In recent years, the use of containers to pack and deliver our applications has become increasingly present in development processes. Therefore, it is important to understand how we can guarantee the security of our containers and, consequently, of your applications. But we don’t want to take too much of your time talking again about some relevant points for this article, we suggest to…
When we think of a supply chain, a company in the industrial area and its factory receiving its raw materials soon comes to mind. This thought is not incorrect, but we must remember that the term “supply chain” refers to the delivery of inputs for the production of some good or service.
The supply chain in software production is often neglected precisely because of this vision, an…
Peter Drucker once said, “That which is not measured, is not improved.” He’s right – what we can’t understand, we can’t improve or even know if it’s working or not.
When we apply that same thought to the secure development processes, we realize that few companies really understand what’s going on in their process. At most, they have a sense of the…
In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline.
What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
If we ask any security or development professional if they think that performing security tests on their applications and/or code is important, the answer will be unanimous, a big YES !
So why do we still have so many applications that are still delivered with so many vulnerabilities if we have the notion that we need to perform the tests?
The answer is not so simple and we can put some…
Talking about immutable infrastructure requires us to go back in time and start by explaining how they were, and in some cases still are, the infrastructures that support the vast majority of applications.
A few years ago, the entire infrastructure of an application was often shared. In other words, an application was hosted on servers that maintained not just one, but several…
A few years ago, the Conviso team realized that it needed to find a way to organize activities carried out with clients. It was necessary to put the analyses made in projects in order to centralize all the information and support a structured process of vulnerability management.
So, in 2008 we created a first version of the product that is now called AppSec Flow. It was a platform focused on…
In the current scenario, the market expects software to have an increasing speed of delivery. In order to make this possible, developers are increasingly seeking to adapt to practices such as CI/CD – such scenarios will be addressed below.
The first concept refers to Continuous Integration (CI), an attempt by the teams to create a structure that allows the creation and testing of software…
As Conviso is always thinking on building and maintaining safe systems, AppSec Flow – Conviso’s complete DevSecOps platform – is in constant improvement. And to present the latest news, we recorded a video release where our CEO, Wagner Elias, explains the product updates in detail, focusing on how each one will optimize the user’s daily life.
In this video, we present…