Kiuwan Application Security Blog
Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.
Threat Modeling’s Place in DevSecOps
Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus on the attacker. Understanding how attackers compromise controls...
Putting the Principle of Least Privilege to Work for Web Apps
With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather,...
Automation fix bad habits
Most discussions of DevSecOps include automation as a major component. In fact, Julien Vehent, Firefox’s Operations Security lead, defines DevOps this way in his book “Securing DevOps”: “DevOps is the process of continuously improving software products through rapid...
Strategies for Managing Widely Deployed Code with Kiuwan
As applications become increasingly cloud-based – or even, cloud-native – more and more such code is sending data to and from cloud-based stores, both public and private. This makes the methods and controls that such applications use to access the cloud of particular...
Use the Strangler Pattern to Refactor Legacy Apps
Most of us who have been responsible for the care and feeding of an enterprise application have had to modify someone else’s code. Whether the modification is due to a newly found bug or to enhance existing functionality, changing someone else’s code is an interesting...
Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of...
Managing Open Source Vulnerabilities in DevOps
If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning that a code element is subject to a known threat or vulnerability....
When KLA Met Containers
Containers have emerged as a fantastic technology to deploy applications. Containers save a lot of time for system engineers dealing with infrastructure issues: servers, networks, operating systems (OS), ports, configuration, etc. If your application needs be run with...
Upcoming Webinars Focus on IDEs & Integrations
As part of our mission to help you build applications that are secure from the start, the Kiuwan team is planning an all-new lineup of free, live webinars. Over the past several months, our webinars have delivered training on essential aspects of Kiuwan solutions and...
AppSec or Just Smart Software Development?
The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...
AppSec or Just Smart Software Development
The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...
SAST and SCA: Putting the Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the...
DevSecOps Is a Team Contact Sport
DevSecOps is quickly becoming one of those trendy terms that everyone tries to use on social media. If you can somehow work #devsecops into a post, you’re using today’s forward-looking language. The problem is that many articles and blogs miss some of the most...
Understanding OWASP ASVS
Understanding the DevOps Approach to Code Security DevOps generally means integrating software development (dev) and information technology operations (ops) to speed the lifecycle, deliver better features, updates and fixes, and more. What’s sometimes missing from...
Cybersecurity: How Safe are Voice Assistants?
This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At...
Devsecops teams learn covid 19
What DevSecOps Teams Can Learn from COVID-19 Over the last few months, the whole world has fundamentally changed due to the emergence of a novel coronavirus, COVID-19. The highly infectious nature of the virus, its devastating impact on vulnerable individuals who...
Why is Security IoT’s Biggest Concern?
The internet of things (IoT) refers to the network capability that allows smart devices to communicate with other objects or devices. The “things” are devices such as sensors, lights, or security systems. Most IoT devices have targeted the consumer, but more devices...
Why SAST is Crucial for The Security of Web and Mobile Applications
Software applications are used both in homes and workplaces. Web and mobile apps are used for communication. They help businesses and individuals get updates on the latest trends and happenings. Apps are big money makers as they are easily available in app stores....
scanning-code-vulnerabilities
When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...
How to Teach Your Team to Make Secure, Memorable, and Unique Passwords Every Time
Network security is one of the most challenging efforts in modern technology. In the constant battle between security IT and virulent hackers, we have created some truly incredible defensive technology. But all of it is for naught if a hacker can simply slip through a...
kiuwan assembla integration
Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...
Why Companies Need to Know About the OWASP Application Security Verification Standard (ASVS)
While we’ve discussed OWASP (Open Web Application Security Project), it’s importance to the security of applications and development and the standards it sets, there are other aspects that deserve our attention. One of the primary elements of OWASP that demands such...
7 Tips on Secure Blockchain: What You Need to Know.
No matter what industry sector your business plays in, data security is critical to its survival. When it comes to security and blockchain: what you need to know is not always readily apparent. We understand that you want security solutions and you want them fast. So...
8 Tips on Keeping Safe When Buying Online
It’s not a surprise to hear that, especially in our current state, e-commerce is booming. It is even thought that by 2040, 95% of all purchases will be done online. Although buying online has become more commonplace, many are still unaware of the...
Understanding and Managing Open-Source Risks
These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...
Major Data breaches 2019
A Timeline of Major Data Breaches in 2019 If there’s no rest for the wicked, there seems to be also no rest for malicious cyber attackers. 2019 has had its fair share of data breaches and many of them have affected the data of millions of people. Let’s take a...
Is Cross-Site Scripting Still a Thing?
Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and...
3 Surprises About How Artificial Intelligence Affects Cybersecurity
There is certainly a lot of news these days about artificial intelligence (AI) and the impact it has on every aspect of our online lives. It seems like every developer is trying to enhance an application, platform, or tool with machine learning capabilities. It’s...
kiuwan high performer g2 spring 2020
We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...
Owasp top 10 mobile
OWASP Top 10 for Mobile: All You Need to Know It’s not surprising to hear that with 45% of the world’s population owning a smartphone, attacks on mobile devices are on the rise. Every CISO or employee in cybersecurity has at least once heard of...
Announcing the Release of Kiuwan On-Premises Distributed Version
In October 2019, we rolled out a new version of Kiuwan On-Premises to replace the outdated, monolithic version. Read on to learn what Kiuwan On-Premises is and why you should upgrade to the distributed version if you are using the old one. What is Kiuwan...
Ransomware-prevention-common-attacks
According to Verizon’s 2019 Data Breach Report, there were 500 reported cases of ransomware incidents in 2019. Most were delivered via email. Office documents were the most common attachments at 45%, although .zip and .rar archives were being used to bypass...
Using Threat Intelligence to Boost Your Organization’s Security Posture
These days, hardly a day goes by without some news about cybersecurity threats. Credit card information gets stolen. Social Security databases get hacked. Customer data breaches occur, exposing private personal information. Ransomware shuts down businesses, hospitals,...
10 Twitter accounts to follow
10 AppSec Twitter Accounts to Follow Application security is rapidly growing in importance for businesses. Not only has security become front-of-mind for almost every company on the planet, but the ever-more agile pace of development cycles has increased the need for...
The Benefits of a DevSecOps Approach to the SDLC
As IT security frictions grow and increased regulation consistently looms on the horizon, businesses need a change. Traditional security practices simply don’t work in today’s rapid development environment. To keep pace with competitors, you have to push out apps...
Kiuwan Local Analyzer or IDE Plug-In: What’s the Difference?
Kiuwan provides SAST and SCA solutions that use an on-premise standalone Java application for the scanning of source code, then sends the results file to the Kiuwan cloud for augmentation and additional analysis. This Java scanner is called...
Announcing Support for Go
On February 13 we released support for a new programming language: Go (aka Golang). We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...
Programming Language Trends In 2020
High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...
Application security tools comparison
DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them. Application testing...
On premises goes hybrid
Food for Thought: On-premises Goes Hybrid Using application security testing (AST) tools has many benefits; for example increasing the speed, efficiency and coverage paths for testing applications. However, there are many reasons why individuals may feel insecure when...
End support tls
Announcement: End of Support for TLS 1.0 and 1.1. On March 1st Kiuwan will disable support for TLS 1.0 and 1.1. Why? Only 3% of our systems traffic uses TLS 1.0., so we have decided to disable support for it from March 2020 onwards. What is TLS? As...
The Cyberthief’s New Best Friend: Web Apps
Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from...
Why Hackers Attack – The Motives Behind Attackers
Hacking has been going on for decades, so it is unsurprising that with a society as technological as ours, more and more companies and private people are experiencing attacks. Hacking is the primary way in which attackers try to gain access and damage...
Cybersecurity predictions 2020
Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review...
Communicating with Customers in the Event of a Breach
There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and...
WASC Compliance: Guarantee App Security
DevOps processes have incredibly hastened the app development lifecycle leading to an exponential rise of apps getting into the market. Unfortunately, cybersecurity threats have kept the pace with data breaches standing in the way of an otherwise ideal app market....
HIPAA Compliance for Secure Health Software
Developers all over the world have become keen on adopting a high level of application security, especially with the steady rise of cybersecurity threats. The shorter app development app cycle also means that you’ll need a robust security system to flash out any...
Favorite places security holes
The Favorite Places For Security Holes To Hide It’s essential that CISOs hunt out security holes, whether unintentionally created by a careless coder or deliberately created by a cyberthief. The word “hunt” is critical because today’s enterprise—with its hybrid...
SANS Institute Top 25 Software Errors
The SANS Institute has designed thousands of programs for security professionals around the world. The organization brings together seasoned security practitioners to provide information security practices along with security certification. Besides the...
CERT Compliance: Provide Security For Your C Applications
Today’s app development processes are not complete without security integration. Security standards provide safeguards for companies to secure their apps and software from cybersecurity threats. NIST, OWASP, WASC, SEI CERT C and J, CWE, and BIZEC are part of...