Evaluate the security of ONEiO service and find the risks and vulnerabilities associated with the software.
Done manually at least yearly, automatically weekly
Done by external auditor
Scope and methodology
Evaluate the application level security from the outside of the system by utilizing the same interfaces as the users of the application
Performed using a gray-box method, where the full architecture and source of the system are not completely known.
The aim of the audit is to identify security problems related to the service, of which the most common ones are according to the OWASP Top Ten list.
The assessment includes manual work of an expert for detecting characteristic vulnerabilities and logical errors in the system, in addition to using automated tools.
Comments
Please sign in to leave a comment.