AppSec Blog
Keep up to date with the latest news on cybersecurity, technical trends and programming best practices!
Tips To Stay Safe During Black Friday/Cyber Monday
Two of America’s biggest and busiest shopping days — Black Friday and Cyber Monday — are just around the corner. And as you prepare to shop till you drop, cybercriminals are also hard at it,...
How Holiday Hacking Puts Your Company at Risk
The holiday season brings many good things. Family, presents, decorations, joy, good cheer, peace on Earth, and so on. Unfortunately for anyone working in IT or cybersecurity, the holidays also...
Cybersecurity Awareness Month: Scary Stats To Haunt Your Dev Team
It's that time of year again — the leaves are changing, the air is getting chilly, and cybersecurity threats are lurking around every corner. That's right, it's Cybersecurity Month! And what better...
Cybersecurity Awareness Month: Cyber Attacks on a Global Scale
IBM recently released its Cost of a Data Breach Report for 2022. It's a helpful resource that offers IT, risk management, and security leaders insight into the year’s trends surrounding data...
Cybersecurity Awareness Month: Phishing Scams & Ransomware Prevention in Europe
Since 2004, October has been recognized as Cybersecurity Awareness Month in the United States. Throughout this month, companies and IT professionals across the world should make sure that they’re...
Cybersecurity Awareness Month: Top 5 Programming Languages in 2022 and their Risks
According to a recent report by IBM, the average data breach will cost over $4.35 million in 2022. That’s why it’s more important than ever for programmers to be aware of the risks associated...
How To Prevent Reverse Shell Attacks
Reverse shell attacks are one of the most common ways that hackers gain control over a computer. It may seem like a strange concept, but it's fairly simple: a reverse shell is created when someone...
Application Security for Energy Providers
In any industry, cybersecurity threats lurk around every corner. Cybersecurity breaches are costly. In 2021, the average cost of a cybersecurity data breach was $4.24 million, and can substantially...
Seamless DevSecOps Integration Made Easy
The tide of change that’s washed over the world in the past few years has had sweeping implications for how we live and work. It’s estimated that 26% of American workers were fully remote in 2021...
How to Turn False/Positives Off
A common topic of conversation we have with software developers is how to reliably and accurately scan code for vulnerabilities while minimizing the number of false positives. And when false...
Top 3 Notorious Hacking Groups
The application security world is constantly under attack. One of the most common attacks comes in the form of hacker groups. These notorious hacking groups are often organized and motivated by...
A Holistic Look at Cloud-Native App Security
One of the key benefits of cloud computing is that it has given organizations the ability to more quickly accelerate applications to market, providing increased business agility. That means...
Understanding Github Repojacking
Threat actors have been using GitHub's repojacking flaw to hijack and inject thousands of repositories with malicious code. This flaw has yet to be fixed, meaning GitHub users will likely see more...
Collaborating For Better Applications
With the rise of collaborative software development environments, it's more important than ever to ensure that code quality and security are top priorities. After all, when multiple developers are...
Creating A Pervasive Security Approach
Implementing a comprehensive security framework requires a strategy that brings security to the front of every stage of the development process — and zero trust is the answer. Here's how it's done...
How Mature Is Your Application Security?
For the first time in the survey's history, respondents to the Allianz Risk Barometer cited cyber incidents as their number one concern for 2022. This worry isn't surprising, considering...
Understanding the SpringShell Vulnerability in Spring Java Framework
Researchers recently announced the presence of a gaping security hole in Spring, a framework widely used by organizations developing Java applications. Designated CVE 2022 2965 and nicknamed...
A Guide to Security Risks for Financial Services
Banking in the 21st century has brought on new innovations but also new threats. Nowadays, most financial services take place in the digital realm. Financial institutions of all sizes need a...
A 20% Increase In Security Scanning Cadence
Organizations are now scanning for security vulnerabilities at a rate 20 times faster than just a few years ago. The increase in scanning activity is driven by several factors, including the growing...
What PCI DSS 4.0 Means For Payments Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
What PCI DSS 4.0 Means For Banking Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
What PCI DSS 4.0 Means For Finance Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
What PCI DSS 4.0 Means for Your Organization
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
The Risk To Public Sector Applications
Unless you've been living under a rock, you've heard that cybercrime threatens small- to large-sized organizations across the globe. And not only are public sector organizations not immune, they're...
Looking At A New Threat Vector: protestware
Since Russia invaded Ukraine, a new threat vector has circulated in the open-source community. This threat vector, known as protestware, involves activists injecting malicious content into...
3 Steps To Better Code
No matter the project, no matter the industry, having secure, quality code is a critical factor to an organization’s success. If the code quality is lacking, or if there are significant...
Accelerate Digital Transformation With Code Security
Organizations are increasingly embarking on digital transformation journeys. The transformation is enabling them to keep pace with the competition, optimize IT asset security, and meet evolving...
The Lines Of The Security Perimeter Are Becoming Blurred
The traditional method of mitigating security risks by securing the perimeter is losing effectiveness. As society moves to remote and hybrid work, and as more smart devices are tied into the...
Developing Data Security For Finance / Banking
The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.
Kiuwan 101
Before jumping on the DevOps security solutions bandwagon, businesses need a Kiuwan 101 introduction to understand which challenges Kiuwan solves and how it makes application security testing a breeze. Keep reading to find out.
Combining SAST & SCA Tools
Learn how cybersecurity teams can combine SAST and SCA into a comprehensive cybersecurity strategy.
Women Making Digital Waves Throughout History
The month of March is National Women’s History month and as part of our social campaign we wanted to continue to celebrate this with a special blog! The tech...
Are Supply Chain Attacks Caused By Open Source Dependencies?
Although Open Source Software provides many advantages, such as affordability and flexibility, the programs and their components can introduce security risks and vulnerabilities to a company.
Why Accurate Software Inventory Is Essential
Open source code is cost-effective, flexible, and agile, it also poses some serious security and liability risks. This is why software inventory is essential.
Overcoming Microservices Architecture Risks
Microservices architecture gives developers a flexible, scalable, agile solution for building high-performing apps that quickly deploy. It has been widely adopted because of its game-changing benefits. However, developers must overcome some challenges and risks to implement solutions with microservices effectively.
The API Security Top 10 List
In an effort to increase API security, the Open Web Application Security Project (OWASP) maintains a list of the top 10 security risks.
How To Safely Leverage Open Source In Your Codebase
All major innovations in recent years, including cloud computing, big data, and artificial intelligence, have been built in open source ecosystems. According Gartner, most organizations use some form of open-source assets within their critical applications.
Remediate Log4j Risk: A Warning From The FTC
Stick with us to find out everything you need to know about the Log4j vulnerability and how to keep your business and its applications safe from the potential exploit.
Modern Application Development Risks
There are many risks to be found in modern application development. Still, development risks can be reduced, if not eliminated, by following DevSecOps practices designed to identify those risks and resolve them before they create problems.
Data Breaches Are More Expensive Than They Seem
Data Breaches are more expensive than they seem, recent reports have shown that ransomware cost much more than they appear on the surface, notifaction, escalation, notifcation, lost business and response costs.
A Developers Guide To Managing Open Source Code Risks
The power of open source code lies in the massive number of developers who contribute to it and test it. However, the same elements that make open-source code so appealing also make it vulnerable to security risks.
What The Log4J Vulnerability Means For Your Business
What the Log4j Vulnerability Means for Businesses Most businesses using Apache's open-source Log4j logging framework should already know about the vulnerability in the system. Known as Log4Shell or...
Most Severe Cyberattacks Of 2021
Cyberattacks have become increasingly prevalent since the start of the COVID-19 pandemic. Many employees working remotely. In 2020 alone, malicious emails have gone up by 600%.
Everything You Need To Know About Zero Trust
Zero Trust practices help organizations control and monitor who has access to their assets through the use of “least privilege access” principles.
Travis CI | Kiuwan Integration
Travis CI X Kiuwan Integration Connect Kiuwan with your Travis CI workflow, this new integration is designed to empower teams to seamlessly add security to any development project. This relatively...
5 Steps To Enhance Developer Security
Developer play a crucial role in enhancing security and ensuring high performance throughout the development pipeline. Baking security into the code is more effective and efficient than testing a release candidate after the fact, only to be forced into corrective action.
The Full Extent Of The Twitch Hack
Once believed to be indestructible, big tech companies like LinkedIn, Adobe, and even Facebook have succumbed to data breaches, hacks, and leaks in recent years.
The latest of these is the hack of livestreaming site Twitch.
Cybersecurity How IT Security Will Evolve In 2022 and Beyond
The advent of new technologies such as artificial intelligence/machine learning (AI/ML), robotic process automation (RPA), cloud computing, and no-code or low-code platforms, has been changing the way organizations deliver their offerings.
OWASP Top 10 For 2021: A Summary
Want to learn how to design more secure web applications? Here’s what to look out for, according to the latest OWASP Top 10 vulnerabilities list.
Speed Or Security In Development: Managing The Tradeoff
Speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a regular and consistent stream of updates, often comes at the cost of security in Development
How To Stop Malicious Actors In Software Supply Chains
Supply chain attacks result in millions of dollars in lost revenue, reduced consumer confidence, damaged reputations, and disruption of services.
DevSecOps Focus: On The Way TO Secure Source Code
Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test...
Application Security and Ransomware
Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle
Maximizing Development ROI Through DevSecOps
Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.
Increasing Development Pipeline Effeciency
Software development organizations define success by providing the right products to their customers that meet quality, schedule and budgetary constraints.
It includes specification, design, development, testing, quality assurance, building and deployment. Increasing the efficiency of the development pipeline makes happier customers and generates higher profits.
Are Some Programming Languages More Secure Than Others
Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.
Prestigitation The Heart Of Social Engineering
Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.
The State of Mobile App Security 2021
The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in...
The Colonial Pipeline Ransomware Attack
On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.
Facebook Scraping Incident Leaks Info For Half A Billion Users
In early April, numerous sources disclosed discovery of a pool of Facebook records including information on more than 530 million of its users. The leaked information included users’ names, dates of...
Static Analysis In Automated Software Quality Tests
Software quality management solutions function with automated tests that use static analysis processes to generate software quality metrics. With the ability to parse code in almost every commonly...
Why Automated Code Reviews Need To include Security Audits
When you and your team are coding a web app, you do your best to avoid any potential security holes in the code. Unfortunately, your best efforts aren’t always enough to prevent holes that a hacker...
Understanding Open Source Licensing
Open source licensing isn’t very complicated as license agreements go. Even so, some people find it confusing, and businesses need to pay close attention to how the licenses work. Making a mistake...
How Open Source Is Democratizing Technology
Many of the software products that everyone uses are open source. The Linux operating system, the Apache Web server, and a large number of software development systems are all open-source software....
How To implement DevSecOps With Your Team
DevOps has been a revolution in software development. It brings together software creation, deployment, and management into a single process. Development and operations may become a single team; if...
How To Success As An Open Source Developer, From Education To Contributor
Working in the open source industry is a very rewarding career move, especially since the future of it looks bright. With statistics showing more companies are going to rely on open source...
Getting Ahead Of Payment Card Security Threats
Payment card attacks are nothing new. Cybercriminals have been targeting payment cards for more than a decade. However, there is a disturbing trend of cybercriminals discovering and leveraging novel...
Beyond SolarWinds
Beyond SolarWinds: Guarding Against the Rising Threat of Supply Chain Attacks The successful attack in 2020 on the SolarWinds Orion network management software showed that indirect, or...
Secure Remote Access: Keeping Employees And The Organization Safe
In this age of lockdowns, social distancing and working from home, organizations must think carefully about how to extend their networks and services across the internet and into employees’ and...
6 Threats To Development Team Productivity
Productivity rates are critical to success in any industry. That is true of software products, too, that not only need to be efficiently produced but secure from cyberattacks as well. If you’re...
Rethinking Application Security In A Post Pandemic World
Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape. Not only did businesses have to tweak their entire operations under safety regulations, but they...
App Quality Quality Analytics
As business management expert Peter Drucker once put it:“If you can’t measure it, you can’t improve it.” This quote feels right in place in the world of application security. Many CISOs are finally...
The Role Of SAST In DevSecOps
Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process....
Threat Modellings Place In DevSecOps
Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus...
Create A Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into...
Managing Open Source Vulnerabilities In DevOps
If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning...
AppSec Or Just Smart Software Development
The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security...
SAST and SCA: Putting The Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes....
Why SAST Is Crucial For Security Of Web And Mobile Applications
Software applications are used both in homes and workplaces. Web and mobile apps are used for communication. They help businesses and individuals get updates on the latest trends and happenings....
Scanning Code Vulnerabilities
When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that...
Understanding and Managing Open Source Risks
These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract,...
Programming Language Trends In 2020
High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with...
Application Security Tools Comparison
DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure...
Application Inventory Management
How Application Inventory Management Unlocks Your App for Affordable Maintenance and Development As your application grows in complexity, it’s critical to maintain a strong understanding of its...
Security Standards In Software Development
The need for security in all things technology is well-known and paramount. That includes the demand for the highest security standards in software development as well. For companies and developers,...
Continuous Integration
What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different...
The Future Of IT Security: SOAR
We are in an era of data explosion. At the same time, threats are multiplying. As a result, the day-to-day efforts of securing data could overwhelm your Security Operations Center (SOC) team. A...
OWASP Benchmark DIY
DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage,...
The OWASP Benchmark & Kiuwan
Learn how to make your own OWASP Benchmark test with Kiuwan on our DIY Blog post. What is the OWASP Benchmark? I’m sure that most of you are familiar with OWASP (Open Web Application Security...