Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Kiuwan provides out-of-the-box "rules" based on industry security standards, such as CWE/SANS 25, OWASP Top 10, CERT-Java/C/C++, WASC, PCI-DSS, NIST, MISRA, and BIZEC.

Visit our blog post on Security Standards in Software Development to learn more.

What is the CWE Common Weakness Enumeration?

The Common Weakness Enumeration (CWE) is an extension of the Common Vulnerabilities and Exposures (CVE) list compiled by MITRE, a federally-funded, non-profit organization that manages research and development centers supporting government agencies like Homeland Security.


Kiuwan provides full support and mapping for CWE list.

You can find further info at:

How does Kiuwan help me to comply with OWASP?

OWASP is an international non-profit organization dedicated to analyzing, documenting and spreading the principles for the safe and vulnerability-free software development.

They produce a document called OWASP Top 10. As they say: “The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code“.

You can visit our Kiuwan Blog and learn how Kiuwan can help you on assessing and fixing your security vulnerabilities according to OWAS Top Ten:


What is the OWASP Top 10 for 2017?

 For 2017, the OWASP Top 10 Most Critical Web Application Security Risks are:


You can browse Kiuwan rules by OWAS Top10 to find what Kiuwan rules complies with what OWASP security risks.


How does Kiuwan perform in the OWASP Benchmark?

The OWASP Benchmark is a test suite designed to evaluate the coverage and accuracy of automated vulnerability detection tools.

We have run Kiuwan against the OWASP Benchmark test cases and here you have the results (compared to open and commercial tools). 

Kiuwan is right up there detecting almost 100% of true positives !!


owasp comparison chart

The Benchmark contains thousands of test cases that are fully runnable and exploitable.

It considers 11 different types of vulnerabilities, including several injection types such as XSS, weak encryption or trust boundary. For every type, the test cases have real vulnerabilities (true positives) and fake vulnerabilities (false positives) to challenge the tools.

Are you interested to know more detail on OWASP Benchmark & Kiuwan? 

Please, read

Do you want to build and run by yourself the OWASP Benchmark with Kiuwan? 

Then, have a look at

How does Kiuwan help with security in Cobol, RPG and ABAP?

Kuwan Code Security includes detection rules that cover so-called "legacy" languages.

Please visit below links for further info:


  • No labels