Kiuwan Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan Code Security Blog
Post-Pandemic Hybrid Office Models Bring New Security Concerns

Post-Pandemic Hybrid Office Models Bring New Security Concerns

As 2021 reaches its halfway point, many businesses are transitioning back toward more on-premises operations, but some analysts believe that a hybrid workforce will be the new normal. In a hybrid model, the workforce is made up of both on-premises and remote workers, with many of those workers splitting time between home and the office.

read more
Are Some Programming Languages More Secure than Others?

Are Some Programming Languages More Secure than Others?

Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.

read more
Prestidigitation: the Heart of Social Engineering

Prestidigitation: the Heart of Social Engineering

Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.

read more
The 2021 CISSP Exam and Application Security: What’s Changed?

The 2021 CISSP Exam and Application Security: What’s Changed?

CISSP is one of the most prestigious vendor-neutral information systems security leadership certifications. The certification is a credential that signifies its holder possesses professional experience and demonstrates a high level of knowledge across information systems security domains.

read more
The State of Mobile App Security 2021

The State of Mobile App Security 2021

The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in perspective: according to Statista the total number of mobile...

read more
The Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware Attack

On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.

read more
Release Announcement – June 16, 2021

Release Announcement – June 16, 2021

We are pleased to announce the availability of the latest Kiuwan update! Released on June 16, 2021, this update includes new features and some bugfixing, described below.   The Oauth2/OIDC Integration project, a new feature Nowadays, many organizations...

read more
Pandemic Legacy: Remote Work and Digital Transformation

Pandemic Legacy: Remote Work and Digital Transformation

The COVID-19 pandemic drove many companies to rapidly expand their support for remote work. This change was not simply to appease a changing workforce; it was simply to survive. When most of the workforce was suddenly told to stay home, many organizations had to...

read more
How NIST SP 800-53 Revision 5 Affects Application Security

How NIST SP 800-53 Revision 5 Affects Application Security

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce that, among other things, maintains physical science laboratories and produces guidance for assessing compliance with a wide range of standards.

read more
Biggest Cloud Breaches of 2020

Biggest Cloud Breaches of 2020

PCR’s (UK) Top 10 Biggest data breaches of 2020 PCR is a leading information source for IT resellers and distributors in the United Kingdom. It reports its top 10 based on the number of records breached in the incidents selected. They cite the Risk Based Security...

read more
Securing Serverless Applications

Securing Serverless Applications

Although the term says “serverless,” serverless applications don’t really run without any servers involved. Rather, serverless applications run inside cloud-based infrastructures so that developers and operators need no longer stand up and run their own servers,...

read more
Comprehensive guide to cyber insurance

Comprehensive guide to cyber insurance

Social media, advanced technology, and the growing popularity of business transactions over the web continue to determine how organizations operate and communicate with their prospective customers. However, they’re also gateways to cyberattacks and data loss. Whether...

read more
Canary coal mine detecting cyberattacks early

Canary coal mine detecting cyberattacks early

Canary in a Coal Mine: Detecting Cyberattacks Early Many catastrophic events are obvious, with their effects immediately visible — but not all. Fire, flood, tornadoes and earthquakes are all examples of events that can cause a substantial impact to business operation...

read more
Getting Ahead of Payment Card Security Threats

Getting Ahead of Payment Card Security Threats

Payment card attacks are nothing new. Cybercriminals have been targeting payment cards for more than a decade. However, there is a disturbing trend of cybercriminals discovering and leveraging novel ways to steal payment cards credentials during online transactions....

read more
Securing Cloud Access in Applications

Securing Cloud Access in Applications

As applications become increasingly cloud-based – or even, cloud-native – more and more such code is sending data to and from cloud-based stores, both public and private. This makes the methods and controls that such applications use to access the cloud of particular...

read more
Beyond SolarWinds

Beyond SolarWinds

Beyond SolarWinds: Guarding Against the Rising Threat of Supply Chain Attacks The successful attack in 2020 on the SolarWinds Orion network management software showed that indirect, or third-party, attacks on organizations of all sizes are feasible. Where...

read more
7 Database Security Principles and Practices

7 Database Security Principles and Practices

Few, if any, other repositories for data and meta-data within an organization exceed the importance and value of its databases (DBs). In fact, databases often provide a home for an organization’s personnel information, financial data of all kinds (pay, taxes,...

read more
Fintech Cybersecurity Trends

Fintech Cybersecurity Trends

Cybersecurity Trends in Fintech The year 2020 will go down in history as being a year of uncomfortable changes. Just about everyone was forced to approach aspects of personal and professional life differently, from buying groceries to conducting business to...

read more
Release Announcement — January 28, 2021

Release Announcement — January 28, 2021

The Kiuwan team is excited to announce the availability of our latest release, with new features for both cloud and on premise customers. Kiuwan is a fast, reliable and scalable Application Security and Enterprise Software Analytics solution. Kiuwan includes several...

read more
Solarwinds hack timeline

Solarwinds hack timeline

The SolarWinds hack was a major security breach that affected over 3,000 SolarWinds customers, including major corporations like Cisco, Intel, Cox Communications, and Belkin. Also impacted were multiple US states and government agencies including the US...

read more
Virtual CISO: Leveraging External Security Expertise

Virtual CISO: Leveraging External Security Expertise

Today’s organizations, both big and small, are finding that security activities consume more resources than ever before. Cyber criminals are getting better all the time, and staying just one step ahead of them is getting harder. But it’s not just more sophisticated...

read more
6 Threats to Development Team Productivity

6 Threats to Development Team Productivity

Productivity rates are critical to success in any industry. That is true of software products, too, that not only need to be efficiently produced but secure from cyberattacks as well. If you’re considering how to improve your software team’s productivity, then you...

read more
Rethinking Application Security in a Post-Pandemic World

Rethinking Application Security in a Post-Pandemic World

Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape. Not only did businesses have to tweak their entire operations under safety regulations, but they also had to contend with a growing list of cybersecurity...

read more
App security quality analytics

App security quality analytics

As business management expert Peter Drucker once put it:“If you can’t measure it, you can’t improve it.” This quote feels right in place in the world of application security. Many CISOs are finally starting to give SAST tools and other approaches...

read more
The Role of SAST in DevSecOps

The Role of SAST in DevSecOps

Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development...

read more
Understanding OWASP ASVS

Understanding OWASP ASVS

Simply put, threat intelligence – also known as cyber threat intelligence, or CTI – is information that is collected, analyzed, organized, and refined to provide insight, input, and advice about potential and current security threats or attacks that could pose...

read more
Understanding OWASP ASVS

Understanding OWASP ASVS

It’s always fun to start throwing out acronyms to get one’s technical juices flowing. To make sense of this blog post title, readers show know that OWASP is the Open Web Application Security Project, and that the ASVS is the Application Security Verification...

read more
kiuwan fall 2020 g2 grid report

kiuwan fall 2020 g2 grid report

Kiuwan Shines in the Fall 2020 G2 Grid Report We’re excited to announce that Kiuwan Code Security and Insights solutions have been recognized in the Fall 2020 G2 Grid Report for Static Code Analysis, due in large part to an overall customer satisfaction rating of 4.4...

read more
Firmware vulnerabilities

Firmware vulnerabilities

What Makes Firmware Vulnerabilities So Deadly? Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other...

read more
8 Tips for Mobile App Security

8 Tips for Mobile App Security

According to a report from IBM just a few years ago, as many as 50% of companies had no budget for mobile app security. This is especially worrying because, in the first half of 2019 alone, there were data breaches that exposed around 4.1 billion records. A...

read more
October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. The theme for 2020 is: “Do Your Part. Be #CyberSmart.”  This event, put on by CISA and the National Cyber Security Alliance, is in its seventeenth year. The campaign aims to increase overall cybersecurity awareness,...

read more
Threat Modeling’s Place in DevSecOps

Threat Modeling’s Place in DevSecOps

Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus on the attacker. Understanding how attackers compromise controls...

read more
Putting the Principle of Least Privilege to Work for Web Apps

Putting the Principle of Least Privilege to Work for Web Apps

With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather,...

read more
Automation fix bad habits

Automation fix bad habits

Most discussions of DevSecOps include automation as a major component. In fact, Julien Vehent, Firefox’s Operations Security lead, defines DevOps this way in his book “Securing DevOps”: “DevOps is the process of continuously improving software products through rapid...

read more
Strategies for Managing Widely Deployed Code with Kiuwan

Strategies for Managing Widely Deployed Code with Kiuwan

As applications become increasingly cloud-based – or even, cloud-native – more and more such code is sending data to and from cloud-based stores, both public and private. This makes the methods and controls that such applications use to access the cloud of particular...

read more
Use the Strangler Pattern to Refactor Legacy Apps

Use the Strangler Pattern to Refactor Legacy Apps

Most of us who have been responsible for the care and feeding of an enterprise application have had to modify someone else’s code. Whether the modification is due to a newly found bug or to enhance existing functionality, changing someone else’s code is an interesting...

read more
Create a Web Application Security Blueprint

Create a Web Application Security Blueprint

The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of...

read more
Managing Open Source Vulnerabilities in DevOps

Managing Open Source Vulnerabilities in DevOps

If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning that a code element is subject to a known threat or vulnerability....

read more
When KLA Met Containers

When KLA Met Containers

Containers have emerged as a fantastic technology to deploy applications. Containers save a lot of time for system engineers dealing with infrastructure issues: servers, networks, operating systems (OS), ports, configuration, etc. If your application needs be run with...

read more
Upcoming Webinars Focus on IDEs & Integrations

Upcoming Webinars Focus on IDEs & Integrations

As part of our mission to help you build applications that are secure from the start, the Kiuwan team is planning an all-new lineup of free, live webinars. Over the past several months, our webinars have delivered training on essential aspects of Kiuwan solutions and...

read more
AppSec or Just Smart Software Development?

AppSec or Just Smart Software Development?

The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...

read more
AppSec or Just Smart Software Development

AppSec or Just Smart Software Development

The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...

read more
SAST and SCA: Putting the Puzzle Together

SAST and SCA: Putting the Puzzle Together

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the...

read more