Application Security

Code Review and Pentest, What they are and when to use them

It is still common in the market to find companies with some doubts when it comes to safe development. For example, what are the differences between code review and pentest. One of these doubts is related to the correct moment of some types of tests execution in the safe development process. Thinking about it, we will present some concepts and information that we hope will clarify these…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Continuous Application Security vs Pentest

Periodical pentest execution guarantees Application Security in Application? After all, why don’t we just execute pentest on our applications? If you have ever asked yourself this question, we brought some important considerations to reflect upon, before searching for a definite answer. We can say that nowadays the majority of business has a strong core-based on…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Different types of Pentests - Understanding White, Grey and Black Box

Do you want to better understand the different types of Pentests available on the market? In this article, we will cover each type of penetration test, and explain at what time and context they are recommended. What we need to keep in mind is that there are differences and more appropriate times for each of these tests, and they must be observed to have a better return on their…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

News

Conviso acquired Gauntlet.io

The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services spectrum in AppSec Conviso proudly announces the acquisition of Gauntlet.io Security, an application security testing company, whose technology is to complement the Continuous Application Security portfolio by Conviso. The approach for this acquisition is technical, since Gauntlet´s…
Read more

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

ekoparty 2013 - Wrap Up of 1st Day

Application Security

Governance according to SAMM: Strategy and Metrics in Application Security

Software security involves many different activities and concerns. Without a clear strategy, you may be spending a lot of effort to increase security, while in fact your efforts may be misaligned, disproportionate or even counterproductive. The goal of Strategy and Metrics (SM) practice is to create an efficient and effective plan to achieve your software security goals in your…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Security Testing - applying it to the pipeline

In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline. What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec). However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training. The Target Audience in AppSec…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development