Application security is a very broad topic and generally minimized to testing. Seeking to provide more information on the subject and approach in a structured manner, I will write a series of articles addressing all practices of the OWASP SAMM Framework. Every Monday an article will be released detailing a practice, in total there will be 16 articles, this introduction included.
OWASP…
What is PCI-SSC?
After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution.
Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
The amount of information and data generated during the development process, or even when testing your systems is extremely important for good management performance. The lack or difficulty on finding information is, without a doubt, a point that takes as much for the vulnerability management process as for other secure development processes, a very big burden.
It is not rare to find in…
According to a survey conducted by FGV (a Brazilian institution) in 2019, today there are 235 million smartphones in Brazil. And if we count digital devices, in general, we reach the number of 420 million. The penetration power of mobile devices in people’s lives is unquestionable. But how is the mobile security scenario in 2020?
Nowadays Smartphones represent 56% of Brazilians’…
The security for software development must take into consideration many factors such as Client’s necessity, target, and the demand for agile delivery are just some details on the routine of a development team. The care for security, for instance, is essential in modern application.
Even in the case of simple mobile apps, we cannot ignore the need to work with secure development…
Application Security and software is simply one of the most important steps in planning for development. After all, the level of reliability is what will determine its success, and this will be reflected in the number of active users in the application, for example. And there’s no way to talk about security without mentioning OWASP.
The collaboration of IT professionals is essential to…
When we talk about System Hardening we are referring to the analysis done on systems that will host the application in search of services, default configurations, logic gates and other unnecessary things for that application.
Whenever we deal with web Application Security with our customers we make it very clear that there is no web application security if it is not supported by a well…
Recently we had the disclosure of some more data made available by Statista that shows that our country was the most affected by attacks on web applications in 2019.
Certainly, this type of data leads us to question the security of our web applications and try to understand why we still have so many applications being made available with already well-known…
Vulnerabilities are the result of human error. Many don’t like it, but most web application security issues are the result of errors during the coding process.
Therefore, if we think more clearly, the best approach to creating secure software is to do everything possible to avoid errors in the development process.
When we talk about training on the most common mistakes made by…