Fork me on GitHub

Test and Verification -> Static depth for applications: Static analysis for all components/libraries

Risk and Opportunity

Risk: Used components like libraries and legacy applications might have vulnerabilities
Opportunity: Usage of a static analysis for all used components.

Additional Information

Dependencies: Static analysis for important client side components, Static analysis for important server side components

Usefulness and Requirements of this Activity

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017