AppSec Blog

Keep up with the latest news on cybersecurity, technical trends, and programming best practices.

What Are Code Vulnerabilities?

What Are Code Vulnerabilities?

In today's world, where most of our lives revolve around apps and software, a single flaw in an application's codebase can wreak havoc. These flaws, more often called code vulnerabilities, serve as...

What Is a Software Bill of Materials (SBOM)

What Is a Software Bill of Materials (SBOM)

In 2021, President Joe Biden signed an Executive Order highlighting the importance of the software bill of materials (SBOM) in cybersecurity. While SBOMs existed even before the Executive Order...

Kiuwan Shines in G2 Fall 2023 Grid Report

Kiuwan Shines in G2 Fall 2023 Grid Report

The season of revelations is upon us once again! G2 has published its eagerly awaited Fall 2023 Grid Reports. Spanning a vast landscape of over 16,000 products in more than 1,000 categories, these...

Why Does Source Code Quality Matter?

Why Does Source Code Quality Matter?

Are you in the realm of quality assurance? Do you find yourself constantly reacting to source code issues instead of preventing them? If so, you might have a problem — and opportunity — when it...

What to Do After a Data Breach

What to Do After a Data Breach

For many of us, one of the worst professional scenarios we can fall victim to is the dreaded data breach. However, as companies expand their digital footprint, so does their risk of experiencing...

What Is Software Composition Analysis (SCA)?

What Is Software Composition Analysis (SCA)?

With software development progressing quickly, many developers turn to third-party and open-source components to speed up the build process and add requested user functionality. That opens the door...

Maintaining Security With AI Programming Tools

Maintaining Security With AI Programming Tools

The technological landscape has undergone seismic changes in the past decade, with artificial intelligence (AI) being at the forefront of this transformation. For software developers, AI tools are...

AI: How It Is Changing Application Security Testing

AI: How It Is Changing Application Security Testing

As organizations increasingly rely on digital solutions to stay competitive, the importance of application security has skyrocketed. In response to this growing need, AI is stepping into the...

What’s New in the OWASP Top 10 for 2023?

What’s New in the OWASP Top 10 for 2023?

The need for application security has never been greater. In a world where technology is ubiquitous and applications are key to day-to-day operations, organizations must protect their data against...

How AppSec Can Improve Pharmaceutical Security Risks

How AppSec Can Improve Pharmaceutical Security Risks

Pharmaceutical companies face an increased risk of data breaches due to the lack of application security. Recent research has found that pharmaceuticals are among the top three industries for data...

LATAM Data Breaches: Top 3 Countries Affected

LATAM Data Breaches: Top 3 Countries Affected

 Gone are the days when data breaches were only a concern for countries in the developed world. In today's increasingly connected and fast-growing digital economy, cybercriminals have shifted their...

Women Making Digital Waves Throughout History

Women Making Digital Waves Throughout History

As we enter March, let's take a moment to recognize Women's History Month and celebrate the many contributions that women have made throughout history. Women have been at the forefront of innovation...

Support Corner: Improving Code Quality With Kiuwan

Support Corner: Improving Code Quality With Kiuwan

Kiuwan is a world-class application security platform.   Kiuwan SAST (Code Security) identifies and helps remediate security vulnerabilities in our source code.  Kiuwan SCA (Insights) identifies and...

Using JavaScript Safely With Your Projects

Using JavaScript Safely With Your Projects

Read on to learn about the risks of using JavaScript and the best practices for securely developing JavaScript projects. We’ll also cover how Kiuwan security tools can keep JavaScript projects safe.

Top 5 CVE Risks to Watch in 2023

Top 5 CVE Risks to Watch in 2023

As developers, we know that security is paramount in our projects. But with the ever-evolving nature of cyber threats, staying up to date on the latest vulnerabilities and exposures (CVEs) can be...

Things to Know About AppSec in Europe

Things to Know About AppSec in Europe

The European Union has made significant upgrades to its cybersecurity framework in response to critical infrastructure threats. In order to make Europe a safe place to live and work, the Network and...

2023 AppSec Trends & Predictions

2023 AppSec Trends & Predictions

The Application Security (AppSec) landscape is constantly evolving and adapting to the changing times. As more organizations are looking to AppSec to protect their digital assets from malicious...

Support Corner: Securing Android Apps With Kiuwan

Support Corner: Securing Android Apps With Kiuwan

We’ve recently worked with several clients in the process of building mobile apps for their organizations.  As with desktop, IoT, cloud, and browser-based apps, it is critical to secure our mobile...

Recap of Cloud Security in 2022

Recap of Cloud Security in 2022

As cloud computing continues to experience double-digit percentage growth, security concerns remain a top priority for many organizations. With sensitive data increasingly stored in the cloud and...

Tips to Stay Safe During Black Friday/Cyber Monday

Tips to Stay Safe During Black Friday/Cyber Monday

Two of America’s biggest and busiest shopping days — Black Friday and Cyber Monday — are just around the corner. And as you prepare to shop till you drop, cybercriminals are also hard at it,...

How Holiday Hacking Puts Your Company at Risk

How Holiday Hacking Puts Your Company at Risk

The holiday season brings many good things. Family, presents, decorations, joy, good cheer, peace on Earth, and so on. Unfortunately for anyone working in IT or cybersecurity, the holidays also...

How to Prevent Reverse Shell Attacks

How to Prevent Reverse Shell Attacks

Reverse shell attacks are one of the most common ways that hackers gain control over a computer. It may seem like a strange concept, but it's fairly simple: a reverse shell is created when someone...

Application Security for Energy Providers

Application Security for Energy Providers

In any industry, cybersecurity threats lurk around every corner. Cybersecurity breaches are costly.  In 2021, the average cost of a cybersecurity data breach was $4.24 million, and can substantially...

Seamless DevSecOps Integration Made Easy

Seamless DevSecOps Integration Made Easy

The tide of change that’s washed over the world in the past few years has had sweeping implications for how we live and work. It’s estimated that 26% of American workers were fully remote in 2021...

How to Turn False/Positives Off

How to Turn False/Positives Off

A common topic of conversation we have with software developers is how to reliably and accurately scan code for vulnerabilities while minimizing the number of false positives. And when false...

Top 3 Notorious Hacking Groups

Top 3 Notorious Hacking Groups

The application security world is constantly under attack. One of the most common attacks comes in the form of hacker groups. These notorious hacking groups are often organized and motivated by...

A Holistic Look at Cloud-Native App Security

A Holistic Look at Cloud-Native App Security

One of the key benefits of cloud computing is that it has given organizations the ability to more quickly accelerate applications to market, providing increased business agility. That means...

Understanding Github Repojacking

Understanding Github Repojacking

Threat actors have been using GitHub's repojacking flaw to hijack and inject thousands of repositories with malicious code. This flaw has yet to be fixed, meaning GitHub users will likely see more...

Collaborating for Better Applications

Collaborating for Better Applications

With the rise of collaborative software development environments, it's more important than ever to ensure that code quality and security are top priorities. After all, when multiple developers are...

Creating a Pervasive Security Approach

Creating a Pervasive Security Approach

Implementing a comprehensive security framework requires a strategy that brings security to the front of every stage of the development process — and zero trust is the answer. Here's how it's done...

How Mature Is Your Application Security?

How Mature Is Your Application Security?

For the first time in the survey's history, respondents to the Allianz Risk Barometer cited cyber incidents as their number one concern for 2022. This worry isn't surprising, considering...

A Guide to Security Risks for Financial Services

A Guide to Security Risks for Financial Services

Banking in the 21st century has brought on new innovations but also new threats. Nowadays, most financial services take place in the digital realm. Financial institutions of all sizes need a...

A 20% Increase In Security Scanning Cadence

A 20% Increase In Security Scanning Cadence

Organizations are now scanning for security vulnerabilities at a rate 20 times faster than just a few years ago. The increase in scanning activity is driven by several factors, including the growing...

What PCI DSS 4.0 Means for Finance Organizations

What PCI DSS 4.0 Means for Finance Organizations

On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...

What PCI DSS 4.0 Means for Payments Organizations

What PCI DSS 4.0 Means for Payments Organizations

On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...

What PCI DSS 4.0 Means for Banking Organizations

What PCI DSS 4.0 Means for Banking Organizations

On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operational requirements for...

What PCI DSS 4.0 Means for Your Organization

What PCI DSS 4.0 Means for Your Organization

On March 31, 2022, the PCI Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS), outlining technical and operations requirements for...

The Risk to Public Sector Applications

The Risk to Public Sector Applications

Unless you've been living under a rock, you've heard that cybercrime threatens small- to large-sized organizations across the globe. And not only are public sector organizations not immune, they're...

Looking at a New Threat Vector: Protestware

Looking at a New Threat Vector: Protestware

Since Russia invaded Ukraine, a new threat vector has circulated in the open-source community. This threat vector, known as protestware, involves activists injecting malicious content into...

3 Steps to Better Code

3 Steps to Better Code

No matter the project, no matter the industry, having secure, quality code is a critical factor to an organization’s success. If the code quality is lacking, or if there are significant...

Managing Development Speed & Security For Banking

Managing Development Speed & Security For Banking

In the highly competitive landscape of software development, speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a...

Managing Development Speed & Security For Finance

Managing Development Speed & Security For Finance

In the highly competitive landscape of software development, speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a...

Accelerate Digital Transformation With Code Security

Accelerate Digital Transformation With Code Security

Organizations are increasingly embarking on digital transformation journeys. The transformation is enabling them to keep pace with the competition,  optimize IT asset security, and meet evolving...

3 Reasons Why Your Should Use Kiuwan

3 Reasons Why Your Should Use Kiuwan

Cyber attacks happen every 39 seconds. The University of Maryland found that these attacks affect almost 1 in 3 Americans every year. As we are adopting digitization more and more, developing secure...

Developing Data Security For Banking

Developing Data Security For Banking

Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...

Developing Data Security For Payments

Developing Data Security For Payments

Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...

Developing Data Security For Finance

Developing Data Security For Finance

Data is no longer merely a tool used to improve business strategy. Increasingly, data is an asset that drives the growth of organizations, especially in businesses that handle large amounts of...

Developing Data Security for Finance / Banking

The average cost of a data breach, according to the Cost of a Data Breach Report 2021 is $161 ($146 in 2020) per record. And the average total cost of a data breach in 2021 is $4.24 million, up from $3.86 million in 2020. The costs of fighting cybercrime, restoring data and services following a breach, lost revenue, and reputation damage are increasing.

Kiuwan 101

Kiuwan 101

Before jumping on the DevOps security solutions bandwagon, businesses need a Kiuwan 101 introduction to understand which challenges Kiuwan solves and how it makes application security testing a breeze. Keep reading to find out.

Combining SAST & SCA Tools

Combining SAST & SCA Tools

Learn how cybersecurity teams can combine SAST and SCA into a comprehensive cybersecurity strategy.

Overcoming Microservices Architecture Risks

Overcoming Microservices Architecture Risks

Microservices architecture gives developers a flexible, scalable, agile solution for building high-performing apps that quickly deploy. It has been widely adopted because of its game-changing benefits. However, developers must overcome some challenges and risks to implement solutions with microservices effectively. 

Cloud Native – A Developers View

Cloud Native – A Developers View

Cloud technology has ushered in a new era for businesses, laymen, and the developers who are behind all the applications. Cloud-native technology is essentially about speed and agility, which have become more like necessities for business systems. Of course, at the heart of it all is the cloud infrastructure. Three of the most prominent cloud service providers include Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

The API Security Top 10 List

The API Security Top 10 List

In an effort to increase API security, the Open Web Application Security Project (OWASP) maintains a list of the top 10 security risks.

How to Safely Leverage Open Source in Your Codebase

How to Safely Leverage Open Source in Your Codebase

All major innovations in recent years, including cloud computing, big data, and artificial intelligence, have been built in open source ecosystems. According Gartner, most organizations use some form of open-source assets within their critical applications. 

Why Your Team Needs a Security Champion

Why Your Team Needs a Security Champion

Application security testing is the need of the hour for organizations that want to be secure. Although it’s a difficult task, a security champions program can enthuse teams to work together and build secure applications from the ground up.

Remediate Log4j Risk: A Warning From the FTC

Remediate Log4j Risk: A Warning From the FTC

Stick with us to find out everything you need to know about the Log4j vulnerability and how to keep your business and its applications safe from the potential exploit.

Modern Application Development Risks

Modern Application Development Risks

There are many risks to be found in modern application development. Still, development risks can be reduced, if not eliminated, by following DevSecOps practices designed to identify those risks and resolve them before they create problems.

Data Breaches Are More Expensive Than They Seem

Data Breaches Are More Expensive Than They Seem

Data Breaches are more expensive than they seem, recent reports have shown that ransomware cost much more than they appear on the surface, notifaction, escalation, notifcation, lost business and response costs.

A Developer’s Guide to Managing Open-Source Code Risks

A Developer’s Guide to Managing Open-Source Code Risks

The power of open source code lies in the massive number of developers who contribute to it and test it. However, the same elements that make open-source code so appealing also make it vulnerable to security risks. 

DevSecOps: From Optional To Essential

DevSecOps: From Optional To Essential

Between the rise of cloud-based platforms and the value of big data, the increasing practical — and often legal — requirements of secure application development have moved security from being a mere afterthought to the heart of DevSecOps.

What the Log4J Vulnerability Means for Your Business

What the Log4j Vulnerability Means for Businesses Most businesses using Apache's open-source Log4j logging framework should already know about the vulnerability in the system. Known as Log4Shell or...

Most Severe Cyberattacks of 2021

Most Severe Cyberattacks of 2021

Cyberattacks have become increasingly prevalent since the start of the COVID-19 pandemic. Many employees working remotely. In 2020 alone, malicious emails have gone up by 600%. 

Travis CI | Kiuwan Integration

Travis CI | Kiuwan Integration

Travis CI X Kiuwan Integration   Connect Kiuwan with your Travis CI workflow, this new integration is designed to empower teams to seamlessly add security to any development project. This relatively...

5 Steps to Enhance Developer Security

5 Steps to Enhance Developer Security

Developer play a crucial role in enhancing security and ensuring high performance throughout the development pipeline. Baking security into the code is more effective and efficient than testing a release candidate after the fact, only to be forced into corrective action.

The Full Extent of the Twitch Hack

The Full Extent of the Twitch Hack

Once believed to be indestructible, big tech companies like LinkedIn, Adobe, and even Facebook have succumbed to data breaches, hacks, and leaks in recent years.
The latest of these is the hack of livestreaming site Twitch.

Cybersecurity How IT Security Will Evolve in 2022 and Beyond

Cybersecurity How IT Security Will Evolve in 2022 and Beyond

The advent of new technologies such as artificial intelligence/machine learning (AI/ML), robotic process automation (RPA), cloud computing, and no-code or low-code platforms, has been changing the way organizations deliver their offerings.

Idera DevTools: Kiuwan Podcast

Idera DevTools: Kiuwan Podcast

In today's episode of the Idera DevOps Tools Podcast, we are joined by Alexander Goodwin & JD Burke of Kiuwan. JD is the Lead Solutions Engineer at Kiuwan and provides us with a complete overview of...

OWASP Top 10 for 2021: A Summary

OWASP Top 10 for 2021: A Summary

Want to learn how to design more secure web applications? Here’s what to look out for, according to the latest OWASP Top 10 vulnerabilities list.

Speed or Security in Development: Managing the Tradeoff

Speed or Security in Development: Managing the Tradeoff

Speed seems to always be the driving force behind the release of new apps. However, releasing a new app in record time, followed by a regular and consistent stream of updates, often comes at the cost of security in Development

Creating A Developer First Security Approach

Creating A Developer First Security Approach

92% of organizations do business in the cloud and nearly half of all corporate data is stored in the cloud. Cloud-based business creates efficiencies and cost-savings, but may also prove an attractive target for threat actors.