Fork me on GitHub

Information Gathering -> Monitoring: Advanced webapplication metrics

Risk and Opportunity

Risk: People are not looking into tests results. Vulnerabilities not recolonized, even they are detected by tools.
Opportunity: All defects from the dimension Test- and Verification are instrumented.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Dependencies: Simple application metrics, Visualized metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2
ISO27001:2017 Controls Mapping: