Application Security

Different types of Pentests - Understanding White, Grey and Black Box

Do you want to better understand the different types of Pentests available on the market? In this article, we will cover each type of penetration test, and explain at what time and context they are recommended. What we need to keep in mind is that there are differences and more appropriate times for each of these tests, and they must be observed to have a better return on their…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

AppSec Flow: A complete DevSecOps platform

In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

The importance of AppSec in Digital Transformation

Digital Transformation: The Beginning To the youngest, digital transformation may seem like a reality that has always been present. But for those who remember the reality of business before the 2000s probably remember a very strong turning point for the business. The thought of buying things over the Internet, check your accounts, exchanging images and music: all of this has characterized…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Privilege Escalation: how it can affect Application Security

Want to better understand what Privilege Escalation is and how it can affect application security? The Privilege Escalation vulnerability is known to occur when the operating system or application becomes vulnerable, thereby allowing a user to use another user’s privileges to access that system. But to really understand what happens in this scenario, we need to understand how…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Security Testing - the Essential Concepts

If we ask any security or development professional if they think that performing security tests on their applications and/or code is important, the answer will be unanimous, a big YES ! So why do we still have so many applications that are still delivered with so many vulnerabilities if we have the notion that we need to perform the tests? The answer is not so simple and we can put some…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityOWASP SAMM

Implementing an Application Security program based on OWASP SAMM

Application security is a very broad topic and generally minimized to testing. Seeking to provide more information on the subject and approach in a structured manner, I will write a series of articles addressing all practices of the OWASP SAMM Framework. Every Monday an article will be released detailing a practice, in total there will be 16 articles, this introduction included. OWASP…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Static and Dynamic tests: know the difference

Software failures are a constant for developers. To a lesser extent, they can only represent minor problems in running a system. In more severe cases, a bug or vulnerability could lead to exposure of user data and private company information. These problems cause billionaire losses annually. But they are not just caused by the security risks that a malfunctioning system has. They are also the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Secure Code Review - know the different types

Do you know the difference between Secure Code Review e SAST as well as when to use them? This topic was split into two parts, in the first article, we have spoken about automated tools, explaining what is the right moment and what is the best way to put them into practice. Now, in this second article, the approach is on the tools related to the Secure Code Review from the Owasp Code Review…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

Code Review & SAST - What's the Difference

After all, what is the difference between Secure Code Review and SAST? This is the first of two articles, where the approach is on why these two testshave constantly debates and discussion on their differences. In this first article, we will start by talking about automated analysis tools then we move on to Secure Code Review tools. The objective here is to present in a broad…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development