Software tools for code analysis let developers create code which has fewer bugs and is more secure. It finds problems that are hard for human readers to spot and which produce unpredictable run-time errors. Along with dynamic tests such as unit testing, they...
Understanding How External Entities Attack XML Files Extensible Markup Language (XML) files are plain-text files that describe data behavior as that data relates to a connected network or server application. If you open an XML file, you’ll see code describing...
The number and sophistication of cyberattacks are increasing year after year. Now it’s the time, more than ever, to start implementing security testing within your Software Development Life Cycle. Shifting left in the SDLC empowers software teams to detect op...
Not Just a Trend The efficiency of DevOps has proven the staying power of integrating development and deployment departments. It’s now more than just a trendy way of restructuring your workflow; it’s a precedent to which your clients are holding you. If you’r...
Number 3 on the OWASP Top 10 2017 list is Sensitive Data Exposure. The first question to ask is whether your organization even has sensitive data that needs protection against exposure. The quick answer is that, in today’s digital world, most organizations wi...
Security misconfigurations are “holes” or weaknesses within your computer applications that leave your system vulnerable to attack. These misconfigurations allow easy exploitation from threat agents from both inside and outside of your company. The good news ...
How to Resolve and Prevent XSS Cross-site scripting (XSS) occurs when an attacker injects malicious script, like JavaScript, into your web browser which compromises an infected web site. When the user inputs data into the visited web site, the malicious code ...
OWASP Top 10 2017 – A2 Broken Authentication Authentication and session management includes verifying user credentials and managing their active sessions. Broken authentication and session management occurs when credentials cannot be authenticated and session...
Are you at risk of an injection attack? These types of attacks are common, primarily because they affect ubiquitous SQL databases. If a user — internal or external — supplies information through a form, you may be at risk. Insufficient input validation may al...
Pentesting is also called penetration testing or ethical hacking. A penetration test is designed to answer the question: “How effective is my current security against a skilled human attacker?” In this article, we’ll go over what it is, why it’s important to ...
Kiuwan’s latest release now includes coverage for Python. Python was conceived in the late 1980s, and its implementation began in December 1989 by Guido van Rossum. Van Rossum is Python’s principal author, and his continuing central role in deciding the direc...
DIY: Generate OWASP Benchmark Results for Kiuwan Code Security The OWASP Benchmark for Security Automation (OWASP benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability detection too...
