Application Security

The use of Playbooks in Vulnerability management

When we talk to customers about maintaining or even setting a standard for both testing and requirements setting, for example, we inevitably have the impression that we are talking about something new and difficult. After a while we realize that it is really something a little harder to implement when the company has multiple teams, many developers and a structure that works…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Security Testing - applying it to the pipeline

In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline. What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Is your software supply chain secure?

When we think of a supply chain, a company in the industrial area and its factory receiving its raw materials soon comes to mind. This thought is not incorrect, but we must remember that the term “supply chain” refers to the delivery of inputs for the production of some good or service. The supply chain in software production is often neglected precisely because of this vision, an…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Objectives for the development team in 2020

We came to that time of the year where everyone starts to think in their objectives and what they must achieve this year. This also happens to security professionals who start defining their objectives for the development team and how to reach them. Moreover we are listing some points considered to be important and must be inserted into the objectives list of a development team od…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Lack of Professionals in AppSec

In the past years, not only the AppSec area but also all the IT area has suffered from exponential growth which increases the demand and also the lack of specialized professionals in AppSec. We are nearing the end of another year, and as every year we begin to take stock of what happened in this one to project what we want in the next. In companies this is no different, everyone starts to…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Vulnerability Management Process, what is it?

Here at Conviso we are always talking with our customers about the Vulnerability Management process, and we emphasize that this structure is extremely important when we talk about software security. However, we still find many managers and development professionals who understand vulnerability management as simply running a tool that will scan for vulnerabilities. Vulnerability Management…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Buffer Overflow - how it affects application security

Do you want to know what is Buffer Overflow and how it affects the Application Security? When talking about application security, one of the first vulnerabilities the developer knows about is also one of the oldest. Although Buffer Overflow has been a vulnerability in the security landscape since its inception, it is present in applications to this day. Buffer Overflow is most commonly…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Continuous Application Security vs Pentest

Periodical pentest execution guarantees Application Security in Application? After all, why don’t we just execute pentest on our applications? If you have ever asked yourself this question, we brought some important considerations to reflect upon, before searching for a definite answer. We can say that nowadays the majority of business has a strong core-based on…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Vulnerability Scanning & Penetration Testing: see the difference

It is not uncommon in a conversation with clients the need to explain the difference between Vulnerability Scanning and Penetration Testing, among other services that are not executed by our analysts. This is normal, and many times expected, considering the nature of these services. Thinking on this matter, we have published some articles explaining differences and when to use some of these…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development