Here at Conviso we are always talking with our customers about the Vulnerability Management process, and we emphasize that this structure is extremely important when we talk about software security.
However, we still find many managers and development professionals who understand vulnerability management as simply running a tool that will scan for vulnerabilities.
Vulnerability Management…
The amount of information and data generated during the development process, or even when testing your systems is extremely important for good management performance. The lack or difficulty on finding information is, without a doubt, a point that takes as much for the vulnerability management process as for other secure development processes, a very big burden.
It is not rare to find in…
A few years ago, the Conviso team realized that it needed to find a way to organize activities carried out with clients. It was necessary to put the analyses made in projects in order to centralize all the information and support a structured process of vulnerability management.
So, in 2008 we created a first version of the product that is now called AppSec Flow. It was a platform focused on…
Every 3 years we expect a new report generated by OWASP showing which vulnerabilities are most present on the Internet based on data from previous years.
Two things are almost certain.
The first is that to identify the 10 vulnerabilities we will have some very debatable points, as there is always a good discussion about which vulnerabilities should be added or removed.
Second is that…
It is increasingly common to see that companies are projecting their solutions to web applications, transforming their business to be more digital and showing the importance of what is no longer a trend to become a market requirement.
This is a great leap forward for everyone to have access to services and products that would often be difficult to find outside the Internet. However, we…
In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
During the development process it is showed the importance of having this service and integration tools so the process can flow in the most secure way.
It is not different when we want our clients to go through the most secure development process, and one concern is the process of integration and the quantity of information generated by these tools.
Many data, various tools
One…
At CONVISO we aim at quality and coding security.
For this we look for better practices to complete all of our services with great effort.
Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand.
This thought sometimes is misunderstood by clients and by the…
In our twelve years of experience, Conviso has been able to detect and help solve a number of application security challenges faced by our customers. That’s why we have decided to address in this article a list of those we meet very often when talking about secure development process.
We are not going to deal at this time with issues such as vulnerability problems, scalability…
