View Source

Kiuwan for Developers (K4D) for MS Visual Studio is a Visual Studio extension that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.

It provides the following benefits:

Security Vulnerabilities Management- Kiuwan for Developers allows developers to access and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc., found by Kiuwan scans, right on their development IDEs.
Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its security models and audits to enforce security standards and policies.
Full vulnerabilities documentation – Developers have access, right on their IDEs, to the full Kiuwan vulnerabilities documentation of any of the displayed vulnerabilities listed for the specific projects. This includes code samples on how to fix them in the same language of the project.

K4D is supported in VisualStudio 2015 and 2017

Installation

First, you need to configure the Kiuwan Gallery to download K4D for VS from Kiuwan.

In Visual Studio, go to Tools >> Options

Open Environment >> Extension and Updates and Add a new one with URL: https://www.kiuwan.com/pub/vsgallery/atom.xml

After Apply and OK, got to Tools >> Extensions and Updates..

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_03.PNG

Select Online >> Kiuwan Gallery

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_04.PNG

Click Download. Next, you need to close VS to K4D to be installed.

Click Modify and K4D is downloaded and installed.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_08.PNG

Configuration

After installation, you need to configure K4D to connect to Kiuwan. Please, remember that you need to have a valid Kiuwan Account.

Go to Tools >> Options and select Kiuwan for Visual Studio >> Connection properties

In case you are using a proxy, please configure Proxy Settings.

Please, Check credentials before apply changes.

Mapping your VS Project to Kiuwan Application

After K4D is installed, you are ready to map your VS project to a Kiuwan application.

This action will allow synchronizing defects and vulnerabilities found by Kiuwan to your source code, being ready to work on fixing the issues.

To map your VS project to Kiuwan, right-click on your project and select Kiuwan Project Properties.

A dialog will open with a combo of available applications where you can select the application that matches your project in the Kiuwan account.

Kiuwan Defects List

Once mapped, you can open Kiuwan Defects List by selecting View >> Other Windows >> Kiuwan Defects Window

You can also open Kiuwan Defects List by clicking on Kiuwan icon kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-2-14 12:32:9.png at Solution Explorer toolbar

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-2-14 12:34:46.png

Kiuwan Defect List window will appear dockes to your VS layout. Double-clicking on a defect will open the file and select the line of the defect.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_14.PNG

In case the selected defect is a injection vulnerability, you can see the Propagation Path at the Properties tab

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > propagation-path-defect.png

Right-clicking on a defect will let you mark the defects as Reviewed.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-2-14 13:24:18.png

Also, right-clicking on the defect and selecting Rule information will open the documentation of the Kiuwan rule that detected the selected defect.

To get access to Rule information, please use same credentials as those configured in Connection Properties.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-2-14 13:26:15.png

Refreshing Defects List

To be sure you are working on the last list of defects found by Kiuwan, you need to manually refresh the defect list.

Clicking on icon will update Kiuwan Defects List to the latest contents of Kiuwan servers.

Configuring the Contents of Defects List

Clicking on kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-1-30 16:17:14.png icon will allow to configure the Contents of Kiuwan Defects List.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_15.PNG

Configuring the Filters of Defects List

Clicking on kiuwan > Kiuwan for Developers for Microsoft Visual Studio > image2018-1-30 16:18:45.png icon will allow to configure Filters on Kiuwan Defect List.

kiuwan > Kiuwan for Developers for Microsoft Visual Studio > VS_16.PNG

Support and Troubleshooting

If you experience problems with the Kiuwan extension for Visual Studio, you can read Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us.

Visit Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.