ruby static analysis

Ruby goes to Kiuwan

Kiuwan Code Analysis offers state of the art engines, supporting more than 22 programming languages and frameworks including: Java, Csharp, Javascript, ABAP and Hibernate among others. But Kiuwan is more than a static analysis tool. Kiuwan can categorize your rules and create models according to your needs, plan your next steps with action plans to optimize your time with the ‘what if’ analysis, generate reports,… Read more →

visualstudio

Continuous Inspection with Team Foundation Server

Continuous is a word often heard in Agile and DevOps teams: continuous integration, continuous deployment, continuous delivery, … All of them are techniques where teams produce software (products) in short cycles, ensuring that they can be reliably put on production at any time. Kiuwan puts their two cents to facilitate your success, enabling continuous inspection of your code, integrating with… Read more →

Secure Rest Api services

Bad guys love REST

Many applications provide a services layer (to other applications, to a presentation layer…) or consume services exposed by third-parties (not necessarily trusted). REST model is a simple way for designing such service layers, widely used today. This post is about REST security issues and presents the main security problems that need attention, the attack threats and attack surface for REST,… Read more →

AngularJS tips

14 tips for developing AngularJS applications

AngularJS is one of the most popular JavaScript frameworks for client-side development. An insight into some AngularJS concepts, such as $scopes, two-way data binding and directives, will bring us some important tips to keep in mind while developing AngularJS applications. AngularJS provides MVC architecture for developing SPA (Single Page Application). Key features are two-way data binding, built-in dependency injection, templates… Read more →

Jira Integration SDLS

Jira integration

Kiuwan Software Analytics integrates with JIRA Developers want and need to have full control of their code, Kiuwan Software Analytics provides that control in terms of the risks developers face, and the effort to maintain a desired level of quality. However, we cannot overlook the fact that developers already use a wide variety of tools to control other aspects of… Read more →

dA8GMkne

Code Analysis of Twitter’s DistributedLog

Recently, the Twitter engineering team (@TwitterEng) published an interesting library: DistributedLog, a replicated and highly efficient service to manage the logs of applications. A summary of its characteristics as found in the documentation: High performance, since it provides delays in the order of milliseconds with a large number of concurrent logs. It is capable of a large volume of read- and write operations per… Read more →

OWASP Top 10

OWASP Top 10: how to discover vulnerabilities in your Java applications

In this article you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically.   What’s OWASP Top 10? OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire,… Read more →

C++ analysis

Analyzing C and C++

C and C++ static analysis is a bit different from other programming languages, so analyzing C may have its quirks. In these languages, we have the preprocessor to complicate things a little.   Resolving header files and macros, used in preprocessing phase, is essential for a complete and correct C and C++ static code analysis. In this post, let’s break… Read more →

sdlc2

Perform Kiuwan analysis in your ABAP Development Life Cycle

This is the fourth installment of our series on Abap analysis. If you are a new reader, check out previous posts on: 1. ABAP Code Quality & Security Vulnerabilities detection 2. Static analysis for ABAP 3. ABAP: continuous analysis with Kiuwan Chapter 3, ABAP: continuous analysis with Kiuwan, tells us how to run automatically the source code extraction and the Kiuwan analysis,… Read more →

sin-titulo

OWASP Top 10: how to discover vulnerabilities in your C# applications

In this article, you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically. This post is the second part of another post about discovering vulnerabilities in a Java application. How can I… Read more →