Kiuwan Application Security Blog
Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.
3 Steps To Better Code
No matter the project, no matter the industry, having secure, quality code is a critical factor to an organization’s success. If the code quality is lacking, or if there are significant vulnerabilities, a business risks financial losses and resource drain. IT...
Accelerate Digital Transformation With Code Security
Organizations are increasingly embarking on digital transformation journeys. The transformation is enabling them to keep pace with the competition, optimize IT asset security, and meet evolving user expectations. It is helping enterprises sustain and maintain their...
Leveraging Kiuwan Against ‘Not the New Normal’ Cyber Attacks
With over 700 million attempted ransomware attacks in 2021, it's natural to assume that major cyber attacks and data breaches are the new normal, just an unavoidable side effect of life in the Fourth Industrial Revolution. However, this defeatist attitude is part of...
The Lines of the Security Perimeter are Becoming Blurred
The traditional method of mitigating security risks by securing the perimeter is losing effectiveness. As society moves to remote and hybrid work, and as more smart devices are tied into the Internet of Things (IoT), security teams now have to secure multiple access...
3 Reasons Why Your Should Use Kiuwan
Cyber attacks happen every 39 seconds. The University of Maryland found that these attacks affect almost 1 in 3 Americans every year. As we are adopting digitization more and more, developing secure applications and solutions has become more crucial than ever. Data is...
Developing Data Security for Finance / Banking
The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.
Kiuwan 101
Before jumping on the DevOps security solutions bandwagon, businesses need a Kiuwan 101 introduction to understand which challenges Kiuwan solves and how it makes application security testing a breeze. Keep reading to find out.
Combining Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Tools
Learn how cybersecurity teams can combine SAST and SCA into a comprehensive cybersecurity strategy.
Are Supply Chain Attacks Caused by Open Source Software (OSS) Dependencies?
Although Open Source Software provides many advantages, such as affordability and flexibility, the programs and their components can introduce security risks and vulnerabilities to a company.
Women Making Digital Waves Throughout History
The month of March is National Women’s History month and as part of our social campaign we wanted to continue to celebrate this with a special blog! The tech industry is traditionally heavily dominated by men, however there have...
Why Accurate Software Inventory Is Essential
Open source code is cost-effective, flexible, and agile, it also poses some serious security and liability risks. This is why software inventory is essential.
Overcoming Microservices Architecture Risks
Microservices architecture gives developers a flexible, scalable, agile solution for building high-performing apps that quickly deploy. It has been widely adopted because of its game-changing benefits. However, developers must overcome some challenges and risks to implement solutions with microservices effectively.
Cloud Native – A Developers View
Cloud technology has ushered in a new era for businesses, laymen, and the developers who are behind all the applications. Cloud-native technology is essentially about speed and agility, which have become more like necessities for business systems. Of course, at the heart of it all is the cloud infrastructure. Three of the most prominent cloud service providers include Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Using Software Composition Analysis to Mitigate Development Risk
There are ways for developers to deal with potential threats and assure software security. Software Composition Analysis (SCA) comes in handy for checking vulnerabilities and licensing issues line-by-line.
The API Security Top 10 List
In an effort to increase API security, the Open Web Application Security Project (OWASP) maintains a list of the top 10 security risks.
How to Safely Leverage Open Source in Your Codebase
All major innovations in recent years, including cloud computing, big data, and artificial intelligence, have been built in open source ecosystems. According Gartner, most organizations use some form of open-source assets within their critical applications.
Why Your Team Needs a Security Champion
Application security testing is the need of the hour for organizations that want to be secure. Although it’s a difficult task, a security champions program can enthuse teams to work together and build secure applications from the ground up.
Remediate Log4j Risk: A Warning From the FTC
Stick with us to find out everything you need to know about the Log4j vulnerability and how to keep your business and its applications safe from the potential exploit.
Modern Application Development Risks
There are many risks to be found in modern application development. Still, development risks can be reduced, if not eliminated, by following DevSecOps practices designed to identify those risks and resolve them before they create problems.
Data Breaches Are More Expensive Than They Seem
Data Breaches are more expensive than they seem, recent reports have shown that ransomware cost much more than they appear on the surface, notifaction, escalation, notifcation, lost business and response costs.
A Developers Guide To Managing Open Source Code Risks
The power of open source code lies in the massive number of developers who contribute to it and test it. However, the same elements that make open-source code so appealing also make it vulnerable to security risks.
What the Log4j vulnerability means for your business
What the Log4j Vulnerability Means for Businesses Most businesses using Apache's open-source Log4j logging framework should already know about the vulnerability in the system. Known as Log4Shell or CVE-2021-44228, this vulnerability requires urgent action. Left...
Most Severe Cyberattacks of 2021
Cyberattacks have become increasingly prevalent since the start of the COVID-19 pandemic. Many employees working remotely. In 2020 alone, malicious emails have gone up by 600%.
Everything You Need To Know About Zero Trust
Zero Trust practices help organizations control and monitor who has access to their assets through the use of “least privilege access” principles.
Travis CI | Kiuwan Integration
Travis CI X Kiuwan Integration Connect Kiuwan with your Travis CI workflow, this new integration is designed to empower teams to seamlessly add security to any development project. This relatively simple Typesrcipt project can seriously simplify the way teams...
5 Steps To Enhance Developer Security
Developer play a crucial role in enhancing security and ensuring high performance throughout the development pipeline. Baking security into the code is more effective and efficient than testing a release candidate after the fact, only to be forced into corrective action.
The Full Extent of the Twitch Hack
Once believed to be indestructible, big tech companies like LinkedIn, Adobe, and even Facebook have succumbed to data breaches, hacks, and leaks in recent years.
The latest of these is the hack of livestreaming site Twitch.
Cybersecurity Trends — How IT Security Will Evolve in 2022 and Beyond
The advent of new technologies such as artificial intelligence/machine learning (AI/ML), robotic process automation (RPA), cloud computing, and no-code or low-code platforms, has been changing the way organizations deliver their offerings.
Idera DevTools: Kiuwan Podcast
In today's episode of the Idera DevOps Tools Podcast, we are joined by Alexander Goodwin & JD Burke of Kiuwan. JD is the Lead Solutions Engineer at Kiuwan and provides us with a complete overview of the value and efficacy of Application Security Testing. Learn more:...
OWASP Top 10 for 2021: A Summary
Want to learn how to design more secure web applications? Here’s what to look out for, according to the latest OWASP Top 10 vulnerabilities list.
Speed or Security in Development: Managing the Tradeoff
Speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a regular and consistent stream of updates, often comes at the cost of security in Development
What Businesses Can Learn from the Recent T-Mobile Hack
August 14, 2021, news started to trickle out that T-Mobile, the second largest wireless carrier in the USA, had suffered a data breach.
Creating A Developer First Security Approach
92% of organizations do business in the cloud and nearly half of all corporate data is stored in the cloud. Cloud-based business creates efficiencies and cost-savings, but may also prove an attractive target for threat actors.
How to stop malicious actors in software supply chains
Supply chain attacks result in millions of dollars in lost revenue, reduced consumer confidence, damaged reputations, and disruption of services.
DevSecOps Focus: On the Way to Secure Source Code
Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test apps for vulnerabilities and bugs during the development process. These...
Application Security and Ransomware
Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle
Maximizing Development ROI Through DevSecOps
Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.
How to Secure Remote Workers and the Data They Work With
What about remote employees who are connecting from home? Each must access company software and work with sensitive data without exposing their work product to hackers and other unwanted viewers.
Overview of CyberThreats for 2021
There’s a surprising degree of consensus as to the cyberthreats that pose the biggest and most persistent dangers.
Safely Using Third-Party Code in Your Applications
Third-party code is any code written by an external entity that a software application includes. From a parameterized include file to a robust library.
Tips for Developing Secure Financial Applications
Most financial services providers have an option that customers can use to access various services at their convenience. Unfortunately, security continues to be a cause of concern for anyone planning to enroll in mobile/online banking services.
Increasing Development Pipeline Efficiency
Software development organizations define success by providing the right products to their customers that meet quality, schedule and budgetary constraints.
It includes specification, design, development, testing, quality assurance, building and deployment. Increasing the efficiency of the development pipeline makes happier customers and generates higher profits.
Identity Management Outlook for 2021
Earlier this year saw the celebration of the first Identity Management Day to punctuate the importance of protecting cyberspace identities.
Proactive Security Scanning and Testing Pre-Empts Attacks
Best security practices dictates that avoiding trouble is faster, cheaper and easier than fixing trouble after it manifests.
Post-Pandemic Hybrid Office Models Bring New Security Concerns
As 2021 reaches its halfway point, many businesses are transitioning back toward more on-premises operations, but some analysts believe that a hybrid workforce will be the new normal. In a hybrid model, the workforce is made up of both on-premises and remote workers, with many of those workers splitting time between home and the office.
Are Some Programming Languages More Secure than Others?
Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.
Prestidigitation: the Heart of Social Engineering
Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.
The 2021 CISSP Exam and Application Security: What’s Changed?
CISSP is one of the most prestigious vendor-neutral information systems security leadership certifications. The certification is a credential that signifies its holder possesses professional experience and demonstrates a high level of knowledge across information systems security domains.
The State of Mobile App Security 2021
The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in perspective: according to Statista the total number of mobile...
The Colonial Pipeline Ransomware Attack
On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.