It is still common in the market to find companies with some doubts when it comes to safe development. For example, what are the differences between code review and pentest.
One of these doubts is related to the correct moment of some types of tests execution in the safe development process.
Thinking about it, we will present some concepts and information that we hope will clarify these…
Here at Conviso we are always talking with our customers about the Vulnerability Management process, and we emphasize that this structure is extremely important when we talk about software security.
However, we still find many managers and development professionals who understand vulnerability management as simply running a tool that will scan for vulnerabilities.
Vulnerability Management…
When we started developing the platform which is the AppSec Flow today, our intentions were always to transform this in a central point where our clients could gather in one place not only data but also important information about their projects, auxiliating in our Secure Development Process.
Nowadays we can, through Appsec Flow, gather in one platform all services that allow our clients to…
Software failures are a constant for developers. To a lesser extent, they can only represent minor problems in running a system. In more severe cases, a bug or vulnerability could lead to exposure of user data and private company information.
These problems cause billionaire losses annually. But they are not just caused by the security risks that a malfunctioning system has. They are also the…
Every 3 years we expect a new report generated by OWASP showing which vulnerabilities are most present on the Internet based on data from previous years.
Two things are almost certain.
The first is that to identify the 10 vulnerabilities we will have some very debatable points, as there is always a good discussion about which vulnerabilities should be added or removed.
Second is that…
During the development process it is showed the importance of having this service and integration tools so the process can flow in the most secure way.
It is not different when we want our clients to go through the most secure development process, and one concern is the process of integration and the quantity of information generated by these tools.
Many data, various tools
One…
When we talk to customers about maintaining or even setting a standard for both testing and requirements setting, for example, we inevitably have the impression that we are talking about something new and difficult.
After a while we realize that it is really something a little harder to implement when the company has multiple teams, many developers and a structure that works…
At CONVISO we aim at quality and coding security.
For this we look for better practices to complete all of our services with great effort.
Therefore we defend that good testing, not only code review but also intrusion test, for instance, must have a direct participation of an expert analyst having a deep understand.
This thought sometimes is misunderstood by clients and by the…
It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services.
Thinking on this matter, we have published some articles explaining differences and when to use some of these…