latest intelligence
TRIAGING THE
ENTERPRISE FOR
APPLICATION SECURITY
ASSESSMENTS
C
onducting a full array
of security tests on
all applications in an
enterprise may be
infeasible due to both time and cost.
According to the Centre for Internet
Security, the purpose of application
specific and penetration testing
is to discover previously unknown
vulnerabilities and security gaps within
the enterprise.
These activities are only warranted
after an organisation attains significant
security maturity, which results in a large
backlog of systems that need testing.
When organisations finally undertake
www.intelligentciso.com
|
Issue 03
the efforts of penetration testing and
application security, it can be difficult to
choose where to begin.
Computing environments are often
filled with hundreds or thousands of
different systems to test and each test
can be long and costly. At this point in
the testing process, little information is
available about an application beyond
the computers involved, the owners,
data classification, and the extent to
which the system is exposed. With so
few variables, many systems are likely to
have equal priority. This paper suggests
a battery of technical checks that testers
can quickly perform to stratify the vast
PRESENTED BY
DOWNLOAD WHITEPAPERS AT:
WWW.INTELLIGENTCISO.COM/
WHITEPAPERS
15