Recently, the Twitter engineering team (@TwitterEng) published an interesting library: DistributedLog, a replicated and highly efficient service to manage the logs of applications. A summary of its characteristics as found in the documentation: High performance, since it provides delays in the order of milliseconds with a large number of concurrent logs. It is capable of a large volume of read- and write operations per… Read more →
Perform Kiuwan analysis in your ABAP Development Life Cycle
This is the fourth installment of our series on Abap analysis. If you are a new reader, check out previous posts on: 1. ABAP Code Quality & Security Vulnerabilities detection 2. Static analysis for ABAP 3. ABAP: continuous analysis with Kiuwan Chapter 3, ABAP: continuous analysis with Kiuwan, tells us how to run automatically the source code extraction and the Kiuwan analysis,… Read more →
Avoid duplicated code with clone detector
Reusing code is usual in software development, but this practice makes the code less maintainable, besides introducing defects. That’s why we have in Kiuwan the Clone detector. As we write an application and this development extends over time, very similar or identical code fragments begin to appear. These fragments are known as ‘clones’. The existence of these clones makes more difficult… Read more →
Security in business-oriented languages: ABAP
In the previous post, we have seen some security flaws in COBOL and RPG. Following with the security issues that may arise in software developed in business-oriented languages, let’s see today some of them in ABAP and how Kiuwan can help you to detect and prevent security problems in business-oriented languages code. FacebookTwitterGoogle+LinkedIn Read more →
Security in business-oriented languages: COBOL and RPG
Security in software written in business languages (like COBOL) follows a quite different path from software security in “modern” languages. Information flow issues are as much relevant than technical flaws. Knowledge and awareness in dev teams are not widespread. In this post we focus on the security flaws that happen in different business-oriented programming languages, how things could go wrong even with… Read more →
14 tips for developing AngularJS applications
AngularJS is one of the most popular JavaScript frameworks for client-side development. An insight into some AngularJS concepts, such as $scopes, two-way data binding and directives will bring us to some important tips to keep in mind while developing AngularJS applications. AngularJS provides MVC architecture for developing SPA (Single Page Application). Key features are two-way data binding, built-in dependency… Read more →
Bad guys love REST
Many applications provide a services layer (to other applications, to a presentation layer…) or consume services exposed by third-parties (not necessarily trusted). REST model is a simple way for designing such services layers, widely used today. This post is about REST security issues and presents the main security problems that need attention, the attack threats and attack surface for REST, and how to… Read more →
Continuous inspection with Team Foundation Server and Kiuwan
Continuous is a word often heard in Agile and DevOps teams: continuous integration, continuous deployment, continuous delivery, … All of them are techniques where teams produce software (products) in short cycles, ensuring that they can be reliably put on production at any time. Kiuwan puts their two cents to facilitate your success, enabling continuous inspection of your code, integrating with… Read more →
How to create new zero-code Kiuwan rules
This is not the first time we talk about how to create new Kiuwan rules in our blog. You can read our series on how to develop new rules using the Kiuwan rule Java API and the rule developer, starting with this one and finishing with this one. Check them all out. For those of you who are not so Java… Read more →
Ruby comes to Kiuwan
Kiuwan is a collaborative environment to analyze, organize and share information, obtained from application analysis, at all levels of our organization: Developers, Security Managers, Quality Managers and CIOs. Today we are going to see how to use Kiuwan with Ruby applications. Kiuwan offers state of the art analysis engines, supporting more than 22 programming languages and framworks including: Java, COBOL, Csharp, Javascript, ABAP… Read more →