Kiuwan Application Security Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan application security blog
The Full Extent of the Twitch Hack

The Full Extent of the Twitch Hack

Once believed to be indestructible, big tech companies like LinkedIn, Adobe, and even Facebook have succumbed to data breaches, hacks, and leaks in recent years.
The latest of these is the hack of livestreaming site Twitch.

read more
Idera DevTools: Kiuwan Podcast

Idera DevTools: Kiuwan Podcast

In today's episode of the Idera DevOps Tools Podcast, we are joined by Alexander Goodwin & JD Burke of Kiuwan. JD is the Lead Solutions Engineer at Kiuwan and provides us with a complete overview of the value and efficacy of Application Security Testing. Learn more:...

read more
Creating A Developer First Security Approach

Creating A Developer First Security Approach

92% of organizations do business in the cloud and nearly half of all corporate data is stored in the cloud. Cloud-based business creates efficiencies and cost-savings, but may also prove an attractive target for threat actors.

read more
DevSecOps Focus: On the Way to Secure Source Code

DevSecOps Focus: On the Way to Secure Source Code

Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test apps for vulnerabilities and bugs during the development process. These...

read more
Application Security and Ransomware

Application Security and Ransomware

Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle

read more
Developing Data Security for Finance / Banking

Developing Data Security for Finance / Banking

The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.

read more
Maximizing Development ROI Through DevSecOps

Maximizing Development ROI Through DevSecOps

Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.

read more
Tips for Developing Secure Financial Applications

Tips for Developing Secure Financial Applications

Most financial services providers have an option that customers can use to access various services at their convenience. Unfortunately, security continues to be a cause of concern for anyone planning to enroll in mobile/online banking services.

read more
Increasing Development Pipeline Efficiency

Increasing Development Pipeline Efficiency

Software development organizations define success by providing the right products to their customers that meet quality, schedule and budgetary constraints.

It includes specification, design, development, testing, quality assurance, building and deployment. Increasing the efficiency of the development pipeline makes happier customers and generates higher profits.

read more
Post-Pandemic Hybrid Office Models Bring New Security Concerns

Post-Pandemic Hybrid Office Models Bring New Security Concerns

As 2021 reaches its halfway point, many businesses are transitioning back toward more on-premises operations, but some analysts believe that a hybrid workforce will be the new normal. In a hybrid model, the workforce is made up of both on-premises and remote workers, with many of those workers splitting time between home and the office.

read more
Are Some Programming Languages More Secure than Others?

Are Some Programming Languages More Secure than Others?

Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.

read more
Prestidigitation: the Heart of Social Engineering

Prestidigitation: the Heart of Social Engineering

Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.

read more
The 2021 CISSP Exam and Application Security: What’s Changed?

The 2021 CISSP Exam and Application Security: What’s Changed?

CISSP is one of the most prestigious vendor-neutral information systems security leadership certifications. The certification is a credential that signifies its holder possesses professional experience and demonstrates a high level of knowledge across information systems security domains.

read more
The State of Mobile App Security 2021

The State of Mobile App Security 2021

The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in perspective: according to Statista the total number of mobile...

read more
The Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware Attack

On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.

read more
Release Announcement – June 16, 2021

Release Announcement – June 16, 2021

We are pleased to announce the availability of the latest Kiuwan update! Released on June 16, 2021, this update includes new features and some bugfixing, described below.   The Oauth2/OIDC Integration project, a new feature Nowadays, many organizations...

read more
Pandemic Legacy: Remote Work and Digital Transformation

Pandemic Legacy: Remote Work and Digital Transformation

The COVID-19 pandemic drove many companies to rapidly expand their support for remote work. This change was not simply to appease a changing workforce; it was simply to survive. When most of the workforce was suddenly told to stay home, many organizations had to...

read more

Major Data Breaches In 2018…So Far

Data is the new gold. It is a resource that creates and destroys power. With it, individuals, companies, and governments can sway public opinion, gain insight into the competition, and develop the most strategic plans. So it is for this reason that data breaches have...

read more

Suppress false positives in your code analysis

One of the obstacles any static analysis tool encounters is the ease with which developers can manage defects that are not pertinent to their development. Oftentimes these “defects” for whatever reason simply do not apply. The most known case of such defects is false...

read more

The True Cost Of Cybercrime For Companies

We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true—even inevitable—then cyber crime, by definition, is...

read more

The Worst AppSec Mistakes

Application security people, like anyone else, can make mistakes. Hasty actions and bad assumptions lead to a less complete discovery of flaws — or to outright disaster. In the worst case, A clumsy attempt to discover security problems can itself cause a breach....

read more

Understanding Open Source Licensing

Open source licensing isn’t very complicated as license agreements go. Even so, some people find it confusing, and businesses need to pay close attention to how the licenses work. Making a mistake in one direction can result in legal action. Erring in the other...

read more

lechazo conf 2017

Returning from Saturday’s LechazoConf 2017, a conference about failures (and successes) of entrepreneurs/startups in Castilla-Leon (and Spain). I enjoyed the conference! Organization was awesome, content was nice, and the lechazo was great (I am from Traspinedo in...

read more

What is Application Security?

The conversation surrounding application security could go a thousand different directions, technology is a massive landscape after all. For the purposes of this discourse, our focus will be on three particular arms of appsec. Perhaps we could call them the Godfather,...

read more

GDPR – General Data Protection Regulation

The GDPR is Promoting a Culture Change About Data Privacy The importance and need for security has never been greater, in particular with personal and data security. Among all the great benefits of technology, the internet and the resulting connectivity of...

read more
How NIST SP 800-53 Revision 5 Affects Application Security

How NIST SP 800-53 Revision 5 Affects Application Security

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce that, among other things, maintains physical science laboratories and produces guidance for assessing compliance with a wide range of standards.

read more

How to Implement DevSecOps with Your Team

DevOps has been a revolution in software development. It brings together software creation, deployment, and management into a single process. Development and operations may become a single team; if not, the teams work very closely together. The benefit is better...

read more

How Open Source Is Democratizing Technology

Many of the software products that everyone uses are open source. The Linux operating system, the Apache Web server, and a large number of software development systems are all open-source software. Their being open source is one of the reasons they’re so widely used....

read more

How Much Does a Data Breach Cost?

Cybersecurity often seems like an expensive proposition to many companies. There are annual evaluations to make sure you’re maintaining compliance, expensive programs to put in place, and extensive measures that have to be taken in order to provide true protection to...

read more

Gdpr makes appsec more important than ever

With the coming of GDPR, the stakes in application security get still higher. There are plenty of reasons for concern already; theft of confidential data can lead to liability, serious financial losses, and damage to reputation. GDPR adds fines as high as 10 million...

read more

Gain full control of open source components

Almost every developer relies to some degree on open source software, and it’s tough to beat the flexibility of open use and distribution licensing. However, it’s also critical that all developers understand how to control open source components. There are a...

read more

Effectuez vos mesures et analyses en un clic

Les analyses du code revêtent une importance économique Les analyses de codes (sécurité, rendement…) représentent des thèmes d’une importance économique substantielle. Cette importance justifie la nécessité d’effectuer des mesures précises, à l’aide de métriques...

read more

DevSecOps: Follow the Leader

When we think of security, especially the deep embedded and core measures introduced by DevSecOps, we often think of these measures in terms of insurance – and rightly so. We associate such security measures with protection, like keeping the software development...

read more