Application SecurityInfrastructure

Immutable Infrastructure in AppSec

Talking about immutable infrastructure requires us to go back in time and start by explaining how they were, and in some cases still are, the infrastructures that support the vast majority of applications. A few years ago, the entire infrastructure of an application was often shared. In other words, an application was hosted on servers that maintained not just one, but several…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

How vulnerability management works in AppSec Flow

A few years ago, the Conviso team realized that it needed to find a way to organize activities carried out with clients. It was necessary to put the analyses made in projects in order to centralize all the information and support a structured process of vulnerability management. So, in 2008 we created a first version of the product that is now called AppSec Flow. It was a platform focused on…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Security in your CI/CD pipeline

In the current scenario, the market expects software to have an increasing speed of delivery. In order to make this possible, developers are increasingly seeking to adapt to practices such as CI/CD – such scenarios will be addressed below. The first concept refers to Continuous Integration (CI), an attempt by the teams to create a structure that allows the creation and testing of software…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

AppSec Flow Release- v 3.0.2

As Conviso is always thinking on building and maintaining safe systems, AppSec Flow – Conviso’s complete DevSecOps platform – is in constant improvement. And to present the latest news, we recorded a video release where our CEO, Wagner Elias, explains the product updates in detail, focusing on how each one will optimize the user’s daily life. In this video, we present…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application SecurityOWASP SAMM

Governance according to SAMM: Policies and Conformities in Application Security

In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.  Before we go into practice about implementation, we will understand the difference between policies and standards: Policies: Policies are…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Structuring Governance with AppSec Flow

The AppSec market has had a high visibility in recent years. As a consequence, we have seen the emergence of new tools and platforms that seek to bring greater control to managers. However, we have also seen many platforms that are restructured and presented as a tool that delivers the most diverse solutions, in a generic way and without showing what basis of understanding their solutions are…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Governance according to SAMM: Strategy and Metrics in Application Security

Software security involves many different activities and concerns. Without a clear strategy, you may be spending a lot of effort to increase security, while in fact your efforts may be misaligned, disproportionate or even counterproductive. The goal of Strategy and Metrics (SM) practice is to create an efficient and effective plan to achieve your software security goals in your…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

AppSec Failure: Authentication Breach

It is increasingly common to see that companies are projecting their solutions to web applications, transforming their business to be more digital and showing the importance of what is no longer a trend to become a market requirement. This is a great leap forward for everyone to have access to services and products that would often be difficult to find outside the Internet. However, we…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application SecurityWebinar

Webinar: How to manage a Security Application Program

Continuing the Conviso’s project to foster the AppSec community, on April 30th we held our ninth Webinar, this time with the theme “How to Manage an Application Security Program”. To enrich the chat with our CEO, Wagner Elias, we invited the Rodrigo Jorge CISO at Neoway Business Solutions. Rodrigo and Wagner approached team building – with a focus on culture and…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security