What is PCI-SSC?
After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution.
Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Further to Conviso’s actions in promoting the AppSec community, on June 30th we held another free Webinar on our YouTube channel, this time with the theme “Understanding the new PCI SSC Security Framework Software”.
The idea was to clarify the most frequent doubts of the public about the new PCI SSC Software Security Framework directly with who best understands about the…
The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec).
However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training.
The Target Audience in AppSec…
In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.
Before we go into practice about implementation, we will understand the difference between policies and standards:
Policies: Policies are…
ASVS Requirements in Application Security
Do you want to understand more about what they are and what ASVS requirements do?
In the scenario of application development, the term Security Requirements – ASVS is constant, but do you know exactly how to apply it?
To better understand what ASVS is and what it is for, here are some basic concepts to help us build a solid path that…
The security for software development must take into consideration many factors such as Client’s necessity, target, and the demand for agile delivery are just some details on the routine of a development team. The care for security, for instance, is essential in modern application.
Even in the case of simple mobile apps, we cannot ignore the need to work with secure development…
When we talk about System Hardening we are referring to the analysis done on systems that will host the application in search of services, default configurations, logic gates and other unnecessary things for that application.
Whenever we deal with web Application Security with our customers we make it very clear that there is no web application security if it is not supported by a well…
When we think of a supply chain, a company in the industrial area and its factory receiving its raw materials soon comes to mind. This thought is not incorrect, but we must remember that the term “supply chain” refers to the delivery of inputs for the production of some good or service.
The supply chain in software production is often neglected precisely because of this vision, an…
In general, when we think about what is Security Architecture the term Security Architecture has different meanings and everything will depend on the context in which the term is placed.
The question of defining the term is so relevant to understanding that Gartner has reserved an entire article to describe his view of Safe Architecture. And for Gartner, the term means:
“In…
