Kiuwan Application Security Blog
Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.
DevSecOps Focus: On the Way to Secure Source Code
Developer’s concerns should not boil down only to digital infrastructure security. Source code security becomes a very important factor these days. A stand-alone class of tools is in place to test apps for vulnerabilities and bugs during the development process. These...
Application Security and Ransomware
Ransomware changes the landscape of security from reactive to proactive—meaning that the focus of application security is changing from pre-deployment vulnerability testing to ensuring that developers and security teams perform security checks during every stage in the software development life cycle
Maximizing Development ROI Through DevSecOps
Managing the software development lifecycle, aka SDLC, can be expensive in most organizations. Anything that slows down development ultimately boosts costs and reduces its ROI. In large part this explains the impetus to integrate security into DevOps approaches and methods.
How to Secure Remote Workers and the Data They Work With
What about remote employees who are connecting from home? Each must access company software and work with sensitive data without exposing their work product to hackers and other unwanted viewers.
Overview of CyberThreats for 2021
There’s a surprising degree of consensus as to the cyberthreats that pose the biggest and most persistent dangers.
Safely Using Third-Party Code in Your Applications
Third-party code is any code written by an external entity that a software application includes. From a parameterized include file to a robust library.
Tips for Developing Secure Financial Applications
Most financial services providers have an option that customers can use to access various services at their convenience. Unfortunately, security continues to be a cause of concern for anyone planning to enroll in mobile/online banking services.
Increasing Development Pipeline Efficiency
Software development organizations define success by providing the right products to their customers that meet quality, schedule and budgetary constraints.
It includes specification, design, development, testing, quality assurance, building and deployment. Increasing the efficiency of the development pipeline makes happier customers and generates higher profits.
Identity Management Outlook for 2021
Earlier this year saw the celebration of the first Identity Management Day to punctuate the importance of protecting cyberspace identities.
Proactive Security Scanning and Testing Pre-Empts Attacks
Best security practices dictates that avoiding trouble is faster, cheaper and easier than fixing trouble after it manifests.
Post-Pandemic Hybrid Office Models Bring New Security Concerns
As 2021 reaches its halfway point, many businesses are transitioning back toward more on-premises operations, but some analysts believe that a hybrid workforce will be the new normal. In a hybrid model, the workforce is made up of both on-premises and remote workers, with many of those workers splitting time between home and the office.
Are Some Programming Languages More Secure than Others?
Security-related bugs can turn up in any programming language, but some are more prone to issues than others. Some newer languages are designed to make such errors harder. Others have “features” that are convenient but encourage coding that’s easy to exploit.
Prestidigitation: the Heart of Social Engineering
Social engineers use many of the same techniques to create an illusion in order to gain a victim’s trust and trick the person into doing their dirty work. They are essentially magicians, with the intent to derive some direct value by deceiving victims.
The 2021 CISSP Exam and Application Security: What’s Changed?
CISSP is one of the most prestigious vendor-neutral information systems security leadership certifications. The certification is a credential that signifies its holder possesses professional experience and demonstrates a high level of knowledge across information systems security domains.
The State of Mobile App Security 2021
The ever-increasing popularity and use of smartphones dwarfs that of more conventional computing devices, such as desktop, laptops, tablets and so forth. Here are some numbers to put things in perspective: according to Statista the total number of mobile...
The Colonial Pipeline Ransomware Attack
On May 7, Colonial Pipeline had to shut down its pipelines due to a ransomware attack. Colonial is a major oil pipeline operator in the southern and eastern United States. Its pipelines extend from Texas to New Jersey and reach Louisiana, Mississippi, Alabama, Georgia, the Carolinas, Tennessee, Virginia, Maryland and Pennsylvania.
Release Announcement – June 16, 2021
We are pleased to announce the availability of the latest Kiuwan update! Released on June 16, 2021, this update includes new features and some bugfixing, described below. The Oauth2/OIDC Integration project, a new feature Nowadays, many organizations...
Facebook Scraping Incident Leaks Info for a Half-Billion Users
In early April, numerous sources disclosed discovery of a pool of Facebook records including information on more than 530 million of its users. The leaked information included users’ names, dates of birth, and phone numbers as posted to a website for...
Pandemic Legacy: Remote Work and Digital Transformation
The COVID-19 pandemic drove many companies to rapidly expand their support for remote work. This change was not simply to appease a changing workforce; it was simply to survive. When most of the workforce was suddenly told to stay home, many organizations had to...
How NIST SP 800-53 Revision 5 Affects Application Security
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce that, among other things, maintains physical science laboratories and produces guidance for assessing compliance with a wide range of standards.
Biggest Cloud Breaches of 2020
PCR’s (UK) Top 10 Biggest data breaches of 2020 PCR is a leading information source for IT resellers and distributors in the United Kingdom. It reports its top 10 based on the number of records breached in the incidents selected. They cite the Risk Based Security...
Securing Serverless Applications
Although the term says “serverless,” serverless applications don’t really run without any servers involved. Rather, serverless applications run inside cloud-based infrastructures so that developers and operators need no longer stand up and run their own servers,...
Getting Ahead of Payment Card Security Threats
Payment card attacks are nothing new. Cybercriminals have been targeting payment cards for more than a decade. However, there is a disturbing trend of cybercriminals discovering and leveraging novel ways to steal payment cards credentials during online transactions....
Beyond SolarWinds
Beyond SolarWinds: Guarding Against the Rising Threat of Supply Chain Attacks The successful attack in 2020 on the SolarWinds Orion network management software showed that indirect, or third-party, attacks on organizations of all sizes are feasible. Where...
Release Announcement — January 28, 2021
The Kiuwan team is excited to announce the availability of our latest release, with new features for both cloud and on premise customers. Kiuwan is a fast, reliable and scalable Application Security and Enterprise Software Analytics solution. Kiuwan includes several...
Secure Remote Access: Keeping Employees and the Organization Safe
In this age of lockdowns, social distancing and working from home, organizations must think carefully about how to extend their networks and services across the internet and into employees’ and contractors’ homes. This makes remote access security management both a...
6 Threats to Development Team Productivity
Productivity rates are critical to success in any industry. That is true of software products, too, that not only need to be efficiently produced but secure from cyberattacks as well. If you’re considering how to improve your software team’s productivity, then you...
Rethinking Application Security in a Post-Pandemic World
Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape. Not only did businesses have to tweak their entire operations under safety regulations, but they also had to contend with a growing list of cybersecurity...
App security quality analytics
As business management expert Peter Drucker once put it:“If you can’t measure it, you can’t improve it.” This quote feels right in place in the world of application security. Many CISOs are finally starting to give SAST tools and other approaches...
The Role of SAST in DevSecOps
Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development...
Threat Modeling’s Place in DevSecOps
Developers often pursue well-intentioned security efforts by focusing on writing secure code. But that’s just part of the puzzle. Instead of focusing only on the code, it’s just as critical to focus on the attacker. Understanding how attackers compromise controls...
Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of...
Managing Open Source Vulnerabilities in DevOps
If you use open-source code frameworks, libraries, and code components and take advantage of code-scanning technologies, sooner or later you’ll find yourself in an interesting situation: learning that a code element is subject to a known threat or vulnerability....
AppSec or Just Smart Software Development?
The source of all human knowledge (Wikipedia) describes application security as “measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.” AppSec is all about developing software that is as...
SAST and SCA: Putting the Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the...
Why SAST is Crucial for The Security of Web and Mobile Applications
Software applications are used both in homes and workplaces. Web and mobile apps are used for communication. They help businesses and individuals get updates on the latest trends and happenings. Apps are big money makers as they are easily available in app stores....
scanning-code-vulnerabilities
When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...
kiuwan assembla integration
Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...
Understanding and Managing Open-Source Risks
These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...
kiuwan high performer g2 spring 2020
We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...
Announcing the Release of Kiuwan On-Premises Distributed Version
In October 2019, we rolled out a new version of Kiuwan On-Premises to replace the outdated, monolithic version. Read on to learn what Kiuwan On-Premises is and why you should upgrade to the distributed version if you are using the old one. What is Kiuwan...
Announcing Support for Go
On February 13 we released support for a new programming language: Go (aka Golang). We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...
Programming Language Trends In 2020
High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...
Application security tools comparison
DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them. Application testing...
Application Inventory Management
How Application Inventory Management Unlocks Your App for Affordable Maintenance and Development As your application grows in complexity, it’s critical to maintain a strong understanding of its back-end functionality. A novel new way to...
Continuous integration
What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate...
The OWASP Benchmark & Kiuwan
Learn how to make your own OWASP Benchmark test with Kiuwan on our DIY Blog post. What is the OWASP Benchmark? I’m sure that most of you are familiar with OWASP (Open Web Application Security Project), or at least you have heard about their...
Owasp Benchmark Diy
DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability...