ruby static analysis

Ruby goes to Kiuwan

Kiuwan Code Analysis offers state of the art engines, supporting more than 22 programming languages and frameworks including: Java, Csharp, Javascript, ABAP and Hibernate among others. But Kiuwan is more than a static analysis tool. Kiuwan can categorize your rules and create models according to your needs, plan your next steps with action plans to optimize your time with the ‘what if’ analysis, generate reports,… Read more →

Team foundation server

Continuous Inspection with Team Foundation Server

Continuous is a word often heard in Agile and DevOps teams: continuous integration, continuous deployment, continuous delivery, … All of them are techniques where teams produce software (products) in short cycles, ensuring that they can be reliably put on production at any time. Kiuwan puts their two cents to facilitate your success, enabling continuous inspection of your code, integrating with… Read more →

Secure Rest Api services

Bad guys love REST

Many applications provide a services layer (to other applications, to a presentation layer…) or consume services exposed by third-parties (not necessarily trusted). REST model is a simple way for designing such service layers, widely used today. This post is about REST security issues and presents the main security problems that need attention, the attack threats and attack surface for REST,… Read more →

AngularJS tips

14 tips for developing AngularJS applications

AngularJS is one of the most popular JavaScript frameworks for client-side development. An insight into some AngularJS concepts, such as $scopes, two-way data binding and directives, will bring us some important tips to keep in mind while developing AngularJS applications. AngularJS provides MVC architecture for developing SPA (Single Page Application). Key features are two-way data binding, built-in dependency injection, templates… Read more →

Jira Integration SDLS

Jira integration

Kiuwan Software Analytics integrates with JIRA Developers want and need to have full control of their code, Kiuwan Software Analytics provides that control in terms of the risks developers face, and the effort to maintain a desired level of quality. However, we cannot overlook the fact that developers already use a wide variety of tools to control other aspects of… Read more →

distributedlog_logo_l

Code Analysis of Twitter’s DistributedLog

Recently, the Twitter engineering team (@TwitterEng) published an interesting library: DistributedLog, a replicated and highly efficient service to manage the logs of applications. A summary of its characteristics as found in the documentation: High performance, since it provides delays in the order of milliseconds with a large number of concurrent logs. It is capable of a large volume of read- and write operations per… Read more →

OWASP Top 10

OWASP Top 10: how to discover vulnerabilities in your Java applications

In this article you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically.   What’s OWASP Top 10? OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire,… Read more →

CSRF attack

Cross Site Request Forgery (CSRF) in ASP .NET applications

What is CSRF A web application is vulnerable to CSRF attacks (Cross Site Request Forgery), also known as XSRF or Session Riding, when it does not establish any mechanism to verify that any request done by a trusted user has actually been intentionally done by that user. CSRF vulnerabilities are often misunderstood and even confused with XSS vulnerabilities, when its nature is… Read more →

C++ analysis

Analyzing C and C++

C and C++ static analysis is a bit different from other programming languages, so analyzing C may have its quirks. In these languages, we have the preprocessor to complicate things a little.   Resolving header files and macros, used in preprocessing phase, is essential for a complete and correct C and C++ static code analysis. In this post, let’s break… Read more →

sin-titulo

OWASP Top 10: how to discover vulnerabilities in your C# applications

In this article, you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically. This post is the second part of another post about discovering vulnerabilities in a Java application. How can I… Read more →