Application Security

Objectives for the development team in 2020

We came to that time of the year where everyone starts to think in their objectives and what they must achieve this year. This also happens to security professionals who start defining their objectives for the development team and how to reach them. Moreover we are listing some points considered to be important and must be inserted into the objectives list of a development team od…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Code Review and Pentest, What they are and when to use them

It is still common in the market to find companies with some doubts when it comes to safe development. For example, what are the differences between code review and pentest. One of these doubts is related to the correct moment of some types of tests execution in the safe development process. Thinking about it, we will present some concepts and information that we hope will clarify these…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Vulnerability Management Process, what is it?

Here at Conviso we are always talking with our customers about the Vulnerability Management process, and we emphasize that this structure is extremely important when we talk about software security. However, we still find many managers and development professionals who understand vulnerability management as simply running a tool that will scan for vulnerabilities. Vulnerability Management…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityProduct

Managing the Secure Development Process

When we started developing the platform which is the AppSec Flow today, our intentions were always to transform this in a central point where our clients could gather in one place not only data but also important information about their projects, auxiliating in our Secure Development Process. Nowadays we can, through Appsec Flow, gather in one platform all services that allow our clients to…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Static and Dynamic tests: know the difference

Software failures are a constant for developers. To a lesser extent, they can only represent minor problems in running a system. In more severe cases, a bug or vulnerability could lead to exposure of user data and private company information. These problems cause billionaire losses annually. But they are not just caused by the security risks that a malfunctioning system has. They are also the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

SQL Injections are like digital cockroaches

Every 3 years we expect a new report generated by OWASP showing which vulnerabilities are most present on the Internet based on data from previous years. Two things are almost certain. The first is that to identify the 10 vulnerabilities we will have some very debatable points, as there is always a good discussion about which vulnerabilities should be added or removed. Second is that…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityProduct

Integration with Jira and GitHub, a unified vision of vulnerabilities

During the development process it is showed the importance of having this service and integration tools so the process can flow in the most secure way. It is not different when we want our clients to go through the most secure development process, and one concern is the process of integration and the quantity of information generated by these tools. Many data, various tools One…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

The use of Playbooks in Vulnerability management

When we talk to customers about maintaining or even setting a standard for both testing and requirements setting, for example, we inevitably have the impression that we are talking about something new and difficult. After a while we realize that it is really something a little harder to implement when the company has multiple teams, many developers and a structure that works…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityProduct

Vulnerability Management - SAST & DAST Tools

At CONVISO we aim at quality and coding security. For this we look for better practices to complete all of our services with great effort. Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand. This thought sometimes is misunderstood by clients and by the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development