Application Security

Code Review and Pentest, What they are and when to use them

It is still common in the market to find companies with some doubts when it comes to safe development. For example, what are the differences between code review and pentest. One of these doubts is related to the correct moment of some types of tests execution in the safe development process. Thinking about it, we will present some concepts and information that we hope will clarify these…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Continuous Application Security vs Pentest

Periodical pentest execution guarantees Application Security in Application? After all, why don’t we just execute pentest on our applications? If you have ever asked yourself this question, we brought some important considerations to reflect upon, before searching for a definite answer. We can say that nowadays the majority of business has a strong core-based on…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Different types of Pentests - Understanding White, Grey and Black Box

Do you want to better understand the different types of Pentests available on the market? In this article, we will cover each type of penetration test, and explain at what time and context they are recommended. What we need to keep in mind is that there are differences and more appropriate times for each of these tests, and they must be observed to have a better return on their…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

4 tips for those who want to invest in a career in Application Security

If you have become curious about the routine of an AppSec team and are considering this career, we have gathered 4 tips from Conviso specialists for those looking for a career in Application Security. 1 – Understand that AppSec goes far beyond Pentests. This tip came directly from our CEO, Wagner Elias. Application security is the name given to the process of building, launching and…
Read more

"Forgot your password?" - The problem with security questions

Why APIs can be a high risk for companies

Tech

AppSec Flow Extension for Burp Suite

That PortSwigger has fantastic products, we were already aware. One of these products is the Burp Suite: a software developed to support/assist in security tests in Web applications. Given the resources that the Burp Suite makes available to us and its purpose as a tool, it is widely used in analyzes involving HTTP (S) requests, either exclusively through Web applications, or scenarios involving…
Read more

Why APIs can be a high risk for companies

Webinar: Software Security Architecture

Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

News

Conviso acquired Gauntlet.io

The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services spectrum in AppSec Conviso proudly announces the acquisition of Gauntlet.io Security, an application security testing company, whose technology is to complement the Continuous Application Security portfolio by Conviso. The approach for this acquisition is technical, since Gauntlet´s…
Read more

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

ekoparty 2013 - Wrap Up of 1st Day

Application Security

Governance according to SAMM: Strategy and Metrics in Application Security

Software security involves many different activities and concerns. Without a clear strategy, you may be spending a lot of effort to increase security, while in fact your efforts may be misaligned, disproportionate or even counterproductive. The goal of Strategy and Metrics (SM) practice is to create an efficient and effective plan to achieve your software security goals in your…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions