The comprehension of the contemporary needs of software designers and architects—while building software—is as important as developers identifying security bugs. A mistake in the application design can lead to major data breaches like the one suffered by the retail giant, Target. “Organizations recognize that building security through ongoing assessments and tests are critical to identifying areas of vulnerability before sensitive data is breached,” says John Wyatt, CEO, Cigital. With a wide range of services ranging from initial surveys to in-depth assessments and mitigation support, Cigital, an application security firm, is helping clients identify weak security controls, understand secure design and mitigate security flaws that increase risk of a breach.
One of the things EA facilitates is development of better application designs without compromising on its security and that is where Cigital, an application security firm, comes in. The firm’s Architecture Analysis services detect security vulnerabilities in the system at the early stage of the development cycle and those which are to be produced and the ones already deployed. Rather than reviewing each application or line of code separately, Cigital's Architecture Analysis service offers a holistic view of a system and evaluates back-end communication among multiple application components, as well as between application components and external systems. This helps users to spot the weak areas of the attack surface and respond with targeted strategies to mitigate risk. Besides, it also facilitates the addressal of flaws in design and enhances the security of multifarious applications that share components at one time. It also helps contain the damage incurred if there is a breach.
With the help of our services, companies can move towards innovation without sacrificing security
There are three Levels of the analysis. At first, a survey is carried out to evaluate the architecture of the applications, its design and deployment. The accumulated data is used to determine and analyze security risk like inconsistent auditing controls across application layers, insufficient data validation, and inability to update certain application components. Cigital then provides clients with a detailed explanation of the weakness in their designs that can lead to attacks and guides them to mitigate those risks. The security risk profiles of organizations vary and Cigital offers business-specific models to identify threats for different companies. This enables users to navigate better and architect recurring and common software defects such as Structured Query Language (SQL) injection out of their codes. Additionally, remediating security problems that were previously causing hindrance in the Software Development Lifecycle (SDLC) is cost-efficient and takes less time. Customers do not have to wait for codes to be written in Qualitative Assurance (QA) tests performed.
The company identifies flaws in the users design and also enables them to rank those risks for a better understanding of the impact of the threats in their businesses.
The firm has released Building Security in Maturity Model (BSIMM6), a software security measurement tool built on real-world data which an organization can use to assess its own efforts in software security. The company will modify and enhance its services in the future and enable clients to assess threats better. “With the help of our services, companies can move towards innovation without sacrificing security,” concludes Wyatt.