Jira integration

Kiuwan integrates with JIRA Developers want and need to have full control of their code, Kiuwan provides that control in terms of the risk developers face, and the effort to maintain a desired level of quality. However, we cannot overlook the fact that developers already use a wide variety of tools to control other aspects of the Software Development Life… Read more →

Veracode extends language support thanks to Optimyth

  We are proud to announce that Veracode, recognized as a Leader in the Gartner Magic Quadrant for Application Security Testing, now supports RPG thanks to Optimyth Software’s static analysis technology, the same technology that powers Kiuwan. This adds to the current support Veracode has for COBOL, another so called ‘legacy’ technology, made possible by Optimyth’s technology. From their recently… Read more →

Code Analysis of Twitter’s DistributedLog

Recently, the Twitter engineering team (@TwitterEng) published an interesting library: DistributedLog, a replicated and highly efficient service to manage the logs of applications. A summary of its characteristics as found in the documentation: High performance, since it provides delays in the order of milliseconds with a large number of concurrent logs. It is capable of a large volume of read- and write operations per… Read more →


Perform Kiuwan analysis in your ABAP Development Life Cycle

This is the fourth installment of our series on Abap analysis. If you are a new reader, check out previous posts on: 1. ABAP Code Quality & Security Vulnerabilities detection 2. Static analysis for ABAP 3. ABAP: continuous analysis with Kiuwan Chapter 3, ABAP: continuous analysis with Kiuwan, tells us how to run automatically the source code extraction and the Kiuwan analysis,… Read more →


Avoid duplicated code with clone detector

Reusing code is usual in software development, but this practice makes the code less maintainable, besides introducing defects. That’s why we have in Kiuwan the Clone detector. As we write an application and this development extends over time, very similar or identical code fragments begin to appear. These fragments are known as ‘clones’. The existence of these clones makes more difficult… Read more →

Security in business-oriented languages: ABAP

In the previous post, we have seen some security flaws in COBOL and RPG. Following with the security issues that may arise in software developed in business-oriented languages, let’s see today some of them in ABAP and how Kiuwan can help you to detect and prevent security problems in business-oriented languages code. Read more →

Security in business-oriented languages: COBOL and RPG

Security in software written in business languages (like COBOL) follows a quite different path from software security in “modern” languages. Information flow issues are as much relevant than technical flaws. Knowledge and awareness in dev teams are not widespread. In this post we focus on the security flaws that happen in different business-oriented programming languages, how things could go wrong even with… Read more →

14 tips for developing AngularJS applications

AngularJS is one of the most popular JavaScript frameworks for client-side development. An insight into some AngularJS concepts, such as $scopes, two-way data binding and directives will bring us to some important tips to keep in mind while developing AngularJS applications.   AngularJS provides MVC architecture for developing SPA (Single Page Application). Key features are two-way data binding, built-in dependency… Read more →

Bad guys love REST

Many applications provide a services layer (to other applications, to a presentation layer…) or consume services exposed by third-parties (not necessarily trusted). REST model is a simple way for designing such services layers, widely used today. This post is about REST security issues and presents the main security problems that need attention, the attack threats and attack surface for REST, and how to… Read more →

Continuous inspection with Team Foundation Server and Kiuwan

Continuous is a word often heard in Agile and DevOps teams: continuous integration, continuous deployment, continuous delivery, … All of them are techniques where teams produce software (products) in short cycles, ensuring that they can be reliably put on production at any time. Kiuwan puts their two cents to facilitate your success, enabling continuous inspection of your code, integrating with… Read more →