Spring Boot provides the tools, features, and dependencies needed to build Spring-based apps quickly and easily. For this reason, it has become a popular choice for creating Java web applications and microservices. As with other server-side technologies, it is critical to protect Spring Boot apps against security vulnerabilities that could be exploited in production. The Kiuwan platform helps us to identify and fix issues early in our development lifecycle, well before its time to release to production, and this support corner blog will show you how.
After scanning with the KLA, results are organized and displayed in the Kiuwan portal, along with all the details needed to fix each vulnerability. In this Spring Boot application, Kiuwan uncovered a Server-Side Request Forgery (SSRF), Cross-site Request Forgery (CSRF), and several other security vulnerabilities:
While Kiuwan SAST focuses on vulnerabilities within our app’s source code, Kiuwan’s Software Composition Analysis (SCA) identifies threats from third-party dependencies. Third-party dependencies could introduce license risk, known security CVEs and CWEs, or obsolescence issues from running out-of-date packages:
After uncovering these vulnerabilities in our Spring Boot application, Kiuwan’s Action Plans help us organize this work within our existing development lifecycle. For example, if there are just five hours within a sprint to devote to app security, Kiuwan will identify the highest priority issues we can remediate within that time frame:
Overall, Kiuwan enables us to identify, prioritize, and fix security issues before releasing our Spring Boot application into production. By shifting security left, we save time, effort, and energy, and continually improve the security of our app as part of any existing development process.