Kiuwan Blog

Your News Source for Application Security Testing & Related Topics. Our expert blog writers stay attuned with the code security landscape and write about the latests industry trends.

Kiuwan Code Security Blog

Continuous integration

What is continuous integration? Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate...

read more

OWASP Top 10 2017 – A10 Insufficient Logging & Monitoring

Welcome to the final article in our blog series on the OWASP Top 10 Security Vulnerabilities. In this article, we’ll take a detailed look at OWASP Top 10 2017 A10 – Insufficient Logging & Monitoring. Audit Trail Vulnerabilities: Insufficient Logging and...

read more

OWASP Top 10 2017 – A8 Insecure Deserialization

In 2017, OWASP added a new vulnerability to the Top 10 list: A8 Insecure Deserialization, in place of the previous #8 vulnerability, Cross-Site Request Forgery. According to OWASP, “Insecure deserialization often leads to remote code execution. Even if...

read more

PCI DSS: All you need to know about it

Why PCI DSS? Credit card fraud has been on the rise for the last couple of years. The Federal Trade Commission received 13 million complaints of card fraud between 2012 and 2016. Credit card fraud involves theft and fraud conducted using a payment card,...

read more

OWASP Top 10 2017 – A5 Broken Access Control

What is Access Control? Access control (authorization) determines which users can interact with what systems and resources within your company. When access control is broken, users could send unauthorized requests to your applications. Unauthorized access to system...

read more
Owasp vulnerabilities java applications

Owasp vulnerabilities java applications

Securing your web application against outside threats can seem a daunting task. Where do you start? One good approach is to start with the top 10 security issues in web applications as identified by the Open Web App Security Project (OWASP). In this...

read more
Bad guys love REST

Bad guys love REST

Many applications provide a services layer (to other applications, to a presentation layer, etc.). Or, they consume services exposed by third-parties (not necessarily trusted). A REST model is a simple, widely-used way for designing such service layers. This article...

read more
10 Common software security weaknesses

10 Common software security weaknesses

With regards to Software Security Weaknesses, hackers and burglars operate similarly. They are always looking for ways to get into secure places. For hackers, they are always looking for computers and networks to hack while burglars are always looking for houses...

read more
Cobol and RPG: Security in business-oriented languages.

Cobol and RPG: Security in business-oriented languages.

Legacy “business-oriented” languages ​​present unique challenges for software security. Unfortunately, there is a lack of awareness about the security risks of these languages. In this post, we will focus on the security vulnerabilities inherent...

read more

6 Current trends cybersecurity

Cybersecurity Trends are a pressing topic in all companies regardless of the industry. It has become more important than ever to protect data from cyber threats as cyber incidents increase. In 2018, the large number of high-profile data breaches and other security...

read more

Cwe common weakness enumeration

The Common Weakness Enumeration Initiative The Common Weakness Enumeration (CWE) is an extension of the Common Vulnerabilities and Exposures (CVE) list compiled by MITRE, a federally-funded, non-profit organization that manages research and development centers...

read more

5 Steps to Integrate SAST in Your DevSecOps Process

Static application security testing allows you to identify source code security vulnerabilities and eliminate them before the software development lifecycle is complete. An elaborate application security assurance program should use reliable security tools...

read more

6 Cybersecurity Predictions for 2019 and Beyond

Cybercrime is an ever-evolving world of constant change as cybercriminals continue to develop increasingly dangerous and sophisticated attacks. In particular, data breaches plagued dozens of well-known organizations around the world in 2018, with the single largest...

read more

4 Best practices for security testing in your sdlc

4 Best Practices for Security Testing in Your SDLC A secure development lifecycle ensures that end users of products and applications have a fulfilling experience. The only way to guarantee safe software pipelines is having security as a top priority and not an...

read more
5 Top tips to improve your devsecops practices

5 Top tips to improve your devsecops practices

DevSecOps is becoming more and more important for companies to stay afloat. There are constant attempts to crack into companies, steal information and cause disruption. Hackers are stealing for financial benefit, for strategic considerations and are often acquiring...

read more

5 Reasons why open source is good for your company

Open source software is good for your business since it allows you the freedom to modify it, so it meets all your company requirements. Aside from excellent security, the software is also cost-effective since you don’t have to worry about overpaying to use...

read more

5 Ways devsecops is changing the security lifecycle

As the DevOps approach to applications and development is rapidly expanding across businesses sectors, there’s a growing need for security. In part, the ability to speed up the development lifecycle while simultaneously breaking down silos and gluing IT infrastructure...

read more

Code analysis methods

Software tools for code analysis let developers create code which has fewer bugs and is more secure. It finds problems that are hard for human readers to spot and which produce unpredictable run-time errors. Along with dynamic tests such as unit testing, they’re a...

read more

Owasp top 10 2017 – A4 XML External Entities (XXE)

Understanding How External Entities Attack XML Files Extensible Markup Language (XML) files are plain-text files that describe data behavior as that data relates to a connected network or server application. If you open an XML file, you’ll see code describing how that...

read more
How to Implement Shift Left in DevSecOps

How to Implement Shift Left in DevSecOps

The number and sophistication of cyberattacks are increasing year after year. Now it’s the time, more than ever, to start implementing security testing within your Software Development Life Cycle. Shifting left in the SDLC empowers software teams to detect...

read more

7 Reasons Why Incorporating DevOps is Important

Not Just a Trend The efficiency of DevOps has proven the staying power of integrating development and deployment departments. It’s now more than just a trendy way of restructuring your workflow; it’s a precedent to which your clients are holding you. If...

read more

OWASP Top 10 2017 – A6 Security Misconfiguration

Security misconfigurations are “holes” or weaknesses within your computer applications that leave your system vulnerable to attack. These misconfigurations allow easy exploitation from threat agents from both inside and outside of your company. The good news is that...

read more

OWASP Top 10 2017 – A7 Cross-site Scripting (XSS)

How to Resolve and Prevent XSS Cross-site scripting (XSS) occurs when an attacker injects malicious script, like JavaScript, into your web browser which compromises an infected web site. When the user inputs data into the visited web site, the malicious code...

read more

OWASP Top 10 2017 – A2 Broken Authentication

OWASP Top 10 2017 – A2 Broken Authentication Authentication and session management includes verifying user credentials and managing their active sessions. Broken authentication and session management occurs when credentials cannot be authenticated and...

read more

OWASP Top 10 2017 – A1 Injection

Are you at risk of an injection attack? These types of attacks are common, primarily because they affect ubiquitous SQL databases. If a user — internal or external — supplies information through a form, you may be at risk. Insufficient input validation may allow...

read more

Pentesting: What it is and how it works

Pentesting is also called penetration testing or ethical hacking. A penetration test is designed to answer the question: “How effective is my current security against a skilled human attacker?” In this article, we’ll go over what it is, why it’s important to...

read more
The OWASP Benchmark & Kiuwan

The OWASP Benchmark & Kiuwan

Learn how to make your own OWASP Benchmark test with Kiuwan on our DIY Blog post. What is the OWASP Benchmark? I’m sure that most of you are familiar with OWASP (Open Web Application Security Project), or at least you have heard about their...

read more
Python Code Analysis with Kiuwan

Python Code Analysis with Kiuwan

Kiuwan’s latest release now includes coverage for Python. Python was conceived in the late 1980s, and its implementation began in December 1989 by Guido van Rossum. Van Rossum is Python’s principal author, and his continuing central role in...

read more

Owasp Benchmark Diy

DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability...

read more

Avoid duplicated code with clone detector

Reusing code is something normal in software development, but this practice makes the code less maintainable over time and it can introduce defects. As we write an application, very similar or identical code fragments begin to appear. These fragments are known as...

read more