• Securing Web 3.0 (May 15, 2008)
• Paying for Secure Software (April 7, 2008)

AND MANY MORE........................

CLICK HERE TO DOWNLOAD