SB.18.004 Automated Application Vulnerability Scanning

Medium

System Owner

v2.0 (Q1 2024)

Vulnerability Management

The (web-)application is subject to automated vulnerability scanning at least once per quarter.

Scanning occurs authenticated as much as possible.

Specification

Use authenticated scanning. Report findings with a ratings such as Low/Medium/High to help prioritize.

Use a special account and systems for performing security checks that can easily be distinguished in the monitoring.

ISO 27001 & 27002:2022

A5.7,
A8.7,
A8.8

SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)

SM.07 Threat en Vulnerability Management