Detect and eliminate vulnerabilities
Scan your code using a constantly-updated rule set (4K+) based on industry standards including OWASP Top 10, CWE/SANS-25, PCI-DSS, and more. Available for over 30 programming languages
Integrate with your IDE to code securely
Add Kiuwan Code Security to your IDE for instant analysis. Contextual feedback helps your developers learn to code more securely. Integrate with your CI toolchain to automate your DevSecOps process
Reduce risk from open source components
Automate discovery of open source components used by your application. Remediate exposure to risks from known vulnerabilties, obsolete versions, and licensing issues
What are the OWASP Top 10 Vulnerabilities?
The Open Web Application Security Project (OWASP) is an international non-profit organization that analyzes, documents, and spreads principles for secure web application development. Every few years, OWASP produces a “Top 10” list of critical application security risks, with the most recent version published in 2017.
To learn more about the OWASP Top 10 Most Critical Web Application Security Risks for 2017, use the links below:
Kiuwan Code Security is an OWASP testing tool, but is also much more. You can scan your code for compliance with over 4000 security rules, including CWE/SANS-25, PCI-DSS, MISRA, CERT, HIPPA, and others. Customize scanning rules to focus remediation on the security threats that matter the most to you.
What is the difference between OWASP Top 10
dependency check and a vulnerability scan?
A vulnerability scan examines your own source code
A vulnerability scan examines your application’s source code for security flaws, using a Static Application Security Testing (SAST) tool like Kiuwan Code Security.
With Kiuwan Code Security, you can:
Check your source code for compliance with over 4000 rules based on industry standards, including the OWASP Top 10, CWE/SANS-25, PCI-DSS and more. Get results in minutes.
Generate action plans to remediate vulnerabilities, based on your priorities
Perform “what if” analysis
Integrate with your IDE to build in security from the start
A dependency check examines your open-source libraries
A typical web application contains third-party code and open-source libraries that aren’t covered by SAST scanning. To identify risk from these components, you perform a dependency check using a Source Code Analysis (SCA) tool like Kiuwan Insights.
With Kiuwan Insights, you can:
Automatically generate an inventory of the open-source components in use by your application.
Check open-source components for known vulnerabilities using the National Institute of Standards and Technology (NIST) vulnerability database.
Enforce your policies regarding open source components and ensure license compliance
Get automatic obsolescence notifications.
How do you test security with OWASP ZAP?
OWASP ZAP (Zed Attack Proxy) is a free, open-source tool for penetration testing. “Pen testing” involves simulating an attack on a running application in an attempt to uncover vulnerabilities. Whether done manually or with a tool, pen testing can significantly enhance your security strategy.
There are drawbacks to relying only on pen testing. Pen testing is only as good as the pen tester and may miss vulnerabilities. In addition, pen testing requires a running application and therefore occurs relatively late in development. The cost to fix a vulnerability increases the later that it is found in the development lifecycle. In the case of pen testing, additional time is typically required to trace a security flaw back to the affected line of code.
Build security into your application from the start of the SDLC: combine Kiuwan Code Security and Kiuwan Insights for a comprehensive approach to remediating web application vulnerabilities.
Kiuwan is a leader in the OWASP testing tool benchmark
The OWASP Benchmark is a test suite designed to evaluate the coverage and accuracy of automated vulnerability detection tools. The benchmark contains thousands of test cases that are fully runnable and exploitable. It considers 11 different types of vulnerabilities, including several injection types such as XSS, weak encryption or trust boundary. For every type, the test cases have real vulnerabilities (true positives) and fake vulnerabilities (false positives) to challenge the tools.
We are up to the challenge. We have run Kiuwan on the OWASP Benchmark test cases and here you have the results. We have added them to the comparison graph published in the OWASP Benchmark website, which include open source and commercial tools. Kiuwan is right up there! Detecting almost 100% of true positives. But you don’t have to take our word for it: request a Kiuwan demo today.