Kiuwan Application Security Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan application security blog
DevSecOps Focus: On the Way to Secure Source Code

DevSecOps Focus: On the Way to Secure Source Code

Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test apps for vulnerabilities and bugs during the development process. These...

read more
Application Security and Ransomware

Application Security and Ransomware

Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle

read more
Maximizing Development ROI Through DevSecOps

Maximizing Development ROI Through DevSecOps

Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.

read more
Tips for Developing Secure Financial Applications

Tips for Developing Secure Financial Applications

Most financial services providers have an option that customers can use to access various services at their convenience. Unfortunately, security continues to be a cause of concern for anyone planning to enroll in mobile/online banking services.

read more
Increasing Development Pipeline Efficiency

Increasing Development Pipeline Efficiency

Software development organizations define success by providing the right products to their customers that meet quality, schedule and budgetary constraints.

It includes specification, design, development, testing, quality assurance, building and deployment. Increasing the efficiency of the development pipeline makes happier customers and generates higher profits.

read more
Post-Pandemic Hybrid Office Models Bring New Security Concerns

Post-Pandemic Hybrid Office Models Bring New Security Concerns

As 2021 reaches its halfway point, many businesses are transitioning back toward more on-premises operations, but some analysts believe that a hybrid workforce will be the new normal. In a hybrid model, the workforce is made up of both on-premises and remote workers, with many of those workers splitting time between home and the office.

read more
Are Some Programming Languages More Secure than Others?

Are Some Programming Languages More Secure than Others?

Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.

read more
Prestidigitation: the Heart of Social Engineering

Prestidigitation: the Heart of Social Engineering

Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.

read more
The 2021 CISSP Exam and Application Security: What’s Changed?

The 2021 CISSP Exam and Application Security: What’s Changed?

CISSP is one of the most prestigious vendor-neutral information systems security leadership certifications. The certification is a credential that signifies its holder possesses professional experience and demonstrates a high level of knowledge across information systems security domains.

read more
The State of Mobile App Security 2021

The State of Mobile App Security 2021

The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in perspective: according to Statista the total number of mobile...

read more
The Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware Attack

On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.

read more
Release Announcement – June 16, 2021

Release Announcement – June 16, 2021

We are pleased to announce the availability of the latest Kiuwan update! Released on June 16, 2021, this update includes new features and some bugfixing, described below.   The Oauth2/OIDC Integration project, a new feature Nowadays, many organizations...

read more
Pandemic Legacy: Remote Work and Digital Transformation

Pandemic Legacy: Remote Work and Digital Transformation

The COVID-19 pandemic drove many companies to rapidly expand their support for remote work. This change was not simply to appease a changing workforce; it was simply to survive. When most of the workforce was suddenly told to stay home, many organizations had to...

read more
How NIST SP 800-53 Revision 5 Affects Application Security

How NIST SP 800-53 Revision 5 Affects Application Security

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce that, among other things, maintains physical science laboratories and produces guidance for assessing compliance with a wide range of standards.

read more
Biggest Cloud Breaches of 2020

Biggest Cloud Breaches of 2020

PCR’s (UK) Top 10 Biggest data breaches of 2020 PCR is a leading information source for IT resellers and distributors in the United Kingdom. It reports its top 10 based on the number of records breached in the incidents selected. They cite the Risk Based Security...

read more
Securing Serverless Applications

Securing Serverless Applications

Although the term says “serverless,” serverless applications don’t really run without any servers involved. Rather, serverless applications run inside cloud-based infrastructures so that developers and operators need no longer stand up and run their own servers,...

read more
Getting Ahead of Payment Card Security Threats

Getting Ahead of Payment Card Security Threats

Payment card attacks are nothing new. Cybercriminals have been targeting payment cards for more than a decade. However, there is a disturbing trend of cybercriminals discovering and leveraging novel ways to steal payment cards credentials during online transactions....

read more
Beyond SolarWinds

Beyond SolarWinds

Beyond SolarWinds: Guarding Against the Rising Threat of Supply Chain Attacks The successful attack in 2020 on the SolarWinds Orion network management software showed that indirect, or third-party, attacks on organizations of all sizes are feasible. Where...

read more
Release Announcement — January 28, 2021

Release Announcement — January 28, 2021

The Kiuwan team is excited to announce the availability of our latest release, with new features for both cloud and on premise customers. Kiuwan is a fast, reliable and scalable Application Security and Enterprise Software Analytics solution. Kiuwan includes several...

read more
6 Threats to Development Team Productivity

6 Threats to Development Team Productivity

Productivity rates are critical to success in any industry. That is true of software products, too, that not only need to be efficiently produced but secure from cyberattacks as well. If you’re considering how to improve your software team’s productivity, then you...

read more
Rethinking Application Security in a Post-Pandemic World

Rethinking Application Security in a Post-Pandemic World

Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape. Not only did businesses have to tweak their entire operations under safety regulations, but they also had to contend with a growing list of cybersecurity...

read more
App security quality analytics

App security quality analytics

As business management expert Peter Drucker once put it:“If you can’t measure it, you can’t improve it.” This quote feels right in place in the world of application security. Many CISOs are finally starting to give SAST tools and other approaches...

read more
The Role of SAST in DevSecOps

The Role of SAST in DevSecOps

Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development...

read more
Threat Modeling’s Place in DevSecOps

Threat Modeling’s Place in DevSecOps

Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus on the attacker. Understanding how attackers compromise controls...

read more
Create a Web Application Security Blueprint

Create a Web Application Security Blueprint

The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of...

read more
Managing Open Source Vulnerabilities in DevOps

Managing Open Source Vulnerabilities in DevOps

If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning that a code element is subject to a known threat or vulnerability....

read more
AppSec or Just Smart Software Development?

AppSec or Just Smart Software Development?

The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...

read more
SAST and SCA: Putting the Puzzle Together

SAST and SCA: Putting the Puzzle Together

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the...

read more
scanning-code-vulnerabilities

scanning-code-vulnerabilities

When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...

read more
kiuwan assembla integration

kiuwan assembla integration

Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...

read more
Understanding and Managing Open-Source Risks

Understanding and Managing Open-Source Risks

These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...

read more
kiuwan high performer g2 spring 2020

kiuwan high performer g2 spring 2020

We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...

read more
Announcing Support for Go

Announcing Support for Go

On February 13 we released support for a new programming language: Go (aka Golang).  We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...

read more
Programming Language Trends In 2020

Programming Language Trends In 2020

High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...

read more
Application security tools comparison

Application security tools comparison

DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them.  Application testing...

read more

Application Inventory Management

How Application Inventory Management Unlocks Your App for Affordable Maintenance and Development As your application grows in complexity, it’s critical to maintain a strong understanding of its back-end functionality. A novel new way to...

read more

Continuous integration

What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate...

read more
The OWASP Benchmark & Kiuwan

The OWASP Benchmark & Kiuwan

Learn how to make your own OWASP Benchmark test with Kiuwan on our DIY Blog post. What is the OWASP Benchmark? I’m sure that most of you are familiar with OWASP (Open Web Application Security Project), or at least you have heard about their...

read more

Owasp Benchmark Diy

DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability...

read more