Fork me on GitHub

Test and Verification -> Static depth for applications: Static analysis for all components/libraries

Risk and Opportunity

Risk: Used components like libraries and legacy applications might have vulnerabilities
Opportunity: Usage of a static analysis for all used components.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Low

Additional Information

Dependencies: Static analysis for important client side components, Static analysis for important server side components
OWASP SAMM 2 Mapping: v-security-testing|A|2
ISO27001:2017 Controls Mapping: