Kiuwan Code Security allows you to perform a security-focused analysis of your source code.

This analysis will be based on detection of security issues and vulnerabilities through an in-deep inspection of your source code.

Kiuwan Code Security provides a full report on security vulnerabilities, from a top view (Security Rating) to a fine-grain detailed view of vulnerabilities (and how to solve them).

Kiuwan Code Security arranges security aspects in three dashboards:

 

Let’s go through them in detail.

<<sec-1.png>

 

Summary

 

The Summary provides a comprehensive high level overview of your application security, allowing you to have a complete security dashboard of your application at your fingertips.

 Summary provides:

 

<<sec-2.png>

 

Security Rating

 

Kiuwan Security Rating is a discrete 5-star grade that tells you how secure your application is in terms of the likelihood and impact of the found vulnerabilities.

This rating concentrates all the security evidences found in the source.

<<sec-3.png>

Applications with 5 stars are considered to be secure, whereas those with 1 star are considered to be very insecure.

 

Security Vulnerabilities

 

Security vulnerabilities are grouped in a quadrant according to two major axes:

These two axes produce 4 quadrants. Kiuwan summarizes found vulnerabilities for each quadrant.

 <<sec-4.png>

In this image, you can see that Kiuwan found 271 vulnerabilities and how kiuwan distributes them in the 4 quadrants:

 

Security rating is based on following:

Based on analysis results, Kiuwan also calculates the Effort you need to invest to reach the different rating levels according to the remediation effort associated to fix each vulnerability.

 

Top 10 Vulnerabilities and Worst Files

Code Security Summary also provides a Top-10 ranking of vulnerability types and worst files.

This way, you can easily concentrate on major contributors to current security rating.

<<sec-5.png>

Any vulnerability found by Kiuwan is categorized according to its type:

 

The Top-10 Vulnerabilities By Type graphic lets you to view which ones are the most frequent in your application, showing the total number of vulnerabilities for every type.

Clicking on the vulnerability type you will be able to see associated defects (that link will forward you to Vulnerabilities page with the defects filtered by the selected type).

If you want to see which vulnerabilities are checked by Kiuwan for every type, you should go to Model Management, select your model and click on Security Rules.  

 

The Top-10 Worst Files graphic displays a ranking of worst (low-rated) files of your application, showing the security rating and the number of vulnerabilities found.

 

Timeline

The Timeline section displays a historical evolution of your Security Rating and Total Effort (to reach 5-star rating) as well as the total LOC size of your application.

This section also displays information on:

Files 

Files provides a detailed view of your application files according to security issues.

<<sec-6.png>

 

 

It provides some summary data as well as detailed info on every file of your application.

Summary data

The Summary provides a general overview of application files according to security.

<<sec-7.png>

 

 

Security Rating is the overall rating as described in Code Security Summary.

Distribution By Rating displays a histogram where you can see the distribution of files according to their security rating (1-5 stars).

Distribution By Number of Vulnerabilities displays a histogram where you can see the distribution of app files according to the number of vulnerabilities. Quantities are grouped in 5 ranges calculated based on the maximum and minimum number of vulnerabilities in the application.

 

Detailed data

 

Files table lists application files with the following information:

You can order results (in ascending or descending order) by clicking on each column name.

 

Vulnerabilities

Vulnerabilities provide a detailed view of all the application’s vulnerabilities, allowing to:

 

<<sec-8.png>

 

Summary data

Summary section displays group information on vulnerabilities:

 

Figures are also displayed for

 

 

 

<<sec-9.png>

Clicking on the sandwich menu on the top-left you can:

Please Kiuwan Code Analysis site for info on the above functionalities.

Detailed data

Along with these metrics, Vulnerability page displays a full listing of defects that you can browse, filter and order by following criteria:

 

<<sec-10.png>

 

Clicking on a vulnerability row will let you drill down to detail on security rule (from general description to the specific line of the vulnerability in a source file).