Application Security

Governance according to SAMM: Strategy and Metrics in Application Security

Software security involves many different activities and concerns. Without a clear strategy, you may be spending a lot of effort to increase security, while in fact your efforts may be misaligned, disproportionate or even counterproductive. The goal of Strategy and Metrics (SM) practice is to create an efficient and effective plan to achieve your software security goals in your…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

AppSec Failure: Authentication Breach

It is increasingly common to see that companies are projecting their solutions to web applications, transforming their business to be more digital and showing the importance of what is no longer a trend to become a market requirement. This is a great leap forward for everyone to have access to services and products that would often be difficult to find outside the Internet. However, we…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityWebinar

Webinar: How to manage a Security Application Program

Continuing the Conviso’s project to foster the AppSec community, on April 30th we held our ninth Webinar, this time with the theme “How to Manage an Application Security Program”. To enrich the chat with our CEO, Wagner Elias, we invited the Rodrigo Jorge CISO at Neoway Business Solutions. Rodrigo and Wagner approached team building – with a focus on culture and…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

AppSec Flow: A complete DevSecOps platform

In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Security Champions must consider these elements

When talking about Security Champions, we are always careful to put our understanding related to AppSec. This care is grounded because we have some distinct understandings about the figure of the Security Champion, and this does not mean that we are right and others are wrong, just how we position this professional. We want to put here some points that we understand to be very important when we…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

The biggest challenges in AppSec

In our twelve years of experience, Conviso has been able to detect and help solve a number of application security challenges faced by our customers. That’s why we have decided to address in this article a list of those we meet very often when talking about secure development process. We are not going to deal at this time with issues such as vulnerability problems, scalability…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Better Security practices with your AWS S3

It is very difficult today to find any security professional who has not yet faced the challenge of implementing a process or even a secure structure based on cloud solutions. It is very likely that this type of solution and design is still designed to be implemented at AWS, the framework of Amazon Web Services. Also, each of these professionals has some history related to the configuration…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityOWASP SAMM

Implementing an Application Security program based on OWASP SAMM

Application security is a very broad topic and generally minimized to testing. Seeking to provide more information on the subject and approach in a structured manner, I will write a series of articles addressing all practices of the OWASP SAMM Framework. Every Monday an article will be released detailing a practice, in total there will be 16 articles, this introduction included. OWASP…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions