Kiuwan Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan Code Security Blog
DevSecOps Is a Team Contact Sport

DevSecOps Is a Team Contact Sport

DevSecOps is quickly becoming one of those trendy terms that everyone tries to use on social media. If you can somehow work #devsecops into a post, you’re using today’s forward-looking language. The problem is that many articles and blogs miss some of the most...

read more
Understanding OWASP ASVS

Understanding OWASP ASVS

Understanding the DevOps Approach to Code Security DevOps generally means integrating software development (dev) and information technology operations (ops) to speed the lifecycle, deliver better features, updates and fixes, and more. What’s sometimes missing from...

read more
Cybersecurity: How Safe are Voice Assistants?

Cybersecurity: How Safe are Voice Assistants?

This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At...

read more
Devsecops teams learn covid 19

Devsecops teams learn covid 19

What DevSecOps Teams Can Learn from COVID-19 Over the last few months, the whole world has fundamentally changed due to the emergence of a novel coronavirus, COVID-19. The highly infectious nature of the virus, its devastating impact on vulnerable individuals who...

read more
Why is Security IoT’s Biggest Concern?

Why is Security IoT’s Biggest Concern?

The internet of things (IoT) refers to the network capability that allows smart devices to communicate with other objects or devices. The “things” are devices such as sensors, lights, or security systems. Most IoT devices have targeted the consumer, but more devices...

read more
scanning-code-vulnerabilities

scanning-code-vulnerabilities

When it comes to analyzing code bases for security purposes, developers and their managers face some interesting choices. Application security testing can occur on demand, with scanning tools that check for vulnerabilities and recommend remediation or mitigation...

read more
kiuwan assembla integration

kiuwan assembla integration

Automatically Scan your Assembla Repository with Kiuwan Code Security Kiuwan can now be fully integrated within the Assembla software development platform! Make your securely stored code in the Assembla repository even more secure with the help of Kiuwan’s...

read more
7 Tips on Secure Blockchain: What You Need to Know.

7 Tips on Secure Blockchain: What You Need to Know.

No matter what industry sector your business plays in, data security is critical to its survival. When it comes to security and blockchain: what you need to know is not always readily apparent. We understand that you want security solutions and you want them fast. So...

read more
8 Tips on Keeping Safe When Buying Online

8 Tips on Keeping Safe When Buying Online

It’s not a surprise to hear that, especially in our current state, e-commerce is booming. It is even thought that by 2040, 95% of all purchases will be done online. Although buying online has become more commonplace, many are still unaware of the...

read more
Understanding and Managing Open-Source Risks

Understanding and Managing Open-Source Risks

These days, the tendency is to treat software development as a semi-custom build job. Some parts are prefabricated and come from other sources. The rest is custom-built, in-house or under contract, to provide specific functionality or to capture and enshrine key...

read more
Major Data breaches 2019

Major Data breaches 2019

A Timeline of Major Data Breaches in 2019 If there’s no rest for the wicked, there seems to be also no rest for malicious cyber attackers. 2019 has had its fair share of data breaches and many of them have affected the data of millions of people.  Let’s take a...

read more
Is Cross-Site Scripting Still a Thing?

Is Cross-Site Scripting Still a Thing?

Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and...

read more
kiuwan high performer g2 spring 2020

kiuwan high performer g2 spring 2020

We’re excited to announce that Kiuwan Code Security and Insights have been identified as High Performer in the Spring 2020 G2 Grid Report for Static Application Security Testing and Static Code Analysis, with an average customer...

read more
Owasp top 10 mobile

Owasp top 10 mobile

OWASP Top 10 for Mobile: All You Need to Know It’s not surprising to hear that with 45% of the world’s population owning a smartphone, attacks on mobile devices are on the rise. Every CISO or employee in cybersecurity has at least once heard of...

read more
Ransomware-prevention-common-attacks

Ransomware-prevention-common-attacks

According to Verizon’s 2019 Data Breach Report, there were 500 reported cases of ransomware incidents in 2019. Most were delivered via email. Office documents were the most common attachments at 45%, although .zip and .rar archives were being used to bypass...

read more
10 Twitter accounts to follow

10 Twitter accounts to follow

10 AppSec Twitter Accounts to Follow Application security is rapidly growing in importance for businesses. Not only has security become front-of-mind for almost every company on the planet, but the ever-more agile pace of development cycles has increased the need for...

read more

The Benefits of a DevSecOps Approach to the SDLC

As IT security frictions grow and increased regulation consistently looms on the horizon, businesses need a change. Traditional security practices simply don’t work in today’s rapid development environment. To keep pace with competitors, you have to push out apps...

read more
Announcing Support for Go

Announcing Support for Go

On February 13 we released support for a new programming language: Go (aka Golang).  We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rules. ...

read more
Programming Language Trends In 2020

Programming Language Trends In 2020

High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Although nearly...

read more
Application security tools comparison

Application security tools comparison

DAST, SAST, IAST and SCA: Which security technology is best for me? With the variety of application security testing (AST) tools out there, you might be wondering which one should you use to secure your code — or whether you need all of them.  Application testing...

read more
On premises goes hybrid

On premises goes hybrid

Food for Thought: On-premises Goes Hybrid Using application security testing (AST) tools has many benefits; for example increasing the speed, efficiency and coverage paths for testing applications. However, there are many reasons why individuals may feel insecure when...

read more
End support tls

End support tls

Announcement: End of Support for TLS 1.0 and 1.1. On March 1st Kiuwan will disable support for TLS 1.0 and 1.1. Why? Only 3% of our systems traffic uses TLS 1.0., so we have decided to disable support for it from March 2020 onwards. What is TLS?  As...

read more
The Cyberthief’s New Best Friend: Web Apps

The Cyberthief’s New Best Friend: Web Apps

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from...

read more
Why Hackers Attack – The Motives Behind Attackers

Why Hackers Attack – The Motives Behind Attackers

Hacking has been going on for decades, so it is unsurprising that with a society as technological as ours, more and more companies and private people are experiencing attacks. Hacking is the primary way in which attackers try to gain access and damage...

read more

Cybersecurity predictions 2020

Just like New Year’s resolutions, a lot of people make predictions — but not everyone follows up on them. Last year, we looked into the 2019 crystal ball and tried to predict the trends concerning cybersecurity for that year. Now that it’s 2020, let’s review...

read more
Communicating with Customers in the Event of a Breach

Communicating with Customers in the Event of a Breach

There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and...

read more
WASC Compliance: Guarantee App Security

WASC Compliance: Guarantee App Security

DevOps processes have incredibly hastened the app development lifecycle leading to an exponential rise of apps getting into the market. Unfortunately, cybersecurity threats have kept the pace with data breaches standing in the way of an otherwise ideal app market....

read more
HIPAA Compliance for Secure Health Software

HIPAA Compliance for Secure Health Software

Developers all over the world have become keen on adopting a high level of application security, especially with the steady rise of cybersecurity threats. The shorter app development app cycle also means that you’ll need a robust security system to flash out any...

read more
Favorite places security holes

Favorite places security holes

The Favorite Places For Security Holes To Hide It’s essential that CISOs hunt out security holes, whether unintentionally created by a careless coder or deliberately created by a cyberthief. The word “hunt” is critical because today’s enterprise—with its hybrid...

read more
SANS Institute Top 25 Software Errors

SANS Institute Top 25 Software Errors

The SANS Institute has designed thousands of programs for security professionals around the world. The organization brings together seasoned security practitioners to provide information security practices along with security certification. Besides the...

read more
CERT Compliance: Provide Security For Your C Applications

CERT Compliance: Provide Security For Your C Applications

Today’s app development processes are not complete without security integration. Security standards provide safeguards for companies to secure their apps and software from cybersecurity threats. NIST, OWASP, WASC, SEI CERT C and J, CWE, and BIZEC are part of...

read more
Guarantee iso compliance with devsecops processes

Guarantee iso compliance with devsecops processes

The challenge of cybersecurity continues to plague web and mobile applications. Hacking techniques are evolving as fast as technological advances. In response to such threats, the International Standardization Organization (ISO) developed the ISO 27001 framework to...

read more

Comparison popular open source licenses

Open Source Licenses: A Comparison Of The Most Popular Types There are two major types of open-source licenses: copyleft and permissive. In this article, we’ll compare these two types of licenses, and also take a look at examples of each. Copyleft and...

read more

Application Inventory Management

How Application Inventory Management Unlocks Your App for Affordable Maintenance and Development As your application grows in complexity, it’s critical to maintain a strong understanding of its back-end functionality. A novel new way to...

read more

Continuous integration

What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate...

read more

OWASP Top 10 2017 – A10 Insufficient Logging & Monitoring

Welcome to the final article in our blog series on the OWASP Top 10 Security Vulnerabilities. In this article, we’ll take a detailed look at OWASP Top 10 2017 A10 – Insufficient Logging & Monitoring. Audit Trail Vulnerabilities: Insufficient Logging and...

read more

OWASP Top 10 2017 – A8 Insecure Deserialization

In 2017, OWASP added a new vulnerability to the Top 10 list: A8 Insecure Deserialization, in place of the previous #8 vulnerability, Cross-Site Request Forgery. According to OWASP, “Insecure deserialization often leads to remote code execution. Even if...

read more

PCI DSS: All you need to know about it

Why PCI DSS? Credit card fraud has been on the rise for the last couple of years. The Federal Trade Commission received 13 million complaints of card fraud between 2012 and 2016. Credit card fraud involves theft and fraud conducted using a payment card,...

read more

OWASP Top 10 2017 – A5 Broken Access Control

What is Access Control? Access control (authorization) determines which users can interact with what systems and resources within your company. When access control is broken, users could send unauthorized requests to your applications. Unauthorized access to system...

read more
Owasp vulnerabilities java applications

Owasp vulnerabilities java applications

Securing your web application against outside threats can seem a daunting task. Where do you start? One good approach is to start with the top 10 security issues in web applications as identified by the Open Web App Security Project (OWASP). In this...

read more