Security vulnerabilities are everywhere. If nothing else, the recent hack of Equifax that compromised approximately 143 million American credit records is a signal that even our most trusted networks are vulnerable. However, security breaches are almost alway...
Number 3 on the OWASP Top 10 2017 list is Sensitive Data Exposure. The first question to ask is whether your organization even has sensitive data that needs protection against exposure. The quick answer is that, in today’s digital world, most organizations wi...
Security misconfigurations are “holes” or weaknesses within your computer applications that leave your system vulnerable to attack. These misconfigurations allow easy exploitation from threat agents from both inside and outside of your company. The good news ...
How to Resolve and Prevent XSS Cross-site scripting (XSS) occurs when an attacker injects malicious script, like JavaScript, into your web browser which compromises an infected web site. When the user inputs data into the visited web site, the malicious code ...
OWASP Top 10 2017 – A2 Broken Authentication Authentication and session management includes verifying user credentials and managing their active sessions. Broken authentication and session management occurs when credentials cannot be authenticated and session...
Are you at risk of an injection attack? These types of attacks are common, primarily because they affect ubiquitous SQL databases. If a user — internal or external — supplies information through a form, you may be at risk. Insufficient input validation may al...
Pentesting is also called penetration testing or ethical hacking. A penetration test is designed to answer the question: “How effective is my current security against a skilled human attacker?” In this article, we’ll go over what it is, why it’s important to ...
Kiuwan’s latest release now includes coverage for Python. Python was conceived in the late 1980s, and its implementation began in December 1989 by Guido van Rossum. Van Rossum is Python’s principal author, and his continuing central role in deciding the direc...
DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability detection too...
Learn how to make your own OWASP Benchmark test with Kiuwan on our DIY Blog post. What is the OWASP Benchmark? I’m sure that most of you are familiar with OWASP (Open Web Application Security Project), or at least you have heard about their fam...
Reusing code is something normal in software development, but this practice makes the code less maintainable over time and it can introduce defects. As we write an application, very similar or identical code fragments begin to appear. These fragments are know...
Thursday, September 10, 2015 7:00 am PST (4:00 PM Central Europe) Join us to discuss the merits of static analysis and how you can leverage Kiuwan (powered by Kiuwan Software) with Dimensions CM to shift –left, and elevate your code quality to the next level....
App and software breaches can have lasting consequences. They also aren’t going anywhere. Finding vulnerabilities in your app and code early is critical. Maintaining strong security practices during and after development is essential to protecting your business.