Application Security

Vulnerability Management Process, what is it?

Here at Conviso we are always talking with our customers about the Vulnerability Management process, and we emphasize that this structure is extremely important when we talk about software security. However, we still find many managers and development professionals who understand vulnerability management as simply running a tool that will scan for vulnerabilities. Vulnerability Management…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application SecurityProduct

Managing the Secure Development Process

When we started developing the platform which is the AppSec Flow today, our intentions were always to transform this in a central point where our clients could gather in one place not only data but also important information about their projects, auxiliating in our Secure Development Process. Nowadays we can, through Appsec Flow, gather in one platform all services that allow our clients to…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

Static and Dynamic tests: know the difference

Software failures are a constant for developers. To a lesser extent, they can only represent minor problems in running a system. In more severe cases, a bug or vulnerability could lead to exposure of user data and private company information. These problems cause billionaire losses annually. But they are not just caused by the security risks that a malfunctioning system has. They are also the…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

SQL Injections are like digital cockroaches

Every 3 years we expect a new report generated by OWASP showing which vulnerabilities are most present on the Internet based on data from previous years. Two things are almost certain. The first is that to identify the 10 vulnerabilities we will have some very debatable points, as there is always a good discussion about which vulnerabilities should be added or removed. Second is that…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application SecurityProduct

Integration with Jira and GitHub, a unified vision of vulnerabilities

During the development process it is showed the importance of having this service and integration tools so the process can flow in the most secure way. It is not different when we want our clients to go through the most secure development process, and one concern is the process of integration and the quantity of information generated by these tools. Many data, various tools One…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

The use of Playbooks in Vulnerability management

When we talk to customers about maintaining or even setting a standard for both testing and requirements setting, for example, we inevitably have the impression that we are talking about something new and difficult. After a while we realize that it is really something a little harder to implement when the company has multiple teams, many developers and a structure that works…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application SecurityProduct

Vulnerability Management - SAST & DAST Tools

At CONVISO we aim at quality and coding security. For this we look for better practices to complete all of our services with great effort. Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand. This thought sometimes is misunderstood by clients and by the…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Application Security

Big Data & Data Analytics in AppSec

Business data are undoubtedly key points to any company’s growth. Therefore it makes more sense when we talk about Big Data and AppSec Data analytics.  Similarly, it makes sense to use data to understand and improve the way we protect these assets. Therefore, we are seeing a growing search for the use of this data to identify potential failures. After all, these vulnerabilities could…
Read more

Which topics should an AppSec Training Contemplate?

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker