The Role of SAST in DevSecOps

As DevSecOps continuously pushes security "to the left" in the software development process, autonomous assessment can provide assurance of security compliance from development’s earliest stages.

OpenSSF Takes a Collaborative Approach to Open Source Security

To help make open source software more secure, the Linux Foundation has announced a cross-industry collaboration with open source leaders including GitHub, Google, IBM, JP Morgan Chase, Microsoft, Red Hat, the OWASP Foundation, and others.

Introduction to Cyber Threat Intelligence

Published November 11, 2020 Simply put, threat intelligence – also known as cyber threat intelligence, or CTI – is information that is collected, analyzed, organized, and refined to provide insight, input, and advice about potential and current security threats or attacks that could pose potential or actual risks to an organization.

Understanding OWASP ASVS

Here is a brief backgrounder on the OWASP and a closer look at the ASVS with special emphasis on what it does and why it’s important for application security.

Kiuwan Shines in the Fall 2020 G2 Grid Report

We’re excited to announce that Kiuwan Code Security and Insights solutions have been recognized in the Fall 2020 G2 Grid Report for Static Code Analysis, due in large part to an overall customer satisfaction rating of 4.4 out of 5.

What Makes Firmware Vulnerabilities So Deadly?

If an attacker can foist a firmware or microcode exploit, there’s very little runtime software can do to counter (or even detect) its presence and behaviors.

8 Tips for Mobile App Security

In the first half of 2019, data breaches affected around 4.1 billion records. 3 out of 4 mobile apps leak sensitive data that expose users to fraud and identity theft.

October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. The theme for 2020, "Do Your Part," encourages individuals to take a proactive approach to improving security.

Threat Modeling’s Place in DevSecOps

Threat modeling is the process of assessing vulnerabilities in software from an attacker’s point of view. Some may consider threat modeling an artifact from the ’90s, but it fits well into current development approaches.

Release Announcement – September 23, 2020

The Kiuwan team is excited to announce the availability of our latest release, featuring extended support for JSX React, an Angular framework to check for dynamic components, and more

Putting the Principle of Least Privilege to Work for Web Apps

With an ever-increasing proportion of work on the desktop occurring in the form of web-based applications, organizations need examine how web-based apps make use of privileges and access rights.

Automation Doesn’t Fix Bad Habits

While automation can carry out tasks reliably and without much human interaction, it won’t solve most process problems.

Strategies for Managing Widely Deployed Code with Kiwuan

Automated tools can help make the process of patching, fixing, and updating part and parcel of the development, testing, and release processes.

Use the Strangler Pattern to Refactor Legacy Apps

Published August 25, 2020 Most of us who have been responsible for the care and feeding of an enterprise application have had to modify someone else’s code.

Create a Web Application Security Blueprint

The best way to secure web applications is to include security at every step along the development process, from requirements analysis, to design, testing, maintenance, and update phases.