kiuwan blog

Kiuwan Blog

Your News Source for Application Security & Related Topics.

Understanding The Colonial Pipeline Ransomware Attack

Understanding the Colonial Pipeline Ransomware Attack

Facebook Scraping

Facebook Scraping Incident Leaks Info for a Half-Billion Users

Pandemic Legacy: Remote Work and Digital Transformation

Pandemic Legacy: Remote Work and Digital Transformation

How NIST SP 800-53 Revision 5 Affects Application Security

How NIST SP 800-53 Revision 5 Affects Application Security

Biggest Cloud Breaches Of 2020

Biggest Cloud Breaches of 2020

Understanding RASP, and Putting It to Work

Understanding RASP, and Putting It to Work

Managing API Security For AI Programming

Managing API Security for AI Programming

Securing Serverless Applications. Kiuwan

Securing Serverless Applications

Comprehesive Guide to CyberInsurance

Comprehensive Guide to Cyber Insurance

Canary in a Coal Mine: Detecting Cyber Attacks Early

Canary in a Coal Mine: Detecting Cyberattacks Early

Getting Ahead of Payment Card Security Threats

Getting Ahead of Payment Card Security Threats

Securing Cloud Access in Applications

Securing Cloud Access in Applications

Supply chain attack

Beyond SolarWinds: Guarding Against the Rising Threat of Supply Chain Attacks

healthcare professional stopping cyber attack

Healthcare Sector Application Security: Preventing Threats from Becoming Attacks

Data in a secure vault

7 Database Security Principles and Practices

security camera pointed at vault door

Cybersecurity Trends in Fintech

Laptop computer, dice, gaming equipment

Gambling with Security: Mitigating Threats to Online and Mobile Gaming

Release announcement banner with computer and parachute

Release Announcement — January 28, 2021

KI-Solarwinds-Hack-Timeline-600

A Timeline of the Solarwinds Hack: What We've Learned

VirtualCISO600x314

Virtual CISO: Leveraging External Security Expertise

RemoteAccessSecurityManagementy_600x314px_LB

Secure Remote Access: Keeping Employees and the Organization Safe

Software development team productivity

6 Threats to Development Team Productivity

cybersecurity lock over globe

Rethinking Application Security in a Post-Pandemic World

Cyber crime tree with apples

Low-Hanging Fruit: The Top 8 Cybersecurity Vulnerabilities in Enterprise Software

BlogHeaderWhichAppSecurity&QualityMetricsShouldYouBeTracking_600x314px_LB

Which App Security & Quality Analytics Should You Be Tracking?

DevOps image examined by microscope

The Role of SAST in DevSecOps

OpenSSF Logos

OpenSSF Takes a Collaborative Approach to Open Source Security

Threat_Intelligence_600x314px_LB

Introduction to Cyber Threat Intelligence

Understanding-OWASP-ASVS_600x314px_LB

Understanding OWASP ASVS

Kiuwan_G2_Fall_2020_600X314

Kiuwan Shines in the Fall 2020 G2 Grid Report

Firmware-vulnerabilities600x314px_LB

What Makes Firmware Vulnerabilities So Deadly?

Tips-mobile-security600x314

8 Tips for Mobile App Security

CyberSecurity600x314

October is Cybersecurity Awareness Month

Threat Modeling in DevSecOps

Threat Modeling's Place in DevSecOps

Release announcement banner with computer and parachute

Release Announcement – September 23, 2020

Blog-least-privilege-600x314

Putting the Principle of Least Privilege to Work for Web Apps

BlogAutomationBadHabits_600x314

Automation Doesn't Fix Bad Habits

Strategies-Patching-Updating-Code-Wide-Deployment 600x314

Strategies for Managing Widely Deployed Code with Kiuwan

BlogTheStranglerPattern_600x314px_LB

Use the Strangler Pattern to Refactor Legacy Apps

KI-Web-Security-Blueprint-600x314

Create a Web Application Security Blueprint

DevSecOps700x468

Managing Open Source Vulnerabilities in DevOps

blog-header-kla-met-containers-600x314-1

When KLA Met Containers

,
webinar-featured_image_600x314-final

Upcoming Webinars Focus on IDEs & Integrations

,
webinar-featured_image_600x314-final

Upcoming Webinars Focus on IDEs & Integrations

,
Release announcement banner with computer and parachute

Release Announcement – July 22, 2020

,
AppSecvSmartSoftware 600x314-2

AppSec or Just Smart Software Development?

CS669-KI-SASTandSCAWorkBestWhenCoupledTogether_LB_600x314

SAST and SCA: Putting the Puzzle Together

DevSecOps is a Team Contact Sport

DevSecOps Is a Team Contact Sport

DevOps Approach to Code Security

Understanding the DevOps Approach to Code Security

Cybersecurity and Voice Assistants

Cybersecurity: How Safe are Voice Assistants?

Release announcement banner with computer and parachute

Release Announcement – June 3, 2020

,
What devsecops teams can learn from Covid-19

What DevSecOps Teams Can Learn from COVID-19

Why is security IOT's biggest concern blog banner

Why is Security IoT's Biggest Concern?

Why is security IOT's biggest concern blog banner

Why is Security IoT’s Biggest Concern?

Scanning code for vulnerabilities banner

Scanning Code for Vulnerabilities: One-at-a-time or Continuous?

Release announcement banner with computer and parachute

Release Announcement – May 12, 2020

,
A man cannot access his laptop because he forgot his password

How to Teach Your Team to Make Secure, Memorable, and Unique Passwords Every Time

Analyze your Assembla repository with Kiuwan

Automatically Scan your Assembla Repository with Kiuwan Code Security

,
KI-Secure-Blockchain-FB

7 Tips on Secure Blockchain: What You Need to Know.

A man pays with credit card on a pc while buying online

8 Tips on Keeping Safe When Buying Online

Banner for Understanding and Managing Open-Source Risks

Understanding and Managing Open-Source Risks

Banner for Timeline of Breaches in 2019

A Timeline of Major Data Breaches in 2019

Is Cross-Site Scripting still a thing banner

Is Cross-Site Scripting Still a Thing?

Surprises about how artificial intelligence affects cybersecurity banner

3 Surprises About How Artificial Intelligence Affects Cybersecurity

Kiuwan is a high performer in the g2 grid

Kiuwan a High Performer in the G2 Grid

,
Banner for Kiuwan On Premises Distributed Version announcement with picture of padlock on laptop

Announcing the Release of Kiuwan On-Premises Distributed Version

,
Banner for OWASP top 10 mobile blog post with an image of a phone and a fishing hook.

OWASP Top 10 for Mobile: All You Need to Know

Ransomware protection banner with umbrellas protecting from bugs

Ransomware Attack Prevention: Protecting Against 8 Common Attacks

Release announcement banner with computer and parachute

Release Announcement – March 5, 2020

,
Banner for blog post on Using Threat Intelligence to Boost Your Organization’s Security Posture

Using Threat Intelligence to Boost Your Organization’s Security Posture

A woman looks at twitter feed

10 AppSec Twitter Accounts to Follow

Release announcement banner with computer and parachute

Release Announcement – February 13, 2020

,
banner for difference between Kiuwan local analyzer and the IDE plugin

Kiuwan Local Analyzer or IDE Plug-In: What’s the Difference?

banner promoting Go as new supported language

Announcing Support for Go

,
Programming language trends banner with pac man imagery

Programming Language Trends In 2020

Four padlocks with SAST, IAST, DAST and SCA written on them

DAST, SAST, IAST and SCA: Which security technology is best for me?

a figure representing hybrid wins over a figure representing cloud

Food for Thought: On-premises Goes Hybrid

hands placed on a laptop with browser icons displayed

Announcement: End of Support for TLS 1.0 and 1.1.

a hacker programs in a dark room on webapps

The Cyberthief’s New Best Friend: Web Apps

a hacker programs in a dark room on webapps

The Cyberthief's New Best Friend: Web Apps

Why Hackers Attack – The Motives Behind Attackers

Cybersecurity Predictions for 2020

breach-600

Communicating with Customers in the Event of a Breach

A padlock protects a computer with WASC compliance

WASC Compliance: Guarantee App Security

Hand with stetoscopes checks for hipaa compliance in the code

HIPAA Compliance for Secure Health Software

expensive-security-breaches

The Top 10 Most Expensive Security Breaches

holes-hide

The Favorite Places For Security Holes To Hide

Owasp Benchmark

DIY: Generate OWASP Benchmark Results for Kiuwan Code Security

sans-top-25

SANS Institute Top 25 Software Errors

CERT Compliance: Provide Security For Your C Applications

CERT Compliance: Provide Security For Your C Applications

Guarantee ISO Compliance With DevSecOps Processes

Guarantee ISO Compliance With DevSecOps Processes

standardspost1

Security Standards in Software Development

misra

MISRA: Software Development Guidelines For The C Programming Language

continuous integration

Continuous Integration In a Nutshell

owasptop10-10

OWASP Top 10 2017 – A10 Insufficient Logging & Monitoring

owasptop10-8

OWASP Top 10 2017 – A8 Insecure Deserialization

PCI DSS: All you need to know about it

PCI DSS: All you need to know about it

a5

OWASP Top 10 2017 – A5 Broken Access Control

Cobol and RPG: Cobol and RPG: Security in business-oriented languages

Cobol and RPG: Security in business-oriented languages

SOAR: Security Orchestration Automation Response

SOAR: The Future of IT Security

C# OWASP Top 10: How to Discover Vulnerabilities in a C# Web Application

Black Hat USA 2019

Looking Ahead to Black Hat USA 2019

owasp-java

OWASP Top 10: How to Find Vulnerabilities in Your Java Applications

Bad Guys Love Rest: REpresentational State Transfer

Bad guys love REST

10 Common Software Security Weaknesses

10 Common Software Security Weaknesses

open source license comparsion

Open Source Licenses: A Comparison Of The Most Popular Types

800 (1)

Cybersecurity Trends in 2019

5stepssast-600x338

5 Steps to Integrate SAST in Your DevSecOps Process

best-practices

4 Best Practices for Security Testing in Your SDLC

why-sast-crucial

Why SAST is Crucial for The Security of Web and Mobile Applications

top5-swift

Top 5 Security Mistakes When Developing Applications In Swift

six-predictions-(1)-SI

6 Cybersecurity Predictions for 2019 and Beyond

Test2

5 Reasons Why Open Source is Good for Your Company

thebenefits

The Benefits of a DevSecOps Approach to the SDLC

5ways

5 Ways DevSecOps is Changing the Security Lifecycle

idera

Idera, Inc. Acquires Kiuwan and Bolsters Testing Tools Business with Application Security and Code Testing Capabilities

how-to-implement-devsecops-SII

How to Implement DevSecOps with Your Team

Cybersecurity predictions for 2018 and beyond

Cybersecurity Predictions for 2018 and Beyond

Major data breaches in 2018...So far

Major Data Breaches In 2018…So Far

How much does a data breach cost?

How Much Does a Data Breach Cost?

Coolest Open Source projects for 2018

Coolest Open Source Projects for 2018

How

How Open Source Is Democratizing Technology

Understanding Open Source Licensing

Understanding Open Source Licensing

How to succeed as an Open Source developer

How to Succeed as an Open Source Developer: From Education to Contributor

worst-mistakes

The Worst AppSec Mistakes

5-benefits-sast-x600

Five benefits of using Static Application Securites Testing (SAST) along with Other Security Solutions

The true cost of cybercrime for companies

The True Cost Of Cybercrime For Companies

The biggest security threats of 2018

The Biggest Security Threats of 2018

Open Source Trends of 2018: from openstack to the internet of things

Open Source Trends for 2018: From OpenStack to The Internet of Things

Democratic software: Open Source

Democratic Software: Open Source

Why Open Source? Six major advantages from a security perspective

Why Open Source? Six Major Advantages From a Security Perspective

GDPR makes appsec more imporant than ever

GDPR Makes Appsec More Important than Ever

tips to improve DevSecOps

5 Top Tips to Improve your DevSecOps Practices

Devsecops: follow the leader

DevSecOps: Follow the Leader

Why Companies Need to Know About the OWASP Application Security Verification Standard (ASVS)

Why Companies Need to Know About the OWASP Application Security Verification Standard (ASVS)

dont-get-hacked

Don’t Get Hacked: 5 Important Ways to Protect Your Company’s Assets

OWASP resources for developers

OWASP Resources for Developers

Code analysis methods

Code Analysis Methods

GDPR: General Data Protection Regulation

GDPR – General Data Protection Regulation

Owasp top 10 2017 – A4 XML External Entities (XXE)

Owasp top 10 2017 – A4 XML External Entities (XXE)

NIST - SAMATE

NIST – SAMATE

what-is-application-security-1-si

What is Application Security?

Banner for how Shift Left is Implemented in DevSecOps

How to Implement Shift Left in DevSecOps

7 Reasons Why Incorporating DevOps is Important

7 Reasons Why Incorporating DevOps is Important

DevSecOps: Building a Culture of Responsibility for Network Security

DevSecOps: Building a Culture of Responsibility for Network Security

Application Inventory Management

Application Inventory Management

static-analysis-automated-tests (1)

Static Analysis in Automated Software Quality Tests

Why Automated Code Reviews Need to Include Security Audits

Why Automated Code Reviews Need to Include Security Audits

gain-full-control

Gain full control of open source components

application-sec-in-devops-SI

Application Security in Devops

A9

OWASP Top 10 2017 – A9 Using Components with Known Vulnerabilities

OWASP A3 Sensitive Data Exposure

OWASP Top 10 2017 – A3 Sensitive Data Exposure: Identify Your Weaknesses

OWASP TOP 10 2017- A6 security Misconfiguration

OWASP Top 10 2017 – A6 Security Misconfiguration

OWASP TOP 10 2017- A7 Cross-site Scripting (XSS)

OWASP Top 10 2017 – A7 Cross-site Scripting (XSS)

OWASP TOP 10 2017- A2 Broken Authentication

OWASP Top 10 2017 – A2 Broken Authentication

Captura

Lechazo Conf 2017

CWE Common Weakness Enumeration

CWE Common Weakness Enumeration

OWASP TOP 10 2017- A1 Injection

OWASP Top 10 2017 – A1 Injection

The OWASP Benchmark & Kiuwan

The OWASP Benchmark & Kiuwan

Application Security — Why Businesses Need Application Security

Application Security — Why Businesses Need Application Security

sql-injection-avoid

SQL Injection and How to Avoid It

Suppress false positives in your code analysis

Suppress false positives in your code analysis

Pentesting: What it is and how it works

Pentesting: What it is and how it works

python-analysis

Python Code Analysis with Kiuwan

14-tips-for-angular-si

14 tips for developing AngularJS applications

Code Analysis of Twitter’s DistributedLog

Code Analysis of Twitter’s DistributedLog

Avoid duplicated code with clone detector

CIOs vs Technical Debt: A burden for innovation

CIOs vs Technical Debt: A burden for innovation