Peter Drucker once said, “That which is not measured, is not improved.” He’s right – what we can’t understand, we can’t improve or even know if it’s working or not.
When we apply that same thought to the secure development processes, we realize that few companies really understand what’s going on in their process. At most, they have a sense of the…
In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline.
What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
If we ask any security or development professional if they think that performing security tests on their applications and/or code is important, the answer will be unanimous, a big YES !
So why do we still have so many applications that are still delivered with so many vulnerabilities if we have the notion that we need to perform the tests?
The answer is not so simple and we can put some…
Talking about immutable infrastructure requires us to go back in time and start by explaining how they were, and in some cases still are, the infrastructures that support the vast majority of applications.
A few years ago, the entire infrastructure of an application was often shared. In other words, an application was hosted on servers that maintained not just one, but several…
A few years ago, the Conviso team realized that it needed to find a way to organize activities carried out with clients. It was necessary to put the analyses made in projects in order to centralize all the information and support a structured process of vulnerability management.
So, in 2008 we created a first version of the product that is now called AppSec Flow. It was a platform focused on…
In the current scenario, the market expects software to have an increasing speed of delivery. In order to make this possible, developers are increasingly seeking to adapt to practices such as CI/CD – such scenarios will be addressed below.
The first concept refers to Continuous Integration (CI), an attempt by the teams to create a structure that allows the creation and testing of software…
As Conviso is always thinking on building and maintaining safe systems, AppSec Flow – Conviso’s complete DevSecOps platform – is in constant improvement. And to present the latest news, we recorded a video release where our CEO, Wagner Elias, explains the product updates in detail, focusing on how each one will optimize the user’s daily life.
In this video, we present…
In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.
Before we go into practice about implementation, we will understand the difference between policies and standards:
Policies: Policies are…
The AppSec market has had a high visibility in recent years. As a consequence, we have seen the emergence of new tools and platforms that seek to bring greater control to managers.
However, we have also seen many platforms that are restructured and presented as a tool that delivers the most diverse solutions, in a generic way and without showing what basis of understanding their solutions are…