Cigital, a provider of software security services and solutions, has launched new cloud-based Static and Dynamic Application Security Testing solutions to its lineup.
According to the company, the new offerings find and fix vulnerabilities within source code and web applications through an automated assessment process that can be customized to individual business needs.
“The on-demand scanning and testing service provides organizations with a scalable way to evaluate software security threats and application vulnerabilities — as well as the actionable guidance needed to address the vulnerability findings,” the company said in a statement.
According to Cigital, more than 80% of the assessments they have completed reveal critical defects in software source code or web applications.
“Internal security teams struggle to assess the hundreds or even thousands of Internet-facing applications in their organizations’ portfolio. Biannual releases create large spikes in assessment load, making staff management and timely reporting challenging,” said John Steven, internal CTO at Cigital.
“Cigital’s Cloud Services for Static and Dynamic Application Security Testing offer an external option that is scalable, flexible, and cost-effective. Clients can prioritize applications by criticality and risk, and invest resources more efficiently to ensure all the organization’s applications remain secure.”
Cigital’s Cloud Services for Static and Dynamic Application Security Testing blends tool-assisted scans with targeted manual testing for vulnerabilities that cannot be detected through automated scans and focuses on the critical issues that pose the biggest risk.
Cigital’s cloud-based security testing Cloud Services for Static and Dynamic Application Security Testing includes the following features:
• Multiple Security Testing Options: Four different levels of source code review and application testing depending on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly, or annually to align with software release cycles and help maintain a proactive security posture.
• Minimal False Positives: Hybrid approach combining automated testing with manual validation minimizes false positives and inaccurate findings.
• Business Logic Security Testing: Automated web application security testing is combined with manual testing to detect business logic flaws that are often missed by tools.
• On-Demand Security Test Scheduling and Management: Customizable portal allows for quick, flexible testing. The portal also includes dashboard reports for full visibility into scheduled and completed tests, and insight into vulnerability details and trends.
Cigital’s Cloud Services for Static and Dynamic Application Security Testing is available immediately.