In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
When talking about Security Champions, we are always careful to put our understanding related to AppSec. This care is grounded because we have some distinct understandings about the figure of the Security Champion, and this does not mean that we are right and others are wrong, just how we position this professional.
We want to put here some points that we understand to be very important when we…
In our twelve years of experience, Conviso has been able to detect and help solve a number of application security challenges faced by our customers. That’s why we have decided to address in this article a list of those we meet very often when talking about secure development process.
We are not going to deal at this time with issues such as vulnerability problems, scalability…
It is very difficult today to find any security professional who has not yet faced the challenge of implementing a process or even a secure structure based on cloud solutions.
It is very likely that this type of solution and design is still designed to be implemented at AWS, the framework of Amazon Web Services.
Also, each of these professionals has some history related to the configuration…
Application security is a very broad topic and generally minimized to testing. Seeking to provide more information on the subject and approach in a structured manner, I will write a series of articles addressing all practices of the OWASP SAMM Framework. Every Monday an article will be released detailing a practice, in total there will be 16 articles, this introduction included.
OWASP…
What is PCI-SSC?
After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution.
Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
The amount of information and data generated during the development process, or even when testing your systems is extremely important for good management performance. The lack or difficulty on finding information is, without a doubt, a point that takes as much for the vulnerability management process as for other secure development processes, a very big burden.
It is not rare to find in…
According to a survey conducted by FGV (a Brazilian institution) in 2019, today there are 235 million smartphones in Brazil. And if we count digital devices, in general, we reach the number of 420 million. The penetration power of mobile devices in people’s lives is unquestionable. But how is the mobile security scenario in 2020?
Nowadays Smartphones represent 56% of Brazilians’…
The security for software development must take into consideration many factors such as Client’s necessity, target, and the demand for agile delivery are just some details on the routine of a development team. The care for security, for instance, is essential in modern application.
Even in the case of simple mobile apps, we cannot ignore the need to work with secure development…