Need for compliance with the security requirements of their clients
In the beginning, they faced the challenge of meeting strict compliance requirements for the security of its applications to fulfill the demands of one of its clients. To achieve this, the company relied on Conviso's expertise, which conducted the necessary pentests. Over time, following the detailed results of these tests, the company also recognized the need to enhance its secure development process, and, of course, Conviso was there to support them on this journey.
Given the sensitive nature of the large volume of stored data, the organization needed a comprehensive application security program. Additionally, training their developers in application security (AppSec) emerged as a priority during this process.
Thus, it was essential to initiate a cultural shift among professionals involved in software development. This meant ensuring that security was incorporated in the early stages of the development cycle, not just in isolated and occasional tests.
In this challenging scenario, this company and Conviso joined forces not only to meet customer expectations but also to ensure an exceptional standard of security at all stages of the software development process.
Creating a culture of secure development
We began our work by conducting pentests, and the results were made available in real-time on Conviso Platform. This approach allowed the organization's team to make swift corrections, avoiding delivery delays.
Next, we implemented and strengthened the application security culture within the company through applied training and the definition of security requirements within the secure development process.
Recognizing the need to advance the security maturity of their development team, the company took a crucial step by deciding to invest in a new service: AppSec Squads.
In this model, Conviso security analysts were integrated into the daily routines of the development teams, playing an essential role in raising security awareness through the development of an AppSec program, significantly increasing the level of security maturity within the squads and their processes.
Training of professionals and defined processes
With Conviso's direct intervention in its processes, the organization significantly elevated its level of AppSec maturity. Eighteen training sessions were conducted, equipping all developers in the company, and over 200 new security requirements were implemented in the secure development process.
Furthermore, the introduction of the Security Champions program received particular praise for the difference it is making in the company's procedures. Deliverables are having a positive impact on the development team, promoting a noticeable shift in culture and commitment to following best practices in secure development. This has translated into greater visibility during decision-making and prioritizing vulnerability corrections.
Now, applications are developed on a more secure foundation as security requirements have become acceptance criteria. There has been a refinement of internal standards and processes, resulting in a notable improvement in the company's vulnerability management.
By using Conviso Platform and maintaining constant communication with Conviso's security analysts, comprehensive vulnerability management was achieved. This approach resulted in greater agility and accuracy in the implemented corrections, ensuring a safer and more reliable environment for all operations of this organization.
Cultura de Segurança:
Através da capacitação dos profissionais envolvidos no desenvolvimento, a segurança se tornou uma prioridade essencial em todas as etapas do ciclo de desenvolvimento.
Redução de custos:
A inserção da segurança nas fases iniciais do processo de desenvolvimento de software resultou em uma significativa redução dos custos associados ao retrabalho e aos testes pontuais.
Pentests mais abrangentes:
A colaboração entre a equipe da Stix e os recursos da Conviso enriqueceu os pentests, proporcionando uma compreensão mais profunda das vulnerabilidades e dos possíveis cenários de ataques e fraudes.
Melhor gestão de vulnerabilidades:
A Conviso Platform, juntamente com a comunicação com os analistas da Conviso, possibilitou uma gestão completa das vulnerabilidades, pautada no gerenciamento de riscos e de maneira contextualizada. Isso resultou em maior agilidade e precisão nas correções implementadas.