Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.
Here’s why:
The goal of your assessment is likely to understand open risks in your application with the goal of remediating or otherwise compensating for those risks. In most cases you only have a limited amount of developer time to fix security issues as they try to juggle building business value with new features. The problem is that by focusing remediation efforts on what a scanner or pen test finds, you are monopolizing precious developer time to fix the issues that technique can find rather than the risks that actually matter to your business.
SOURCE: infosecisland.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…