AppSec Blog
Keep up with the latest news on cybersecurity, technical trends, and programming best practices.
5 Reasons to Check Code for Vulnerabilities Before Shipping
Code vulnerabilities are among the leading causes of data and security breaches, alongside human errors. This is because, at the beginning of software development, developers often focus more on...
How to Choose the Best SAST Tools
The scope and number of cyber threats facing developers are growing every day. It’s vital for companies to adopt robust security measures to safeguard their sensitive data and mitigate the risk of...
How to Choose Code Scanning Tools
For as fast as the software development process can go, it’s all too easy for application security to become an afterthought. However, the right code scanning tools can make app hardening an organic...
How to Prevent Reverse Shell Attacks
Reverse shell attacks are one of the most common threats businesses have to face today. Even more, hackers are getting better and better at using them to compromise your organization’s security and...
A Developer’s Guide to Open-Source Code Management
The power of open source code lies in the massive number of developers who contribute to it and test it. However, the same elements that make open-source code so appealing also make it vulnerable to security risks.
Vulnerability Scanning vs Penetration Testing: Key Differences
When it comes to cybersecurity, there are two critical processes to help ensure your system is well-protected from malicious actors; vulnerability scanning and penetration testing. While both...
App Security Is Reputation Security
According to a 2023 report by IBM, the average data breach cost has risen 15% over the last three years to a staggering 4.45 million US dollars. As a result, 51% of companies have increased their...
7 Common App Security Misconfigurations
Everyone makes mistakes at work. That's human nature. People get distracted and forget things. Most of the time, it’s no big deal. For one Pentagon staffer, however, a simple oversight led to a data...
Why Automated Code Review Is Essential for App Security
With cyber threats evolving at an alarming rate, safeguarding your applications against vulnerabilities has never been more critical. Cybercrime is currently projected to cost approximately $10.5...
Common Types of Software Vulnerabilities to Protect Against
In order to improve your team’s ability to anticipate potential issues and guard against them, it's essential to have a solid understanding of the many types of software vulnerabilities. While there...
SAST vs. SCA: What’s the Difference?
Many different types of security tests are available to developer teams. However, some can only work in specific environments, and others might only work once the application is running. That’s...
How Much Does Poor Source Code Quality Cost?
To boost your bottom line, you must produce top-notch code and identify and fix all instances of low-quality code. Low-quality code refers to poorly written code containing bugs and readability...
The Benefit of Using SAST Testing Tools During Code Review
With malicious actors getting smarter than ever, developers need to stay one step ahead when protecting their applications from security threats. However, it can be challenging to rely solely on...
Scared of a Data Breach? You Should Be
Data breaches are not only a massive headache for companies to deal with — they can also cause severe legal and financial implications. Software developers and companies have become more wary of...
Coding With AI? You Need a Security Partner Like Kiuwan
Great code isn’t easy to write. Despite the many blog posts that promise people can learn to code in a few weeks with the latest boot camp, most developers take years to hone their craft. Computers...
What Do App Developers Need to Know About Automated Threats?
Did you know that 2,200 cyber attacks happen every single day? With that sort of relentless onslaught, it might make you wonder who has that much time on their hands. But, the reality we know all...
7 Causes of Open-Source Integration Headaches (and How to Avoid Them)
Open-source software lets businesses leverage the power of the best and brightest developers in the world. It can drastically increase productivity and reduce time to market by providing a shortcut...
5 Tips to Build a Culture of Security at Your Company
Despite increased cybersecurity capabilities and awareness, threat actors' sophistication has increased in parallel, leading to an uptick in cyberattacks. A 2023 IBM report placed the global average...
What Are Code Vulnerabilities?
In today's world, where most of our lives revolve around apps and software, a single flaw in an application's codebase can wreak havoc. These flaws, more often called code vulnerabilities, serve as...
What Is a Software Bill of Materials (SBOM)
In 2021, President Joe Biden signed an Executive Order highlighting the importance of the software bill of materials (SBOM) in cybersecurity. While SBOMs existed even before the Executive Order...
Cybersecurity in America: Top States Affected pt 2: TX, GA, NJ
The United States of America is home to some of the world's most sophisticated and advanced software ecosystems. As such, it tops the charts as a prime target for modern cybersecurity challenges,...
Kiuwan Shines in G2 Fall 2023 Grid Report
The season of revelations is upon us once again! G2 has published its eagerly awaited Fall 2023 Grid Reports. Spanning a vast landscape of over 16,000 products in more than 1,000 categories, these...
Cybersecurity in America: Top States Affected pt 1: CA, FL, NY
The surge in cyberattacks, data breaches, and ransomware incidents affecting critical systems in the U.S. led the White House to issue a National Cybersecurity Strategy in March of 2023. While...
What Is Endpoint Management and Does It Affect App Security?
Endpoint security is a critical component in a comprehensive approach to application security. As applications often interact with various endpoints — devices like laptops, smartphones, and tablets...
What Is Continuous Integration and Continuous Delivery (CI/CD)?
Thousands of apps are released every year. A study by Burga in 2021 revealed that developers published over 355,000 apps on Apple’s App Store alone, each day seeing an average of about 1,000 apps....
Multi-Factor Authentication: A Developer’s Defense Against Unauthorized Access
As we gear up for Cybersecurity Month 2023, with a spotlight on multi-factor authentication (MFA) as one of its central themes, the urgency of fortifying our digital defenses is clearer than ever....
Why Does Source Code Quality Matter?
Are you in the realm of quality assurance? Do you find yourself constantly reacting to source code issues instead of preventing them? If so, you might have a problem — and opportunity — when it...
The Developer’s Role in Ensuring Software Update Security
The undeniable role of software updates in cybersecurity As cyber threats continue to evolve, the role of software updates in cybersecurity cannot be...
Maintaining Application Security During a Cybersecurity Talent Shortage
Hiring and retaining quality cybersecurity talent is harder than ever. According to the 2022 Cybersecurity Workforce Study, there is a 3.4 million global shortage of cybersecurity...
What to Do After a Data Breach
For many of us, one of the worst professional scenarios we can fall victim to is the dreaded data breach. However, as companies expand their digital footprint, so does their risk of experiencing...
What Is Software Composition Analysis (SCA)?
With software development progressing quickly, many developers turn to third-party and open-source components to speed up the build process and add requested user functionality. That opens the door...
Maintaining Security With AI Programming Tools
The technological landscape has undergone seismic changes in the past decade, with artificial intelligence (AI) being at the forefront of this transformation. For software developers, AI tools are...
AI: How It Is Changing Application Security Testing
As organizations increasingly rely on digital solutions to stay competitive, the importance of application security has skyrocketed. In response to this growing need, AI is stepping into the...
What’s New in the OWASP Top 10 for 2023?
The need for application security has never been greater. In a world where technology is ubiquitous and applications are key to day-to-day operations, organizations must protect their data against...
Top 5 Best Practices for Developers on Preventing SQL Injections Attacks
2022 was a busy year for cybersecurity teams as they contended with a wave of sophisticated cyberattacks targeting organizations worldwide. From ransomware and phishing scams to SQL injection (SQLI)...
Is Your Dev Team Using Best Practices for Python Code in 2023?
Python is an extremely popular development language due to its versatility and natural syntax. However, the same factors that make it so popular also make it vulnerable to security breaches. In the...
Understanding Security Differences Between DevSecOps, InfoSec, and DevOps
The world of digital security is constantly evolving, and staying up to date can be overwhelming. It seems there is a never-ending list of terms and new ideas to keep track of. In recent years,...
How AppSec Can Improve Pharmaceutical Security Risks
Pharmaceutical companies face an increased risk of data breaches due to the lack of application security. Recent research has found that pharmaceuticals are among the top three industries for data...
Support Corner: Securing Xamarin Applications With Kiuwan
Unprotected Xamarin apps may be subject to vulnerabilities, reverse engineering, and other attacks. In this month’s support corner, learn how to secure Xamarin apps with Kiuwan.
LATAM Data Breaches: Top 3 Countries Affected
Gone are the days when data breaches were only a concern for countries in the developed world. In today's increasingly connected and fast-growing digital economy, cybercriminals have shifted their...
Women Making Digital Waves Throughout History
As we enter March, let's take a moment to recognize Women's History Month and celebrate the many contributions that women have made throughout history. Women have been at the forefront of innovation...
Support Corner: Improving Code Quality With Kiuwan
Kiuwan is a world-class application security platform. Kiuwan SAST (Code Security) identifies and helps remediate security vulnerabilities in our source code. Kiuwan SCA (Insights) identifies and...
Using JavaScript Safely With Your Projects
Read on to learn about the risks of using JavaScript and the best practices for securely developing JavaScript projects. We’ll also cover how Kiuwan security tools can keep JavaScript projects safe.
Support Corner: Securing Spring Boot Applications With Kiuwan
Spring Boot provides the tools, features, and dependencies needed to build Spring-based apps quickly and easily. For this reason, it has become a popular choice for creating Java web applications...
Top 5 CVE Risks to Watch in 2023
As developers, we know that security is paramount in our projects. But with the ever-evolving nature of cyber threats, staying up to date on the latest vulnerabilities and exposures (CVEs) can be...
Things to Know About AppSec in Europe
The European Union has made significant upgrades to its cybersecurity framework in response to critical infrastructure threats. In order to make Europe a safe place to live and work, the Network and...
2023 AppSec Trends & Predictions
The Application Security (AppSec) landscape is constantly evolving and adapting to the changing times. As more organizations are looking to AppSec to protect their digital assets from malicious...
Support Corner: Securing Android Apps With Kiuwan
We’ve recently worked with several clients in the process of building mobile apps for their organizations. As with desktop, IoT, cloud, and browser-based apps, it is critical to secure our mobile...
Don’t Let Your Cybersecurity Fall Behind During Holidays
Because the holidays are a joyful and festive time of year, it's easy to let your guard down and relax your normally stringent cybersecurity standards. Unfortunately, bad actors won't hesitate to...
The State of Legacy Languages – Where They Stand in Today’s Market
The world of software development is constantly evolving, and legacy languages such as COBOL, Fortran, Perl, and C are becoming increasingly outmoded. Legacy languages are those that have been...
Don’t Be a Grinch: Avoid Holiday Hacking With DevSecOps
With the holiday season rapidly approaching, people all over the world will be making their lists and checking them twice to make sure they have everything they need for the most magical — but also,...
Recap of Cloud Security in 2022
As cloud computing continues to experience double-digit percentage growth, security concerns remain a top priority for many organizations. With sensitive data increasingly stored in the cloud and...
Tips to Stay Safe During Black Friday/Cyber Monday
Two of America’s biggest and busiest shopping days — Black Friday and Cyber Monday — are just around the corner. And as you prepare to shop till you drop, cybercriminals are also hard at it,...
How Holiday Hacking Puts Your Company at Risk
The holiday season brings many good things. Family, presents, decorations, joy, good cheer, peace on Earth, and so on. Unfortunately for anyone working in IT or cybersecurity, the holidays also...
Cybersecurity Awareness Month: Scary Stats to Haunt Your Dev Team
It's that time of year again — the leaves are changing, the air is getting chilly, and cybersecurity threats are lurking around every corner. That's right, it's Cybersecurity Month! And what better...
Cybersecurity Awareness Month: Cyber Attacks on a Global Scale
IBM recently released its Cost of a Data Breach Report for 2022. It's a helpful resource that offers IT, risk management, and security leaders insight into the year’s trends surrounding data...
Cybersecurity Awareness Month: Phishing Scams & Ransomware Prevention in Europe
Since 2004, October has been recognized as Cybersecurity Awareness Month in the United States. Throughout this month, companies and IT professionals across the world should make sure that they’re...
Cybersecurity Awareness Month: Top 5 Programming Languages in 2022 and Their Risks
According to a recent report by IBM, the average data breach will cost over $4.35 million in 2022. That’s why it’s more important than ever for programmers to be aware of the risks associated...
Application Security for Energy Providers
In any industry, cybersecurity threats lurk around every corner. Cybersecurity breaches are costly. In 2021, the average cost of a cybersecurity data breach was $4.24 million, and can substantially...
Seamless DevSecOps Integration Made Easy
The tide of change that’s washed over the world in the past few years has had sweeping implications for how we live and work. It’s estimated that 26% of American workers were fully remote in 2021...
How to Turn False/Positives Off
A common topic of conversation we have with software developers is how to reliably and accurately scan code for vulnerabilities while minimizing the number of false positives. And when false...
Top 3 Notorious Hacking Groups
The application security world is constantly under attack. One of the most common attacks comes in the form of hacker groups. These notorious hacking groups are often organized and motivated by...
A Holistic Look at Cloud-Native App Security
One of the key benefits of cloud computing is that it has given organizations the ability to more quickly accelerate applications to market, providing increased business agility. That means...
Understanding Github Repojacking
Threat actors have been using GitHub's repojacking flaw to hijack and inject thousands of repositories with malicious code. This flaw has yet to be fixed, meaning GitHub users will likely see more...
Collaborating for Better Applications
With the rise of collaborative software development environments, it's more important than ever to ensure that code quality and security are top priorities. After all, when multiple developers are...
Creating a Pervasive Security Approach
Implementing a comprehensive security framework requires a strategy that brings security to the front of every stage of the development process — and zero trust is the answer. Here's how it's done...
How Mature Is Your Application Security?
For the first time in the survey's history, respondents to the Allianz Risk Barometer cited cyber incidents as their number one concern for 2022. This worry isn't surprising, considering...
Understanding the SpringShell Vulnerability in Spring Java Framework
Researchers recently announced the presence of a gaping security hole in Spring, a framework widely used by organizations developing Java applications. Designated CVE 2022 2965 and nicknamed...
A Guide to Security Risks for Financial Services
Banking in the 21st century has brought on new innovations but also new threats. Nowadays, most financial services take place in the digital realm. Financial institutions of all sizes need a...
A 20% Increase In Security Scanning Cadence
Organizations are now scanning for security vulnerabilities at a rate 20 times faster than just a few years ago. The increase in scanning activity is driven by several factors, including the growing...
What PCI DSS 4.0 Means for Payments Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
What PCI DSS 4.0 Means for Banking Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operational requirements for...
What PCI DSS 4.0 Means for Finance Organizations
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
What PCI DSS 4.0 Means for Your Organization
On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...
The Risk to Public Sector Applications
Unless you've been living under a rock, you've heard that cybercrime threatens small- to large-sized organizations across the globe. And not only are public sector organizations not immune, they're...
Looking at a New Threat Vector: Protestware
Since Russia invaded Ukraine, a new threat vector has circulated in the open-source community. This threat vector, known as protestware, involves activists injecting malicious content into...
3 Steps to Better Code
No matter the project, no matter the industry, having secure, quality code is a critical factor to an organization’s success. If the code quality is lacking, or if there are significant...
Managing Development Speed & Security For Banking
In the highly competitive landscape of software development, speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a...
Managing Development Speed & Security For Finance
In the highly competitive landscape of software development, speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a...
Managing Development Speed & Security For The Payments Industry
In the highly competitive landscape of software development, speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a...
Accelerate Digital Transformation With Code Security
Organizations are increasingly embarking on digital transformation journeys. The transformation is enabling them to keep pace with the competition, optimize IT asset security, and meet evolving...
Leveraging Kiuwan Against ‘Not the New Normal’ Cyber Attacks
With over 700 million attempted ransomware attacks in 2021, it's natural to assume that major cyber attacks and data breaches are the new normal, just an unavoidable side effect of life in the...
The Lines of the Security Perimeter Are Becoming Blurred
The traditional method of mitigating security risks by securing the perimeter is losing effectiveness. As society moves to remote and hybrid work, and as more smart devices are tied into the...
3 Reasons Why Your Should Use Kiuwan
Cyber attacks happen every 39 seconds. The University of Maryland found that these attacks affect almost 1 in 3 Americans every year. As we are adopting digitization more and more, developing secure...
Developing Data Security For Banking
Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...
Developing Data Security For Payments
Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...
Developing Data Security For Finance
Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...
Developing Data Security for Finance / Banking
The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.
Kiuwan 101
Before jumping on the DevOps security solutions bandwagon, businesses need a Kiuwan 101 introduction to understand which challenges Kiuwan solves and how it makes application security testing a breeze. Keep reading to find out.
Combining SAST & SCA Tools
Learn how cybersecurity teams can combine SAST and SCA into a comprehensive cybersecurity strategy.
Are Supply Chain Attacks Caused by Open-Source Dependencies?
Although Open Source Software provides many advantages, such as affordability and flexibility, the programs and their components can introduce security risks and vulnerabilities to a company.
Why Accurate Software Inventory Is Essential
Open source code is cost-effective, flexible, and agile, it also poses some serious security and liability risks. This is why software inventory is essential.
Overcoming Microservices Architecture Risks
Microservices architecture gives developers a flexible, scalable, agile solution for building high-performing apps that quickly deploy. It has been widely adopted because of its game-changing benefits. However, developers must overcome some challenges and risks to implement solutions with microservices effectively.
Cloud Native – A Developers View
Cloud technology has ushered in a new era for businesses, laymen, and the developers who are behind all the applications. Cloud-native technology is essentially about speed and agility, which have become more like necessities for business systems. Of course, at the heart of it all is the cloud infrastructure. Three of the most prominent cloud service providers include Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Using Software Composition Analysis to Mitigate Development Risk
There are ways for developers to deal with potential threats and assure software security. Software Composition Analysis (SCA) comes in handy for checking vulnerabilities and licensing issues line-by-line.
The API Security Top 10 List
In an effort to increase API security, the Open Web Application Security Project (OWASP) maintains a list of the top 10 security risks.
How to Safely Leverage Open Source in Your Codebase
All major innovations in recent years, including cloud computing, big data, and artificial intelligence, have been built in open source ecosystems. According Gartner, most organizations use some form of open-source assets within their critical applications.
Why Your Team Needs a Security Champion
Application security testing is the need of the hour for organizations that want to be secure. Although it’s a difficult task, a security champions program can enthuse teams to work together and build secure applications from the ground up.
Remediate Log4j Risk: A Warning From the FTC
Stick with us to find out everything you need to know about the Log4j vulnerability and how to keep your business and its applications safe from the potential exploit.