Category: The latest


Cross Site Request Forgery (CSRF)

Defending Against Cross Site Request Forgery   Cross–Site Request Forgery, or CSRF, sometimes pronounced “Sea Surf,” is an alarmingly simple way to perform unauthorized actions on a website. The trick is this: The user is logged into a restricted site or otherwise has authorization to use it. A URL from a hostile site asks the restricted one to take some… Read more →

Kiuwan Indicators

Security and Quality Indicators in Kiuwan: a practical guide   Kiuwan gathers evidence from application’s source code using in-house develop Kiuwan static analyzers. Based on the found evidence from static analysis, Kiuwan calculates and presents relevant Software Analytics Indicators that provide accurate information on: Software characteristics (ISO-25000 based), such as: Security, Efficiency, Maintainability, Reliability and Portability. Global Indicator, a general… Read more →


Application Security — Why Businesses Need Application Security

There is almost an endless list of reasons why application security is important to businesses. Those range from maintaining a positive brand image to preventing security breaches that impact the trust that your clients and shareholders have in your business. The Focal Shift of Hackers Not so long ago the majority of hacking occurred through weak links in operating systems.… Read more →

How to control Kiuwan Local Analyzer execution in Continuous Integration

A common question from users that run Kiuwan in a Continuous Integration scenario is : How can i control (or be notified of) the results of the execution of Kiuwan Local Analyzer? And furthermore.. How could those results influence my build process? Kiuwan provides several mechanisms that depend on your specific Continuous Integration scenario. Let’s look at it in detail.… Read more →

Suppress false positives in your code analysis

One of the obstacles any static analysis tool encounters is the ease with which developers can manage defects that are not pertinent to their development. Oftentimes these “defects” for whatever reason simply do not apply. The most known case of such defects is false positives. Kiuwan Code Analysis offers many features, today we are going to highlight the “Defects Mute”… Read more →


Pentesting: What it is and how it works

Pentesting: What It Is, And How It Works   Pentesting is also called penetration testing or ethical hacking. A penetration test is designed to answer the question: “How effective is my current security against a skilled human attacker?” In this article, we’ll go over what it is, why it’s important to businesses and how a skilled pentester works.   What is Pentesting? … Read more →

Sin título

Jenkins integration with Kiuwan Code Analysis

A while ago we released our Jenkins plugin as a way to ease the workflow of developers who use Kiuwan, and since then we have had great feedback from our community of users. Measure code security and quality continuously In a world where companies are embracing DevOps initiatives, we aim to help them integrate the measurement and analysis of their application’s code… Read more →


Python code analysis with Kiuwan

Kiuwan’s latest release now includes coverage for Python. Python was conceived in the late 1980s, and its implementation began in December 1989 by Guido van Rossum. Van Rossum is Python’s principal author, and his continuing central role in deciding the direction of Python is reflected in the title given to him by the Python community, benevolent dictator for life (BDFL). Python 2.0… Read more →


Integrate Kiuwan static test services with IBM Bluemix DevOps Services

I’m located at Tokyo, but I sometimes collaborate beyond border to assist customers. I’m working with Smith Naik who has been managers of various IBM software at IBM labs, now works for various customers to provide best solutions for them. We were wondering how we can provide “static analysis” on the cloud using IBM Bluemix DevOps Services, and Smith found… Read more →