SOURCE: Cigital, Inc.

Cigital, Inc.

September 18, 2013 09:00 ET

Cigital Introduces Cloud Services Offering for Static and Dynamic Application Security Testing

Service Analyzes Business-Critical Security Vulnerabilities Through Scalable, On-Demand Assessments

DULLES, VA--(Marketwired - Sep 18, 2013) - Cigital, Inc., the world's leading software security services and solutions firm, today announced new cloud-based Static and Dynamic Application Security Testing offerings. Cigital's newest software security solutions find and fix vulnerabilities within source code and web applications through an automated assessment process customized to business needs. The on-demand scanning and testing service provides organizations with a scalable way to evaluate software security threats and application vulnerabilities -- as well as the actionable guidance needed to address the vulnerability findings.

According to Cigital, more than 80% of the assessments they have completed reveal critical defects in software source code or web applications.

"Internal security teams struggle to assess the hundreds or even thousands of Internet-facing applications in their organizations' portfolio. Biannual releases create large spikes in assessment load, making staff management and timely reporting challenging," said John Steven, internal CTO at Cigital. "Cigital's Cloud Services for Static and Dynamic Application Security Testing offer an external option that is scalable, flexible, and cost-effective. Clients can prioritize applications by criticality and risk, and invest resources more efficiently to ensure all the organization's applications remain secure."

Cigital's Cloud Services for Static and Dynamic Application Security Testing blends tool-assisted scans with targeted manual testing for vulnerabilities that cannot be detected through automated scans. When assessing potential vulnerabilities, Cigital's solution focuses on the critical issues that pose the biggest risk, and eliminates the opportunities to exploit them.

Cigital's cloud-based security testing Cloud Services for Static and Dynamic Application Security Testing includes the following features:

  • Multiple Security Testing Options: Four different levels of source code review and application testing depending on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly, or annually to align with software release cycles and help maintain a proactive security posture. 
  • Minimal False Positives: Hybrid approach combining automated testing with manual validation minimizes false positives and inaccurate findings.
  • Business Logic Security Testing: Automated web application security testing is combined with in-depth manual testing to detect most critical business logic flaws that are missed by tools.
  • On-Demand Security Test Scheduling and Management: Customizable portal allows for quick, flexible testing -- even during weekends and off-hours. The portal also includes dashboard reports for full visibility into scheduled and completed tests, and insight into vulnerability details and trends.

Cigital's Cloud Services for Static and Dynamic Application Security Testing is available now. Visit for more information.

About Cigital
Cigital, Inc. is the world's leading software security services and solutions company. Cigital helps public and private organizations launch and mature software security initiatives, as well as design, build, test, and maintain secure software through a combination of expert consultants, innovative technologies, and effective training built on over twenty years of cutting-edge research and successful client engagements. Cigital is headquartered outside Washington, D.C. with regional offices throughout North America, Europe, and Southeast Asia. For more information visit: