Application Security

The Conviso Platform v.3.0.5 Release

With the idea of building and maintaining secure systems, Conviso Platform – the complete DevSecOps platform from Conviso – is constantly improving. In this Conviso Platform v.3.0.5 release, we will approach what’s new on our AppSec tool regarding:

  • Code review
  • The Education Module

You can also listen to the audio version of this content:

Code Review

The main feature implemented during the last cycle was the Code Review – an old request from a few of our users that we have been working on for a while now.

Now, the security analyst is able to detect an issue more easily on the code review screen, and can quickly commit to the description of the finding to make the final decision regarding the vulnerability.

The differential

In the past, Conviso Platform already had an integration with the customer’s pipeline for our analysts to carry out the code review. But back then, the analysts had access to the source-code to make the reviews without the support of automated analysis. The automated tool now allows them to make a way more advanced review.

It is a solution that connects the scale power of automated tools with the indispensable manual intelligence process – which is still so important to the customer.

The Education Module

Another novelty that we couldn’t wait to present was our Education Module – an old dream at Conviso that has finally come true.

This solution comes to help in the development of security professionals and also can help managers in a better understanding regarding the maturity level of their teams.

Once the customer has enabled the Education Module on their Conviso Platform subscription, they have access to a series of training courses – from basic to advanced levels. The training includes gamification.

The differential

AppSecFlow is a DevSecOps tool designed to support the entire AppSec program – which also includes training.

The Education Module training follows a practical and contextual model, with exercises.

A security analyst who has doubts about a vulnerability, for example, can access the training, understand what the vulnerability is, and learn, at once and effectively, how to fix it, through practical exercises.

In other words: the idea is to train professionals so that they learn not only how to correct codes,  but also how to build safe codes from scratch.

About author

Articles

Communication Analyst at Conviso. With a degree in Journalism, she has 10 years of experience as a content strategist, as well as as a content editor.
Related posts
Application Security

Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern

During a pentest engagement we found a Java application vulnerable to unsafe reflection [1]. This…
Read more
Application Security

Mitigating Vulnerabilities: Elevating Security Proficiency in Software Development

In the ever-evolving digital landscape, the significance of software security cannot be overstated.
Read more
Application Security

The Importance of Supply Chain to Application Security

When we think about software development, we usually think about complex technical concepts…
Read more

Deixe um comentário