Expert Advice Community

Guest

VA-PT testing

  Quote
Guest
Guest user Created:   Nov 25, 2021 Last commented:   Nov 25, 2021

VA-PT testing

What are the threats and loopholes hackers take advantage of even when my organization is ISO27001 certified and regular VA-PT testing is conducted ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 25, 2021

Such threats and loopholes are basically the same commonly used as references for VA-PT testing. For example, according to OWASP top 10 for web applications they are:

  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

The main difference in their use is that such threats are applied against zero-day vulnerabilities, which are vulnerabilities either unknown to the organization (i.e., it does not know they should require mitigation) or known but for which a patch has not been developed yet.

Until the zero-day vulnerabilities are mitigated, hackers can exploit them to compromise information security. For such situations, the application of control 6.1.4 Contact with special interest groups, for earlier identification of zero-day vulnerabilities, is highly recommended.

These articles will provide you with a further explanation about OWASP and special interest groups:

This material will also help you regarding OWAPS:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 25, 2021

Nov 25, 2021