Software Vulnerability Assessment
Software Vulnerability Assessment Template
| Application Software that Could Present Vulnerabilities |
| Application software designed for end-users may cause massive risks to a company and can bring to breaches,
Loss of data or even loss of confidence by the costumers. There are software’s that tend to get overlooked in organizations but poses a lot of threat. |
| Application suite which includes LibreOffice, iWork, Microsoft offices: can lead to data loss. |
| Enterprise software: address organizations needs like data flow in departments, and process. |
| Enterprise infrastructure software: mostly helps in supporting organization software systems. |
| Enterprise infrastructure software may include email servers, databases, systems for managing security and network.
Softwares Poses a lot of security breaches and loss of data. |
| Application Platform as service: they act as a cloud-based application that offers deployment and development for the organization. |
| Information workers software’s like analytical software’s, resource management, personal information
systems, emails and time management. |
| Simulations software used for training purposes can also pose a risk for an organization. |
| When having the vulnerability assessment first principle is to understand the organization risks. |
| The second principle is to have the ability for the company to get reports for vulnerability from outside parties. |
| Training developers in the organization on how to write and test secure codes. |
| Ensure there are secure code practices |
| Ensuring there is error checking for all software developed in house. |
| Ensure that the organizations used up to date and trusted softwares. |
| Use extensively reviewed and standardized algorithms within the organization. |
| Separation of non-production and production softwares and systems. |
| Ensure firewalls for the web application. |
| Make sure some processes address and accept reports for software vulnerabilities. |
| Have softwares like ISO applications that help in vulnerability assessment. |
| Integrate principles for secure coding to SDLC using the appropriate software’s. |
| Frequently perform automated application security test. |
| Have SOC 2 compliance by having the principle of trust service like security, availability. |
| Add rows if needed. |
References