Recently, the Twitter engineering team (@TwitterEng) published an interesting library: DistributedLog, a replicated and highly efficient service to manage the logs of applications. A summary of its characteristics as found in the documenta...
Originally developed by Google, Angular has become one of the leading frameworks for web application development. Its popularity is due to the extensive capabilities it offers. However, Angular is complex, and taking full advantage of its features depends on ...
Kiuwan indicators are based on evidence. Part of that evidence —along with intrinsic code metrics— are the defects and vulnerabilities found in the source code analysis Right. What does Kiuwan consider a defect? A defect is a violation to a rule defined in th...
Databases are some of the most valuable sources of data for organizations of any type, from healthcare to online retailers. In turn, they’re also some of the highest-value targets for attackers and a trove full of personnel information, financial data, and in...
Open source software is essential to application development, particularly for the web. At the same time, it also represents a key source of application vulnerabilities. To help make open source software more secure, the Linux Foundation has announced a cross...
Most of us who have been responsible for the care and feeding of an enterprise application have had to modify someone else’s code. Whether the modification is due to a newly found bug or to enhance existing functionality, changing someone else’s code is an in...
Open-source software dramatically simplifies and speeds up the development process. However, it also carries significant risks in the form of vulnerabilities. The public nature of open-source code means that databases such as Open Source Vulnerabilities ...
Containers have emerged as a fantastic technology to deploy applications. Containers save a lot of time for system engineers dealing with infrastructure issues: servers, networks, operating systems (OS), ports, configuration, etc. If your application needs be...
In a globally connected environment where being the first to market provides an advantage that can be worth billions and persists for decades, taking the fastest route to product development is an operational necessity. For software development teams, th...
On February 13 we released support for a new programming language: Go (aka Golang). We have added 56 new security rules for Go in our default analysis model (CQM). Visit our Change Log for an explanation on how to view these rul...
High-level programming languages have gone a long way since the invention of Short Code in 1949. New languages are being created all the time, sometimes as a joke, but most times to deal with specific problems that existing ones cannot solve. Althou...
The CWE/SANS Top 25 is a list of the most dangerous common software errors that can leave your application vulnerable to bad actors. It’s put together by MITRE and the SANS Institute as part of the Common Weakness Enumeration (CWE) project. The list can help ...
App and software breaches can have lasting consequences. They also aren’t going anywhere. Finding vulnerabilities in your app and code early is critical. Maintaining strong security practices during and after development is essential to protecting your business.
