Application Security

AppSec Flow: A complete DevSecOps platform

In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Security Champions must consider these elements

When talking about Security Champions, we are always careful to put our understanding related to AppSec. This care is grounded because we have some distinct understandings about the figure of the Security Champion, and this does not mean that we are right and others are wrong, just how we position this professional. We want to put here some points that we understand to be very important when we…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

What PCI-DSS is and the importance of training

What is PCI-SSC? After a series of security problems and credit card information leaks in the early 2000s, several companies came together in a Council to work on a possible solution. Therefore, in 2006, the largest companies in the credit card industry came together and formed the PCI-SSC (Payment Card Industry – Security Standards Council). This is a set of security requirements and…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Secure Code Review - know the different types

Do you know the difference between Secure Code Review e SAST as well as when to use them? This topic was split into two parts, in the first article, we have spoken about automated tools, explaining what is the right moment and what is the best way to put them into practice. Now, in this second article, the approach is on the tools related to the Secure Code Review from the Owasp Code Review…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Code Review & SAST - What's the Difference

After all, what is the difference between Secure Code Review and SAST? This is the first of two articles, where the approach is on why these two testshave constantly debates and discussion on their differences. In this first article, we will start by talking about automated analysis tools then we move on to Secure Code Review tools. The objective here is to present in a broad…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Privilege Escalation: how it can affect Application Security

Want to better understand what Privilege Escalation is and how it can affect application security? The Privilege Escalation vulnerability is known to occur when the operating system or application becomes vulnerable, thereby allowing a user to use another user’s privileges to access that system. But to really understand what happens in this scenario, we need to understand how…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Application Security

Buffer Overflow - how it affects application security

Do you want to know what is Buffer Overflow and how it affects the Application Security? When talking about application security, one of the first vulnerabilities the developer knows about is also one of the oldest. Although Buffer Overflow has been a vulnerability in the security landscape since its inception, it is present in applications to this day. Buffer Overflow is most commonly…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security

Infrastructure

Explaining Remote Code Execution

Do you want to know what Remote Code Execution is and what steps to take to prevent vulnerabilities in your application? To understand how forms, query components, and even cookies can make your application vulnerable to attack, let’s first look at what server-side is and how Remote Code Execution can be an exploited vulnerability along server-side. So if you want to understand more…
Read more

How to increase the security of your container

Immutable Infrastructure in AppSec

Application SecurityInfrastructure

API Security in Application Security

Do you want to have a better understanding of the importance of API Security in Application Security? To understand how API Security affects risk exposure to your application is important to know the way if is connected to the internet as well as on other resources in development. Although it brings risks, APIs are fundamental to improve the application, and we all know that. To…
Read more

AppSec in the process of digital transformation

IAM and CI/CD security