WIP: More to do, but can be merged as-is

parent edb63a25
......@@ -12,6 +12,12 @@ Any relationships within multi-tiered applications found during the scoping phas
# Policy
1. Below where the term "assessed" is used, it refers to the item passing through the following tools:
* Nessus
* OpenVas
* Burp Suite
* OWASP Zap
1. Web applications are subject to security assessments based on the following criteria:
* New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.
* Third Party or Acquired Web Application – will be subject to full assessment after which it will be bound to policy requirements.
......@@ -29,12 +35,6 @@ Any relationships within multi-tiered applications found during the scoping phas
* Quick – A quick assessment will consist of a (typically) automated scan of an application for the OWASP Top Ten web application security risks at a minimum.
* Targeted – A targeted assessment is performed to verify vulnerability remediation changes or new application functionality.
1. The current approved web application security assessment tools in use which will be used for testing are:
* Nessus
* OpenVas
* Burp Suite
* OWASP Zap
# Policy Compliance
1. Compliance Measurement
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment