Conviso has just released its own podcast, AppSec To Go. The goal is to further stimulate appsec debates through relaxed conversations with those who experience the theme on a daily basis. In the first episode, the interviewee was the CEO of Conviso, Wagner Elias, who told a little about the AppSec Scenario in Brazil in the last 12 years – that is, since the birth of Conviso. The content is…
In our routine at Conviso, many new customers come to us with the same problem: they have already invested time and money in a number of cyber security tools, but still feel that they do not do the job completely. In some cases, the acquired tools require a usability that differs from an efficient development process. There are also those who report difficulties in maintaining a standard of…
The amount of information and data generated during the development process, or even when testing your systems is extremely important for good management performance. The lack or difficulty on finding information is, without a doubt, a point that takes as much for the vulnerability management process as for other secure development processes, a very big burden.
It is not rare to find in…
When we talk about System Hardening we are referring to the analysis done on systems that will host the application in search of services, default configurations, logic gates and other unnecessary things for that application.
Whenever we deal with web Application Security with our customers we make it very clear that there is no web application security if it is not supported by a well…
Every 3 years we expect a new report generated by OWASP showing which vulnerabilities are most present on the Internet based on data from previous years.
Two things are almost certain.
The first is that to identify the 10 vulnerabilities we will have some very debatable points, as there is always a good discussion about which vulnerabilities should be added or removed.
Second is that…
Business data are undoubtedly key points to any company’s growth. Therefore it makes more sense when we talk about Big Data and AppSec Data analytics.
Similarly, it makes sense to use data to understand and improve the way we protect these assets.
Therefore, we are seeing a growing search for the use of this data to identify potential failures. After all, these vulnerabilities could…
Do you want to better understand the different types of Pentests available on the market?
In this article, we will cover each type of penetration test, and explain at what time and context they are recommended.
What we need to keep in mind is that there are differences and more appropriate times for each of these tests, and they must be observed to have a better return on their…
In the past years, not only the AppSec area but also all the IT area has suffered from exponential growth which increases the demand and also the lack of specialized professionals in AppSec.
We are nearing the end of another year, and as every year we begin to take stock of what happened in this one to project what we want in the next.
In companies this is no different, everyone starts to…
Digital Transformation: The Beginning
To the youngest, digital transformation may seem like a reality that has always been present.
But for those who remember the reality of business before the 2000s probably remember a very strong turning point for the business.
The thought of buying things over the Internet, check your accounts, exchanging images and music: all of this has characterized…