Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Webinar

Webinar - Understanding the new PCI SSC Security Framework Software

Further to Conviso’s actions in promoting the AppSec community, on June 30th we held another free Webinar on our YouTube channel, this time with the theme “Understanding the new PCI SSC Security Framework Software”.  The idea was to clarify the most frequent doubts of the public about the new PCI SSC Software Security Framework directly with who best understands about the…
Read more

Webinar: How to manage a Security Application Program

Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec). However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training. The Target Audience in AppSec…
Read more

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Conviso and N-Stalker join forces in application security

Application SecurityOWASP SAMM

Governance according to SAMM: Policies and Conformities in Application Security

In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.  Before we go into practice about implementation, we will understand the difference between policies and standards: Policies: Policies are…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

Security Requirements - ASVS

ASVS Requirements in Application Security Do you want to understand more about what they are and what ASVS requirements do? In the scenario of application development, the term Security Requirements – ASVS is constant, but do you know exactly how to apply it? To better understand what ASVS is and what it is for, here are some basic concepts to help us build a solid path that…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

6 security tips for software development

The security for software development must take into consideration many factors such as Client’s necessity, target, and the demand for agile delivery are just some details on the routine of a development team. The care for security, for instance, is essential in modern application. Even in the case of simple mobile apps, we cannot ignore the need to work with secure development…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application SecurityInfrastructure

System Hardening, What it is and how to execute it

When we talk about System Hardening we are referring to the analysis done on systems that will host the application in search of services, default configurations, logic gates and other unnecessary things for that application. Whenever we deal with web Application Security with our customers we make it very clear that there is no web application security if it is not supported by a well…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

Is your software supply chain secure?

When we think of a supply chain, a company in the industrial area and its factory receiving its raw materials soon comes to mind. This thought is not incorrect, but we must remember that the term “supply chain” refers to the delivery of inputs for the production of some good or service. The supply chain in software production is often neglected precisely because of this vision, an…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application SecurityInfrastructure

At last, what is Security Architecture?

In general, when we think about what is Security Architecture the term Security Architecture has different meanings and everything will depend on the context in which the term is placed. The question of defining the term is so relevant to understanding that Gartner has reserved an entire article to describe his view of Safe Architecture. And for Gartner, the term means: “In…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker