Table of Contents |
---|
Introduction
Kiuwan allows for a true shiflteft approach by integrating with all the main IDEs.
Kiuwan for Developers (K4D) is a plug-in for development IDEs that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.
It provides the following benefits:
- Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
- Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its security models and audits to enforce security standards and policies.
- Full vulnerabilities documentation – Developers have access, right on their IDEs, to the full Kiuwan vulnerabilities documentation of any of the displayed vulnerabilities listed for the specific projects. This includes code samples on how to fix them in the same language of the project.
- Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.
Kiuwan for Developers monitors and reports on the security, quality and efficiency of your code at the point that it is written. This immediate feedback provides you with the opportunity to improve your code before it is delivered.
Supported IDEs and Requeriments
Info | ||
---|---|---|
| ||
Kiuwan for Developers (K4D) has been succesfully tested in following IDEs and minimum versions:
K4D is also available for Microsoft Visual Studio (please visit Kiuwan for Developers for Microsoft Visual Studio) For others IDEs and versions, please contact Kiuwan Technical Support |
...
title | Java 8 required |
---|
...
...
...
...
...
...
...
...
...
Installation
To install Kiuwan for Developers just follow the steps below:
- Open Eclipse and, in the main menu, click on Help >> Install New Software...
- Select the Add... option and type the following values:
- Name: Kiuwan
- Location: https://www.kiuwan.com/pub/updatesite
- Pressing Ok will save this new update site and Eclipse will query our server to retrieve available features and plugins
- The Kiuwan for Developers feature will appear in the list below, check it and click on Next >
- Read and accept our Terms of Use
- Accept the certificate used to sign our product
- When the installation finishes and Eclipse asks to restart the IDE, please do so
If installation successfully completes, Kiuwan for Developers will be up and running upon restart!
Updates
Kiuwan for Developers checks automatically for updates on Eclipse startup and on a daily basis after that.
If you need to check it manually, you can do so through the standard Eclipse mechanisms, or by simply going to Window >> Preferences >> Kiuwan and pressing the Check for updates button.
Configuration
Connection Settings
Info | ||
---|---|---|
| ||
After installation, you need to configure K4D to connect to Kiuwan servers. K4D connection settings is configured at Window >> Preferences >> Kiuwan >> Connection Settings |
Fill in you User and Password of your Kiuwan Account and click Check Credentials to validate access.
In case you are using a proxy, please configure Proxy Settings.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
title | Execution modes |
---|
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
This option will open an internal browser to display Rule Information.
In case you are presented with Kiuwan Login page, please use the same credentials than used in K4D Connection Settings.
Vulnerabilities details (Source and Sink)
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Additionally, you can define filters based on Priority, Characteristic and Language.
Because your source code could be different to the source code of the analysys server, it might happens that some server defects could not match your current source code.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...