Kiuwan Application Security Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan application security blog
Threat Modeling’s Place in DevSecOps

Threat Modeling’s Place in DevSecOps

Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus on the attacker. Understanding how attackers compromise controls...

read more
Putting the Principle of Least Privilege to Work for Web Apps

Putting the Principle of Least Privilege to Work for Web Apps

With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather,...

read more
Automation fix bad habits

Automation fix bad habits

Most discussions of DevSecOps include automation as a major component. In fact, Julien Vehent, Firefox’s Operations Security lead, defines DevOps this way in his book “Securing DevOps”: “DevOps is the process of continuously improving software products through rapid...

read more
Strategies for Managing Widely Deployed Code with Kiuwan

Strategies for Managing Widely Deployed Code with Kiuwan

As applications become increasingly cloud-based – or even, cloud-native – more and more such code is sending data to and from cloud-based stores, both public and private. This makes the methods and controls that such applications use to access the cloud of particular...

read more
Use the Strangler Pattern to Refactor Legacy Apps

Use the Strangler Pattern to Refactor Legacy Apps

Most of us who have been responsible for the care and feeding of an enterprise application have had to modify someone else’s code. Whether the modification is due to a newly found bug or to enhance existing functionality, changing someone else’s code is an interesting...

read more
Create a Web Application Security Blueprint

Create a Web Application Security Blueprint

The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of...

read more
Managing Open Source Vulnerabilities in DevOps

Managing Open Source Vulnerabilities in DevOps

If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning that a code element is subject to a known threat or vulnerability....

read more
When KLA Met Containers

When KLA Met Containers

Containers have emerged as a fantastic technology to deploy applications. Containers save a lot of time for system engineers dealing with infrastructure issues: servers, networks, operating systems (OS), ports, configuration, etc. If your application needs be run with...

read more
Upcoming Webinars Focus on IDEs & Integrations

Upcoming Webinars Focus on IDEs & Integrations

As part of our mission to help you build applications that are secure from the start, the Kiuwan team is planning an all-new lineup of free, live webinars. Over the past several months, our webinars have delivered training on essential aspects of Kiuwan solutions and...

read more
AppSec or Just Smart Software Development?

AppSec or Just Smart Software Development?

The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...

read more
AppSec or Just Smart Software Development

AppSec or Just Smart Software Development

The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...

read more
SAST and SCA: Putting the Puzzle Together

SAST and SCA: Putting the Puzzle Together

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the...

read more
DevSecOps Is a Team Contact Sport

DevSecOps Is a Team Contact Sport

DevSecOps is quickly becoming one of those trendy terms that everyone tries to use on social media. If you can somehow work #devsecops into a post, you’re using today’s forward-looking language. The problem is that many articles and blogs miss some of the most...

read more
Understanding OWASP ASVS

Understanding OWASP ASVS

Understanding the DevOps Approach to Code Security DevOps generally means integrating software development (dev) and information technology operations (ops) to speed the lifecycle, deliver better features, updates and fixes, and more. What’s sometimes missing from...

read more
Cybersecurity: How Safe are Voice Assistants?

Cybersecurity: How Safe are Voice Assistants?

This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At...

read more
Devsecops teams learn covid 19

Devsecops teams learn covid 19

What DevSecOps Teams Can Learn from COVID-19 Over the last few months, the whole world has fundamentally changed due to the emergence of a novel coronavirus, COVID-19. The highly infectious nature of the virus, its devastating impact on vulnerable individuals who...

read more
Why is Security IoT’s Biggest Concern?

Why is Security IoT’s Biggest Concern?

The internet of things (IoT) refers to the network capability that allows smart devices to communicate with other objects or devices. The “things” are devices such as sensors, lights, or security systems. Most IoT devices have targeted the consumer, but more devices...

read more
scanning-code-vulnerabilities

scanning-code-vulnerabilities

When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...

read more
kiuwan assembla integration

kiuwan assembla integration

Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...

read more
7 Tips on Secure Blockchain: What You Need to Know.

7 Tips on Secure Blockchain: What You Need to Know.

No matter what industry sector your business plays in, data security is critical to its survival. When it comes to security and blockchain: what you need to know is not always readily apparent. We understand that you want security solutions and you want them fast. So...

read more
8 Tips on Keeping Safe When Buying Online

8 Tips on Keeping Safe When Buying Online

It’s not a surprise to hear that, especially in our current state, e-commerce is booming. It is even thought that by 2040, 95% of all purchases will be done online. Although buying online has become more commonplace, many are still unaware of the...

read more
Understanding and Managing Open-Source Risks

Understanding and Managing Open-Source Risks

These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...

read more
Major Data breaches 2019

Major Data breaches 2019

A Timeline of Major Data Breaches in 2019 If there’s no rest for the wicked, there seems to be also no rest for malicious cyber attackers. 2019 has had its fair share of data breaches and many of them have affected the data of millions of people.  Let’s take a...

read more
Is Cross-Site Scripting Still a Thing?

Is Cross-Site Scripting Still a Thing?

Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and...

read more
kiuwan high performer g2 spring 2020

kiuwan high performer g2 spring 2020

We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...

read more
Owasp top 10 mobile

Owasp top 10 mobile

OWASP Top 10 for Mobile: All You Need to Know It’s not surprising to hear that with 45% of the world’s population owning a smartphone, attacks on mobile devices are on the rise. Every CISO or employee in cybersecurity has at least once heard of...

read more
Ransomware-prevention-common-attacks

Ransomware-prevention-common-attacks

According to Verizon’s 2019 Data Breach Report, there were 500 reported cases of ransomware incidents in 2019. Most were delivered via email. Office documents were the most common attachments at 45%, although .zip and .rar archives were being used to bypass...

read more
10 Twitter accounts to follow

10 Twitter accounts to follow

10 AppSec Twitter Accounts to Follow Application security is rapidly growing in importance for businesses. Not only has security become front-of-mind for almost every company on the planet, but the ever-more agile pace of development cycles has increased the need for...

read more

The Benefits of a DevSecOps Approach to the SDLC

As IT security frictions grow and increased regulation consistently looms on the horizon, businesses need a change. Traditional security practices simply don’t work in today’s rapid development environment. To keep pace with competitors, you have to push out apps...

read more
Announcing Support for Go

Announcing Support for Go

On February 13 we released support for a new programming language: Go (aka Golang).  We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...

read more
Programming Language Trends In 2020

Programming Language Trends In 2020

High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...

read more
Application security tools comparison

Application security tools comparison

DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them.  Application testing...

read more
On premises goes hybrid

On premises goes hybrid

Food for Thought: On-premises Goes Hybrid Using application security testing (AST) tools has many benefits; for example increasing the speed, efficiency and coverage paths for testing applications. However, there are many reasons why individuals may feel insecure when...

read more
End support tls

End support tls

Announcement: End of Support for TLS 1.0 and 1.1. On March 1st Kiuwan will disable support for TLS 1.0 and 1.1. Why? Only 3% of our systems traffic uses TLS 1.0., so we have decided to disable support for it from March 2020 onwards. What is TLS?  As...

read more
The Cyberthief’s New Best Friend: Web Apps

The Cyberthief’s New Best Friend: Web Apps

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from...

read more
Why Hackers Attack – The Motives Behind Attackers

Why Hackers Attack – The Motives Behind Attackers

Hacking has been going on for decades, so it is unsurprising that with a society as technological as ours, more and more companies and private people are experiencing attacks. Hacking is the primary way in which attackers try to gain access and damage...

read more

Cybersecurity predictions 2020

Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review...

read more
Communicating with Customers in the Event of a Breach

Communicating with Customers in the Event of a Breach

There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and...

read more
WASC Compliance: Guarantee App Security

WASC Compliance: Guarantee App Security

DevOps processes have incredibly hastened the app development lifecycle leading to an exponential rise of apps getting into the market. Unfortunately, cybersecurity threats have kept the pace with data breaches standing in the way of an otherwise ideal app market....

read more
HIPAA Compliance for Secure Health Software

HIPAA Compliance for Secure Health Software

Developers all over the world have become keen on adopting a high level of application security, especially with the steady rise of cybersecurity threats. The shorter app development app cycle also means that you’ll need a robust security system to flash out any...

read more
Favorite places security holes

Favorite places security holes

The Favorite Places For Security Holes To Hide It’s essential that CISOs hunt out security holes, whether unintentionally created by a careless coder or deliberately created by a cyberthief. The word “hunt” is critical because today’s enterprise—with its hybrid...

read more
SANS Institute Top 25 Software Errors

SANS Institute Top 25 Software Errors

The SANS Institute has designed thousands of programs for security professionals around the world. The organization brings together seasoned security practitioners to provide information security practices along with security certification. Besides the...

read more
CERT Compliance: Provide Security For Your C Applications

CERT Compliance: Provide Security For Your C Applications

Today’s app development processes are not complete without security integration. Security standards provide safeguards for companies to secure their apps and software from cybersecurity threats. NIST, OWASP, WASC, SEI CERT C and J, CWE, and BIZEC are part of...

read more