Application SecurityInfrastructure

API Security: 6 main points

Have you ever stopped and evaluated the security of your APIs? In this article the approach is on how this resource has facilitated the implementation of solutions, bringing also some risks to application security. Get to know why it is important to evaluate API security, learn the main points that must be observed to keep them safe. API Security: why thinking of it? The adoption of…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Incremental Code Review: Is it worth to outsource?

Incremental Code Review x Internal Code Review Tests When having the first contact with our clients or even companies interested in our services there is always an intriguing question: Which is better, hire a consulting company or make internal tests? This is one of the most challenging questions we try to answer when it pops up. In this post, we will attempt to clarify the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

3 Benefits of Threat Modeling

What are the benefits of Threat Modeling? To complete the idea on the post about Threat Modeling, on this post the approach is on the benefits might not be directly visualized quen applied to threat modeling. In case you have started the reading by this post perhaś it is better to start by the “Basic Concepts of Threat Modeling”. On our previous article it was explained a little on the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

What Is Threat Modeling

Contextualization Why should we think on threat modeling? Well, during the software development process, some steps must be observed so the final result is truly a secure application and is able to reach all established requisites. New policies and normatives are being created so data owners will have the guarantee that their information is secured. Privacy has become an overrated therm…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Secure Development - Security in every pipeline

Nowadays we use the term “safe coding” or even “safe design” these terms are becoming more and more common among the creators of Secure development and Application Security. However, for this to be completely true in our development processes we need to truly understand this term’s concept, and how Application Security is connected to them.An article named, “A call to arms for…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Setting up an IPSEC VPN using OpenSwan in cloud environments

This is a brief tutorial that aims to help those who are new in setting up an IPsec VPN connection with OpenSwan, hosted in cloud environments like Google Cloud and Amazon Web Services. I imagine you have an instance, lets say on Google Cloud, and want to establish an IPSec tunnel with another client outside your infrastructure. Follow this tutorial in order to learn how to easily achieve…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

RIPS Scanner v-0.54 - Local File Include (LFI)

Hi there, For those using the RIPS scanner [1] to help the analysis of vulnerabilities on PHP code, pay attention not to leave it running on your network or available to the internet, where anyone can access it.  In a very brief static code analysis of RIPS we found two “Local File Include” (LFI) vulnerabilities as listed below: 1. LFI at “rips/windows/code.php” &#8211…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityUncategorized

Worst and best practices for secure password storage

A password is meant to secure an asset against unauthorized access from an attacker. In order to prevent someone from gaining access, the password must be hard to guess, and that means that it must be strong enough to avoid guessing based attacks (like dictionaries and brute-force). Some heuristics to prevent a weak password are a combination of: numbers special characters upper and lower case…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development