Kiuwan Application Security Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan application security blog
A Holistic Look at Cloud-Native App Security

A Holistic Look at Cloud-Native App Security

One of the key benefits of cloud computing is that it has given organizations the ability to more quickly accelerate applications to market, providing increased business agility. That means organizations can potentially reach the market faster than ever before,...

read more
Understanding Github Repojacking

Understanding Github Repojacking

Threat actors have been using GitHub's repojacking flaw to hijack and inject thousands of repositories with malicious code. This flaw has yet to be fixed, meaning GitHub users will likely see more of these attacks soon. Luckily, there are ways to prevent...

read more
Collaborating For Better Applications

Collaborating For Better Applications

With the rise of collaborative software development environments, it's more important than ever to ensure that code quality and security are top priorities. After all, when multiple developers are working on a project, one bad actor can easily ruin things for everyone...

read more
Creating A Pervasive Security Approach

Creating A Pervasive Security Approach

Implementing a comprehensive security framework requires a strategy that brings security to the front of every stage of the development process — and zero trust is the answer. Here's how it's done ... The Ponemon Institute recently collaborated with IBM in their...

read more
How Mature Is Your Application Security?

How Mature Is Your Application Security?

For the first time in the survey's history, respondents to the Allianz Risk Barometer cited cyber incidents as their number one concern for 2022. This worry isn't surprising, considering cybercriminals are getting bolder in their exploits. Lately, no one has been...

read more
A Guide to Security Risks for Financial Services

A Guide to Security Risks for Financial Services

Banking in the 21st century has brought on new innovations but also new threats. Nowadays, most financial services take place in the digital realm. Financial institutions of all sizes need a comprehensive digital presence in order to best serve their customer’s...

read more
A 20% Increase In Security Scanning Cadence

A 20% Increase In Security Scanning Cadence

Organizations are now scanning for security vulnerabilities at a rate 20 times faster than just a few years ago. The increase in scanning activity is driven by several factors, including the growing use of automated scanning tools, the proliferation of cloud-based...

read more
What PCI DSS 4.0 Means for Your Organization

What PCI DSS 4.0 Means for Your Organization

On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for establishing security measures around payment security. It replaced a myriad of...

read more
The Risk to Public Sector Applications

The Risk to Public Sector Applications

Unless you've been living under a rock, you've heard that cybercrime threatens small- to large-sized organizations across the globe. And not only are public sector organizations not immune, they're a top target for hackers due to the volume of their proprietary data...

read more
Looking at a New Threat Vector: Protestware

Looking at a New Threat Vector: Protestware

Since Russia invaded Ukraine, a new threat vector has circulated in the open-source community. This threat vector, known as protestware, involves activists injecting malicious content into open-source code libraries to express political opinions. While most...

read more
3 Steps To Better Code

3 Steps To Better Code

No matter the project, no matter the industry, having secure, quality code is a critical factor to an organization’s success. If the code quality is lacking, or if there are significant vulnerabilities, a business risks financial losses and resource drain. IT...

read more
Accelerate Digital Transformation With Code Security

Accelerate Digital Transformation With Code Security

Organizations are increasingly embarking on digital transformation journeys. The transformation is enabling them to keep pace with the competition,  optimize IT asset security, and meet evolving user expectations. It is helping enterprises sustain and maintain their...

read more
The Lines of the Security Perimeter are Becoming Blurred

The Lines of the Security Perimeter are Becoming Blurred

The traditional method of mitigating security risks by securing the perimeter is losing effectiveness. As society moves to remote and hybrid work, and as more smart devices are tied into the Internet of Things (IoT), security teams now have to secure multiple access...

read more
3 Reasons Why Your Should Use Kiuwan

3 Reasons Why Your Should Use Kiuwan

Cyber attacks happen every 39 seconds. The University of Maryland found that these attacks affect almost 1 in 3 Americans every year. As we are adopting digitization more and more, developing secure applications and solutions has become more crucial than ever. Data is...

read more
Developing Data Security for Finance / Banking

Developing Data Security for Finance / Banking

The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.

read more
Kiuwan 101

Kiuwan 101

Before jumping on the DevOps security solutions bandwagon, businesses need a Kiuwan 101 introduction to understand which challenges Kiuwan solves and how it makes application security testing a breeze. Keep reading to find out.

read more
Women Making Digital Waves Throughout History

Women Making Digital Waves Throughout History

The month of March is National Women’s History month and as part of our social campaign we wanted to continue to celebrate this with a special blog! The tech industry is traditionally heavily dominated by men, however there have...

read more
Overcoming Microservices Architecture Risks

Overcoming Microservices Architecture Risks

Microservices architecture gives developers a flexible, scalable, agile solution for building high-performing apps that quickly deploy. It has been widely adopted because of its game-changing benefits. However, developers must overcome some challenges and risks to implement solutions with microservices effectively. 

read more
Cloud Native – A Developers View

Cloud Native – A Developers View

Cloud technology has ushered in a new era for businesses, laymen, and the developers who are behind all the applications. Cloud-native technology is essentially about speed and agility, which have become more like necessities for business systems. Of course, at the heart of it all is the cloud infrastructure. Three of the most prominent cloud service providers include Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

read more
The API Security Top 10 List

The API Security Top 10 List

In an effort to increase API security, the Open Web Application Security Project (OWASP) maintains a list of the top 10 security risks.

read more
How to Safely Leverage Open Source in Your Codebase 

How to Safely Leverage Open Source in Your Codebase 

All major innovations in recent years, including cloud computing, big data, and artificial intelligence, have been built in open source ecosystems. According Gartner, most organizations use some form of open-source assets within their critical applications. 

read more
Why Your Team Needs a Security Champion

Why Your Team Needs a Security Champion

Application security testing is the need of the hour for organizations that want to be secure. Although it’s a difficult task, a security champions program can enthuse teams to work together and build secure applications from the ground up.

read more
Modern Application Development Risks

Modern Application Development Risks

There are many risks to be found in modern application development. Still, development risks can be reduced, if not eliminated, by following DevSecOps practices designed to identify those risks and resolve them before they create problems.

read more
Data Breaches Are More Expensive Than They Seem

Data Breaches Are More Expensive Than They Seem

Data Breaches are more expensive than they seem, recent reports have shown that ransomware cost much more than they appear on the surface, notifaction, escalation, notifcation, lost business and response costs.

read more
What the Log4j vulnerability means for your business

What the Log4j vulnerability means for your business

What the Log4j Vulnerability Means for Businesses Most businesses using Apache's open-source Log4j logging framework should already know about the vulnerability in the system. Known as Log4Shell or CVE-2021-44228, this vulnerability requires urgent action. Left...

read more
Most Severe Cyberattacks of 2021

Most Severe Cyberattacks of 2021

Cyberattacks have become increasingly prevalent since the start of the COVID-19 pandemic. Many employees working remotely. In 2020 alone, malicious emails have gone up by 600%. 

read more
Travis CI | Kiuwan Integration

Travis CI | Kiuwan Integration

Travis CI X Kiuwan Integration   Connect Kiuwan with your Travis CI workflow, this new integration is designed to empower teams to seamlessly add security to any development project. This relatively simple Typesrcipt project can seriously simplify the way teams...

read more
5 Steps To Enhance Developer Security

5 Steps To Enhance Developer Security

Developer play a crucial role in enhancing security and ensuring high performance throughout the development pipeline. Baking security into the code is more effective and efficient than testing a release candidate after the fact, only to be forced into corrective action.

read more
The Full Extent of the Twitch Hack

The Full Extent of the Twitch Hack

Once believed to be indestructible, big tech companies like LinkedIn, Adobe, and even Facebook have succumbed to data breaches, hacks, and leaks in recent years.
The latest of these is the hack of livestreaming site Twitch.

read more
Idera DevTools: Kiuwan Podcast

Idera DevTools: Kiuwan Podcast

In today's episode of the Idera DevOps Tools Podcast, we are joined by Alexander Goodwin & JD Burke of Kiuwan. JD is the Lead Solutions Engineer at Kiuwan and provides us with a complete overview of the value and efficacy of Application Security Testing. Learn more:...

read more
Creating A Developer First Security Approach

Creating A Developer First Security Approach

92% of organizations do business in the cloud and nearly half of all corporate data is stored in the cloud. Cloud-based business creates efficiencies and cost-savings, but may also prove an attractive target for threat actors.

read more
DevSecOps Focus: On the Way to Secure Source Code

DevSecOps Focus: On the Way to Secure Source Code

Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test apps for vulnerabilities and bugs during the development process. These...

read more
Application Security and Ransomware

Application Security and Ransomware

Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle

read more
Maximizing Development ROI Through DevSecOps

Maximizing Development ROI Through DevSecOps

Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.

read more