Application Security

Incremental Code Review: Is it worth to outsource?

Incremental Code Review x Internal Code Review Tests When having the first contact with our clients or even companies interested in our services there is always an intriguing question: Which is better, hire a consulting company or make internal tests? This is one of the most challenging questions we try to answer when it pops up. In this post, we will attempt to clarify the…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityInfrastructure

API Security in Application Security

Do you want to have a better understanding of the importance of API Security in Application Security? To understand how API Security affects risk exposure to your application is important to know the way if is connected to the internet as well as on other resources in development. Although it brings risks, APIs are fundamental to improve the application, and we all know that. To…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityOWASP SAMM

Governance according to SAMM: Policies and Conformities in Application Security

In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.  Before we go into practice about implementation, we will understand the difference between policies and standards: Policies: Policies are…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development

Application SecurityInfrastructure

At last, what is Security Architecture?

In general, when we think about what is Security Architecture the term Security Architecture has different meanings and everything will depend on the context in which the term is placed. The question of defining the term is so relevant to understanding that Gartner has reserved an entire article to describe his view of Safe Architecture. And for Gartner, the term means: “In…
Read more

Phishing scam using Conviso's name: don't fall for it!

Webinar: PIX and the Secure Development