Category: Languages & Technologies

hack_img6

Cross Site Request Forgery (CSRF)

Defending Against Cross Site Request Forgery   Cross–Site Request Forgery, or CSRF, sometimes pronounced “Sea Surf,” is an alarmingly simple way to perform unauthorized actions on a website. The trick is this: The user is logged into a restricted site or otherwise has authorization to use it. A URL from a hostile site asks the restricted one to take some… Read more →

ruby static analysis

Ruby goes to Kiuwan

Kiuwan Code Analysis offers state of the art engines, supporting more than 22 programming languages and frameworks including: Java, Csharp, Javascript, ABAP and Hibernate among others. But Kiuwan is more than a static analysis tool. Kiuwan can categorize your rules and create models according to your needs, plan your next steps with action plans to optimize your time with the ‘what if’ analysis, generate reports,… Read more →

Secure Rest Api services

Bad guys love REST

Many applications provide a services layer (to other applications, to a presentation layer…) or consume services exposed by third-parties (not necessarily trusted). REST model is a simple way for designing such service layers, widely used today. This post is about REST security issues and presents the main security problems that need attention, the attack threats and attack surface for REST,… Read more →

AngularJS tips

14 tips for developing AngularJS applications

AngularJS is one of the most popular JavaScript frameworks for client-side development. An insight into some AngularJS concepts, such as $scopes, two-way data binding and directives, will bring us some important tips to keep in mind while developing AngularJS applications. AngularJS provides MVC architecture for developing SPA (Single Page Application). Key features are two-way data binding, built-in dependency injection, templates… Read more →

OWASP Top 10

OWASP Top 10: how to discover vulnerabilities in your Java applications

In this article you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically.   What’s OWASP Top 10? OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire,… Read more →

C++ analysis

Analyzing C and C++

C and C++ static analysis is a bit different from other programming languages, so analyzing C may have its quirks. In these languages, we have the preprocessor to complicate things a little.   Resolving header files and macros, used in preprocessing phase, is essential for a complete and correct C and C++ static code analysis. In this post, let’s break… Read more →

sdlc2

Perform Kiuwan analysis in your ABAP Development Life Cycle

This is the fourth installment of our series on Abap analysis. If you are a new reader, check out previous posts on: 1. ABAP Code Quality & Security Vulnerabilities detection 2. Static analysis for ABAP 3. ABAP: continuous analysis with Kiuwan Chapter 3, ABAP: continuous analysis with Kiuwan, tells us how to run automatically the source code extraction and the Kiuwan analysis,… Read more →

sin-titulo

OWASP Top 10: how to discover vulnerabilities in your C# applications

In this article, you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically. This post is the second part of another post about discovering vulnerabilities in a Java application. How can I… Read more →

Sap vulnerability detection Abap code quality

SAP Code Quality & Security Vulnerabilities detection

ABAP applications programming -most of which are large customized systems- adds to the challenge of managing these large development projects, to ensure that the resulting code has the necessary quality and security, in order to avoid problems once in production, or excessive maintenance costs. The lack of verification or manual verification of the quality and security of these large systems… Read more →

ghostshellcredsymantec

Security in business-oriented languages: ABAP

The ERP world: SAP and ABAP Let’s talk about SAP and its common high-level business language, ABAP. The attack surface for SAP systems is wide, with web-facing options like ITS, BSP, Web Dynpro, Fiori… Dynamic ABAP code, remote function calls (RFC) and many other features open to new attack points. In ABAP, OpenSQL is the common way for executing SQL… Read more →