Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Big Data & Data Analytics in AppSec

Business data are undoubtedly key points to any company’s growth. Therefore it makes more sense when we talk about Big Data and AppSec Data analytics.  Similarly, it makes sense to use data to understand and improve the way we protect these assets. Therefore, we are seeing a growing search for the use of this data to identify potential failures. After all, these vulnerabilities could…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Different types of Pentests - Understanding White, Grey and Black Box

Do you want to better understand the different types of Pentests available on the market? In this article, we will cover each type of penetration test, and explain at what time and context they are recommended. What we need to keep in mind is that there are differences and more appropriate times for each of these tests, and they must be observed to have a better return on their…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Secure Code Review - know the different types

Do you know the difference between Secure Code Review e SAST as well as when to use them? This topic was split into two parts, in the first article, we have spoken about automated tools, explaining what is the right moment and what is the best way to put them into practice. Now, in this second article, the approach is on the tools related to the Secure Code Review from the Owasp Code Review…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Code Review & SAST - What's the Difference

After all, what is the difference between Secure Code Review and SAST? This is the first of two articles, where the approach is on why these two testshave constantly debates and discussion on their differences. In this first article, we will start by talking about automated analysis tools then we move on to Secure Code Review tools. The objective here is to present in a broad…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Lack of Professionals in AppSec

In the past years, not only the AppSec area but also all the IT area has suffered from exponential growth which increases the demand and also the lack of specialized professionals in AppSec. We are nearing the end of another year, and as every year we begin to take stock of what happened in this one to project what we want in the next. In companies this is no different, everyone starts to…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Privilege Escalation: how it can affect Application Security

Want to better understand what Privilege Escalation is and how it can affect application security? The Privilege Escalation vulnerability is known to occur when the operating system or application becomes vulnerable, thereby allowing a user to use another user’s privileges to access that system. But to really understand what happens in this scenario, we need to understand how…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Buffer Overflow - how it affects application security

Do you want to know what is Buffer Overflow and how it affects the Application Security? When talking about application security, one of the first vulnerabilities the developer knows about is also one of the oldest. Although Buffer Overflow has been a vulnerability in the security landscape since its inception, it is present in applications to this day. Buffer Overflow is most commonly…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityInfrastructure

API Security in Application Security

Do you want to have a better understanding of the importance of API Security in Application Security? To understand how API Security affects risk exposure to your application is important to know the way if is connected to the internet as well as on other resources in development. Although it brings risks, APIs are fundamental to improve the application, and we all know that. To…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development