|
Security Policy 1. Overview Web application vulnerabilities account for the largest portion of attack vectors outside of malware. It is crucial that any web application be assessed for vulnerabilities and any vulnerabilities by remediated prior to production deployment. 2. Purpose The purpose of this policy is to define web application security assessments within Akkula Group. Web application assessments are performed to identify potential or realized weaknesses as a result of inadvertent mis-configuration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of Akkula Group services available both internally and externally as well as satisfy compliance with any relevant policies in place. 3. Scope This policy covers all web application security assessments requested by any individual, group or department for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at Akkula Group.
All web application security assessments will be performed by delegated security personnel either employed or contracted by Akkula Group. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of Akkula Group is strictly prohibited unless approved by the Chief Information Officer. Any relationships within multi-tiered applications found during the scoping phase will be included in the assessment unless explicitly limited. Limitations and subsequent justification will be documented prior to the start of the assessment. |
