System Acquisition, development and maintenan Archives - Findings

Is an API available to clients?

Is an API available to clients?

Is there a formal security program established to include API security review?

Is there a formal security program established to include API security review?

Is Scoped Data encrypted in transit within the API for both request and response?

Is Scoped Data encrypted in transit within the API for both request and response?

Is data input into applications validated?

Is data input into applications validated?

Are third party tools used during the software development process also evaluated for security issues?

Are third party tools used during the software development process also evaluated for security issues?

Do you have any high or critical findings unresolved?

Do you have any high or critical findings unresolved?

Are separate environments maintained for development, testing and production including the separation of production data from non-production environments?

Are separate environments maintained for development, testing and production including the separation of production data from non-production environments?

Do you perform automatic and manual application code reviews prior to production, including where applicable, to the outsourced source code?

Do you perform automatic and manual application code reviews prior to production, including where applicable, to the outsourced source code?

Do you perform vulnerability scanning on scoped applications and web pages and remove critical findings prior to production?

Do you perform vulnerability scanning on scoped applications and web pages and remove critical findings prior to production?

Do you have a process to ensure that all debugging and test code elements are removed from released software versions?

Do you have a process to ensure that all debugging and test code elements are removed from released software versions?

1
2
3