Application SecurityProduct

Vulnerability Management - SAST & DAST Tools

At CONVISO we aim at quality and coding security. For this we look for better practices to complete all of our services with great effort. Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand. This thought sometimes is misunderstood by clients and by the…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

News

Conviso acquired Gauntlet.io

The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services spectrum in AppSec Conviso proudly announces the acquisition of Gauntlet.io Security, an application security testing company, whose technology is to complement the Continuous Application Security portfolio by Conviso. The approach for this acquisition is technical, since Gauntlet´s…
Read more

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

ekoparty 2013 - Wrap Up of 1st Day

Application Security

AppSec Flow: A complete DevSecOps platform

In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec). However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training. The Target Audience in AppSec…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Continuous Application Security vs Pentest

Periodical pentest execution guarantees Application Security in Application? After all, why don’t we just execute pentest on our applications? If you have ever asked yourself this question, we brought some important considerations to reflect upon, before searching for a definite answer. We can say that nowadays the majority of business has a strong core-based on…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Security Testing - applying it to the pipeline

In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline. What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Incremental Code Review: Is it worth to outsource?

Incremental Code Review x Internal Code Review Tests When having the first contact with our clients or even companies interested in our services there is always an intriguing question: Which is better, hire a consulting company or make internal tests? This is one of the most challenging questions we try to answer when it pops up. In this post, we will attempt to clarify the…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Conviso and N-Stalker join forces in application security

Conviso Application Security, a pioneer in application security in Brazil, and N-Stalker, a company specialized in developing web application security analysis solutions, join forces and align their application security strategy by combining N-Stalker technology as a module of AppSec Flow, Conviso’s main product, presenting a more complete DevSecOps platform, aligned with market demands…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions