Kiuwan Blog
Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.
DevSecOps Is a Team Contact Sport
DevSecOps is quickly becoming one of those trendy terms that everyone tries to use on social media. If you can somehow work #devsecops into a post, you’re using today’s forward-looking language. The problem is that many articles and blogs miss some of the most...
Understanding OWASP ASVS
Understanding the DevOps Approach to Code Security DevOps generally means integrating software development (dev) and information technology operations (ops) to speed the lifecycle, deliver better features, updates and fixes, and more. What’s sometimes missing from...
Cybersecurity: How Safe are Voice Assistants?
This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At...
Devsecops teams learn covid 19
What DevSecOps Teams Can Learn from COVID-19 Over the last few months, the whole world has fundamentally changed due to the emergence of a novel coronavirus, COVID-19. The highly infectious nature of the virus, its devastating impact on vulnerable individuals who...
Why is Security IoT’s Biggest Concern?
The internet of things (IoT) refers to the network capability that allows smart devices to communicate with other objects or devices. The “things” are devices such as sensors, lights, or security systems. Most IoT devices have targeted the consumer, but more devices...
Why SAST is Crucial for The Security of Web and Mobile Applications
Software applications are used both in homes and workplaces. Web and mobile apps are used for communication. They help businesses and individuals get updates on the latest trends and happenings. Apps are big money makers as they are easily available in app stores....
scanning-code-vulnerabilities
When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...
How to Teach Your Team to Make Secure, Memorable, and Unique Passwords Every Time
Network security is one of the most challenging efforts in modern technology. In the constant battle between security IT and virulent hackers, we have created some truly incredible defensive technology. But all of it is for naught if a hacker can simply slip through a...
kiuwan assembla integration
Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...
Why Companies Need to Know About the OWASP Application Security Verification Standard (ASVS)
While we’ve discussed OWASP (Open Web Application Security Project), it’s importance to the security of applications and development and the standards it sets, there are other aspects that deserve our attention. One of the primary elements of OWASP that demands such...
7 Tips on Secure Blockchain: What You Need to Know.
No matter what industry sector your business plays in, data security is critical to its survival. When it comes to security and blockchain: what you need to know is not always readily apparent. We understand that you want security solutions and you want them fast. So...
8 Tips on Keeping Safe When Buying Online
It’s not a surprise to hear that, especially in our current state, e-commerce is booming. It is even thought that by 2040, 95% of all purchases will be done online. Although buying online has become more commonplace, many are still unaware of the...
Understanding and Managing Open-Source Risks
These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...
Major Data breaches 2019
A Timeline of Major Data Breaches in 2019 If there’s no rest for the wicked, there seems to be also no rest for malicious cyber attackers. 2019 has had its fair share of data breaches and many of them have affected the data of millions of people. Let’s take a...
Is Cross-Site Scripting Still a Thing?
Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and...
3 Surprises About How Artificial Intelligence Affects Cybersecurity
There is certainly a lot of news these days about artificial intelligence (AI) and the impact it has on every aspect of our online lives. It seems like every developer is trying to enhance an application, platform, or tool with machine learning capabilities. It’s...
kiuwan high performer g2 spring 2020
We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...
Owasp top 10 mobile
OWASP Top 10 for Mobile: All You Need to Know It’s not surprising to hear that with 45% of the world’s population owning a smartphone, attacks on mobile devices are on the rise. Every CISO or employee in cybersecurity has at least once heard of...
Announcing the Release of Kiuwan On-Premises Distributed Version
In October 2019, we rolled out a new version of Kiuwan On-Premises to replace the outdated, monolithic version. Read on to learn what Kiuwan On-Premises is and why you should upgrade to the distributed version if you are using the old one. What is Kiuwan...
Ransomware-prevention-common-attacks
According to Verizon’s 2019 Data Breach Report, there were 500 reported cases of ransomware incidents in 2019. Most were delivered via email. Office documents were the most common attachments at 45%, although .zip and .rar archives were being used to bypass...
Using Threat Intelligence to Boost Your Organization’s Security Posture
These days, hardly a day goes by without some news about cybersecurity threats. Credit card information gets stolen. Social Security databases get hacked. Customer data breaches occur, exposing private personal information. Ransomware shuts down businesses, hospitals,...
10 Twitter accounts to follow
10 AppSec Twitter Accounts to Follow Application security is rapidly growing in importance for businesses. Not only has security become front-of-mind for almost every company on the planet, but the ever-more agile pace of development cycles has increased the need for...
The Benefits of a DevSecOps Approach to the SDLC
As IT security frictions grow and increased regulation consistently looms on the horizon, businesses need a change. Traditional security practices simply don’t work in today’s rapid development environment. To keep pace with competitors, you have to push out apps...
Kiuwan Local Analyzer or IDE Plug-In: What’s the Difference?
Kiuwan provides SAST and SCA solutions that use an on-premise standalone Java application for the scanning of source code, then sends the results file to the Kiuwan cloud for augmentation and additional analysis. This Java scanner is called...
Announcing Support for Go
On February 13 we released support for a new programming language: Go (aka Golang). We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...
Programming Language Trends In 2020
High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...
Application security tools comparison
DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them. Application testing...
On premises goes hybrid
Food for Thought: On-premises Goes Hybrid Using application security testing (AST) tools has many benefits; for example increasing the speed, efficiency and coverage paths for testing applications. However, there are many reasons why individuals may feel insecure when...
End support tls
Announcement: End of Support for TLS 1.0 and 1.1. On March 1st Kiuwan will disable support for TLS 1.0 and 1.1. Why? Only 3% of our systems traffic uses TLS 1.0., so we have decided to disable support for it from March 2020 onwards. What is TLS? As...
The Cyberthief’s New Best Friend: Web Apps
Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from...
Why Hackers Attack – The Motives Behind Attackers
Hacking has been going on for decades, so it is unsurprising that with a society as technological as ours, more and more companies and private people are experiencing attacks. Hacking is the primary way in which attackers try to gain access and damage...
Cybersecurity predictions 2020
Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review...
Communicating with Customers in the Event of a Breach
There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and...
WASC Compliance: Guarantee App Security
DevOps processes have incredibly hastened the app development lifecycle leading to an exponential rise of apps getting into the market. Unfortunately, cybersecurity threats have kept the pace with data breaches standing in the way of an otherwise ideal app market....
HIPAA Compliance for Secure Health Software
Developers all over the world have become keen on adopting a high level of application security, especially with the steady rise of cybersecurity threats. The shorter app development app cycle also means that you’ll need a robust security system to flash out any...
Favorite places security holes
The Favorite Places For Security Holes To Hide It’s essential that CISOs hunt out security holes, whether unintentionally created by a careless coder or deliberately created by a cyberthief. The word “hunt” is critical because today’s enterprise—with its hybrid...
SANS Institute Top 25 Software Errors
The SANS Institute has designed thousands of programs for security professionals around the world. The organization brings together seasoned security practitioners to provide information security practices along with security certification. Besides the...
CERT Compliance: Provide Security For Your C Applications
Today’s app development processes are not complete without security integration. Security standards provide safeguards for companies to secure their apps and software from cybersecurity threats. NIST, OWASP, WASC, SEI CERT C and J, CWE, and BIZEC are part of...
Guarantee iso compliance with devsecops processes
The challenge of cybersecurity continues to plague web and mobile applications. Hacking techniques are evolving as fast as technological advances. In response to such threats, the International Standardization Organization (ISO) developed the ISO 27001 framework to...
Comparison popular open source licenses
Open Source Licenses: A Comparison Of The Most Popular Types There are two major types of open-source licenses: copyleft and permissive. In this article, we’ll compare these two types of licenses, and also take a look at examples of each. Copyleft and...
Application Inventory Management
How Application Inventory Management Unlocks Your App for Affordable Maintenance and Development As your application grows in complexity, it’s critical to maintain a strong understanding of its back-end functionality. A novel new way to...
OWASP Top 10 2017 – A9 Using Components with Known Vulnerabilities
Once every few years, OWASP releases a Top 10 list, featuring the ten most significant security risks related to developing web applications. OWASP makes this information available to developers around the world, so they can design and deploy safer...
MISRA: Software Development Guidelines For The C Programming Language
MISRA C: A set of recommendations or guidelines for software development in C language developed by MISRA (The Motor Industry Software Reliability Association). C is a popular programming language due to its easy access to hardware, flexibility, and low memory...
Continuous integration
What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate...
OWASP Top 10 2017 – A10 Insufficient Logging & Monitoring
Welcome to the final article in our blog series on the OWASP Top 10 Security Vulnerabilities. In this article, we’ll take a detailed look at OWASP Top 10 2017 A10 – Insufficient Logging & Monitoring. Audit Trail Vulnerabilities: Insufficient Logging and...
OWASP Top 10 2017 – A8 Insecure Deserialization
In 2017, OWASP added a new vulnerability to the Top 10 list: A8 Insecure Deserialization, in place of the previous #8 vulnerability, Cross-Site Request Forgery. According to OWASP, “Insecure deserialization often leads to remote code execution. Even if...
PCI DSS: All you need to know about it
Why PCI DSS? Credit card fraud has been on the rise for the last couple of years. The Federal Trade Commission received 13 million complaints of card fraud between 2012 and 2016. Credit card fraud involves theft and fraud conducted using a payment card,...
OWASP Top 10 2017 – A5 Broken Access Control
What is Access Control? Access control (authorization) determines which users can interact with what systems and resources within your company. When access control is broken, users could send unauthorized requests to your applications. Unauthorized access to system...
C# OWASP Top 10: How to Discover Vulnerabilities in a C# Web Application
C# OWASP Top 10: How to Discover Vulnerabilities in a C# Web Application In this article, you’ll learn the top 10 security issues in web applications, as defined by the Open Web Application Security Project (OWASP Top 10 – 2017). For each issue, you’ll see...
Owasp vulnerabilities java applications
Securing your web application against outside threats can seem a daunting task. Where do you start? One good approach is to start with the top 10 security issues in web applications as identified by the Open Web App Security Project (OWASP). In this...