Cigital, a security consulting firm, has released new security solutions that find and fix vulnerabilities in source coding tools and web applications.

The on-demand scanning and testing solution has an automated assessment process, which allows users to evaluate security threats.

The release follows research conducted by Citgital, which found that 80% of assessments on software had critical defects in source coding tools and web applications.

The Washington-based company said the solution focuses on the threats that pose the biggest risks during the assessment process.

John Steven, internal CTO at Cigital, said: "Internal security teams struggle to assess the hundreds or even thousands of internet-facing applications in their organisations’ portfolio.

"Cigital’s Cloud Services for Static and Dynamic Application Security Testing offer an external option that is scalable, flexible, and cost-effective. Clients can prioritize applications by criticality and risk, and invest resources more efficiently to ensure all the organisation’s applications remain secure."

Other features include multiple security testing options depending on the risk of the software, manual testing to detect problems missed by automation and dashboard report.

Cigital released the Cigital Java Security Rulepack, a set of Java analysis rules, with Fortify in 2008.