Kiuwan for Developers
Kiuwan allows for a true shiflteft approach by integrating with all the main IDEs.
Kiuwan for Developers (K4D) is a plug-in for development IDEs that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.
It provides the following benefits:
- Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
- Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its quality models to prevent errors and automatically standardise the code.
- Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.
Kiuwan for Developers monitors and reports on the security, quality and efficiency of your code at the point that it is written. This immediate feedback provides you with the opportunity to improve your code before it is delivered.
Kiuwan for Developers can work in two different modes:
- Analyzer mode
K4D allows you to analyze you application source code directly within (and fully integrated to) your IDE. You can analyze the whole project (or just some specific files), then review the detected vulnerabilities and defects, fix them and re-analyze, without exiting from your IDE.
- Remote Viewer mode
K4D also lets you to "download" the vulnerabilities and defects stored at Kiuwan (in the last Baseline, or in a specific Delivery, or even the issues to be fixed according to a defined Action Plan). This way, you can goes directly to the issues you must fix, just double-clicking on the defects and going directly to the offending line of code.
By using both modes, you can get a comprehensive undestanding :
- the server view view of the application, and
- your local view of the defects according to the changes you are making to the source code