Application SecurityTech

Why APIs can be a high risk for companies

When we look at the development world and its evolution in the last few years, we can say that one of the fields that had least followed the ending of barriers discourse was the one focused on API development. One of the interesting points regarding the APIs is that many developers, for not seeing the APIs as a web application, forget many of the security concepts and best practices built up to…
Read more

4 tips for those who want to invest in a career in Application Security

AppSec Flow Extension for Burp Suite

Application SecurityInfrastructure

API Security in Application Security

Do you want to have a better understanding of the importance of API Security in Application Security? To understand how API Security affects risk exposure to your application is important to know the way if is connected to the internet as well as on other resources in development. Although it brings risks, APIs are fundamental to improve the application, and we all know that. To…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityInfrastructure

API Security: 6 main points

Have you ever stopped and evaluated the security of your APIs? In this article the approach is on how this resource has facilitated the implementation of solutions, bringing also some risks to application security. Get to know why it is important to evaluate API security, learn the main points that must be observed to keep them safe. API Security: why thinking of it? The adoption of…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Objectives for the development team in 2020

We came to that time of the year where everyone starts to think in their objectives and what they must achieve this year. This also happens to security professionals who start defining their objectives for the development team and how to reach them. Moreover we are listing some points considered to be important and must be inserted into the objectives list of a development team od…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

AppSec Failure: Authentication Breach

It is increasingly common to see that companies are projecting their solutions to web applications, transforming their business to be more digital and showing the importance of what is no longer a trend to become a market requirement. This is a great leap forward for everyone to have access to services and products that would often be difficult to find outside the Internet. However, we…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Application Security Differences - web and mobile

With the market of mobile application development (the famous “mobile apps”) growing considerably, attacks on mobile applications have also started to receive more attention, as already explained in our article on the mobile security scenario in 2020. As a result, many developers and security experts are increasingly looking to learn about security within mobile applications.
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityProduct

Vulnerability Management - SAST & DAST Tools

At CONVISO we aim at quality and coding security. For this we look for better practices to complete all of our services with great effort. Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand. This thought sometimes is misunderstood by clients and by the…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec). However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training. The Target Audience in AppSec…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

How vulnerability management works in AppSec Flow

A few years ago, the Conviso team realized that it needed to find a way to organize activities carried out with clients. It was necessary to put the analyses made in projects in order to centralize all the information and support a structured process of vulnerability management. So, in 2008 we created a first version of the product that is now called AppSec Flow. It was a platform focused on…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions